Author Topic: a check up (Read 738 times)

World · « **on:** March 24, 2007, 11:48:56 AM »

Logfile of HijackThis v1.99.1
Scan saved at 16:48:08, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jucheck.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\LimeWire\\LimeWire.exe
C:\\Documents and Settings\\Tristan\\My Documents\\cracker\\cracker.exe
C:\\WINDOWS\\system32\\notepad.exe
C:\\Program Files\\Windows Live Toolbar\\msn_sl.exe
C:\\Documents and Settings\\Tristan\\Desktop\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = www.miniclip.co.uk/runescape_game.html
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\system32\\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O4 - HKLM\\..\\Run: [NVMixerTray] \"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [aol] \"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Free Download Manager] C:\\Program Files\\Free Download Manager\\fdm.exe -autorun
O4 - HKCU\\..\\Run: [updateMgr] C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
O4 - Global Startup: MSOFFICE.EXE.lnk = C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/puzzlepirates/mi...pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123068450406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\\WINDOWS\\system32\\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe

guestolo · « **Reply #1 on:** March 24, 2007, 12:13:18 PM »

Looks good, if you no longer need the online BitDefender scanner installed
You should be able to uninstall it within IE
TOOLS menu

One Note: I remember you had no AV protection earlier, you chose AOL free antivirus protection
Which is powered by Kaspersky's
A great AV by the way

But as I suggest in the download link, you may not want to have the IE security toolbar installed
You chose to install it, If you don't need it, you may choose to just uninstall the AOL security toolbar
But Leave the AntiVirus software installed

Also, I see this running in your processes
C:\\Documents and Settings\\Tristan\\My Documents\\cracker\\cracker.exe

Do you know what it's related too?

guestolo · « **Reply #2 on:** March 24, 2007, 12:14:37 PM »

Edited above post, can you relook at it please

World · « **Reply #3 on:** March 24, 2007, 12:16:42 PM »

Quote

Also, I see this running in your processes
C:\\\\Documents and Settings\\\\Tristan\\\\My Documents\\\\cracker\\\\cracker.exe

Its something ive been working on

guestolo · « **Reply #4 on:** March 24, 2007, 12:17:40 PM »

[quote name=\'i pure i\' post=\'305538\' date=\'Mar 24 2007, 10:16 AM\']Its something ive been working on[/quote]

Ok, I thought it looked suspicious

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

World · « **Reply #5 on:** March 24, 2007, 12:18:27 PM »

suspicious of what?

guestolo · « **Reply #6 on:** March 24, 2007, 12:19:01 PM »

Just joking around i pure i

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

World · « **Reply #7 on:** March 24, 2007, 12:50:59 PM »

Oo dam, i think there might be a trojan on my comp :S i looked for vb6 on google and this came up,

guestolo · « **Reply #8 on:** March 24, 2007, 02:29:12 PM »

Did you allow your virus scanner to delete the file, if not, allow it
Clear your temp files

Can I see a new log please
Download [color=\"#2E8B57\"]ComboScan[/color] to your Desktop.

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
The scan may take a couple of minutes. When the scan is complete, a text file will open - ComboScan.txt

Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the next logs in your following reply:

Comboscan.txt
Supplementary.txt[/b]
Note: By default, both logs are saved too F***C:\ComboScan folder

You may need more than one reply to post all the info, please do so if required

World · « **Reply #9 on:** March 24, 2007, 03:04:54 PM »

Hmm wierd, i cant find the Supplementary.txt only the comboscan.txt

ComboScan v20070306.20 run by Tristan on 2007-03-24 at 20:03:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Tristan.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:03:10, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jucheck.exe
C:\\Program Files\\LimeWire\\LimeWire.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Windows Live Toolbar\\msn_sl.exe
C:\\Documents and Settings\\Tristan\\Desktop\\comboscan.exe
C:\\DOCUME~1\\Tristan\\Desktop\\Tristan.exe

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = www.miniclip.co.uk/runescape_game.html
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\system32\\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O4 - HKLM\\..\\Run: [NVMixerTray] \"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [aol] \"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Free Download Manager] C:\\Program Files\\Free Download Manager\\fdm.exe -autorun
O4 - HKCU\\..\\Run: [updateMgr] C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
O4 - Global Startup: MSOFFICE.EXE.lnk = C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/puzzlepirates/mi...pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123068450406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\\WINDOWS\\system32\\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe

-- Files created between 2007-02-24 and 2007-03-24 -----------------------------

2007-03-23 20:00:54 2045416 --a------ C:\\WINDOWS\\system32\\codevb.dll
2007-03-23 19:59:11 150528 --a------ C:\\WINDOWS\\system32\\tlbinf32.dll
2007-03-23 19:20:08 118784 --a------ C:\\WINDOWS\\system32\\MSSTDFMT.DLL
2007-03-23 19:20:07 0 d-------- C:\\Program Files\\SpywareBlaster<SPYWAR~1>
2007-03-23 17:29:07 111227 --a------ C:\\WINDOWS\\system32\\drivers\\dump_wmimmc.sys<DUMP_W~1.SYS>
2007-03-18 19:13:26 0 d-------- C:\\Program Files\\AlisPasswordCracker<ALISPA~1>
2007-03-18 17:32:29 84 --a------ C:\\Documents and Settings\\Tristan\\sfdb_ou.dat
2007-03-18 08:36:52 0 d-------- C:\\mrs
2007-03-17 13:59:38 0 d-------- C:\\Documents and Settings\\Ashley\\.jagex_cache_32<JAGEX_~1>
2007-03-11 06:58:00 0 d-------- C:\\Program Files\\AOL
2007-03-11 06:57:59 26656 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox2.dat
2007-03-11 06:57:59 3250720 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox.dat
2007-03-11 06:50:48 0 d-------- C:\\Program Files\\AOL Security Toolbar<AOLSEC~1>
2007-03-10 18:04:12 0 d-------- C:\\Documents and Settings\\Tristan\\DoctorWeb<DOCTOR~1>
2007-03-10 16:35:48 106 --a------ C:\\delete.bat
2007-03-10 15:35:00 0 d-------- C:\\SDFix
2007-03-10 07:59:53 0 d-------- C:\\WINDOWS\\system32\\ActiveScan<ACTIVE~1>
2007-03-09 18:43:30 0 d-------- C:\\HJT
2007-03-09 18:24:37 3584 --a------ C:\\WINDOWS\\system32\\Copy (2) of riched32.dll<COPY(2~1.DLL>
2007-03-09 18:24:35 3584 --a------ C:\\WINDOWS\\system32\\Copy of riched32.dll<COPYOF~2.DLL>
2007-03-09 18:24:11 431616 --a------ C:\\WINDOWS\\system32\\Copy of riched20.dll<COPYOF~1.DLL>
2007-03-09 14:38:54 0 d-------- C:\\Program Files\\Project1
2007-03-09 14:38:44 286720 -----n--- C:\\WINDOWS\\Setup1.exe
2007-03-09 14:38:42 73216 --a------ C:\\WINDOWS\\ST6UNST.EXE
2007-03-09 14:26:44 0 d-------- C:\\WINDOWS\\system32\\Package
2007-03-09 14:22:29 0 d-------- C:\\WINDOWS\\system32\\User controls<USERCO~1>
2007-03-09 14:20:06 0 d-------- C:\\WINDOWS\\User controls<USERCO~1>
2007-03-09 14:16:30 0 d-------- C:\\WINDOWS\\system32\\disk1
2007-03-04 20:25:36 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\InstallShield<INSTAL~1>
2007-03-03 11:57:50 0 d--hs---- C:\\found.002
2007-03-03 11:41:00 0 d--h----- C:\\Documents and Settings\\Ashley\\Application Data\\ijji
2007-03-02 18:36:35 0 d--h----- C:\\Documents and Settings\\Tristan\\Application Data\\ijji
2007-02-25 09:01:04 0 d--hs---- C:\\found.001

-- Find3M Report ---------------------------------------------------------------

2007-03-24 12:52:19 0 d-------- C:\\Program Files\\SwiftSwitch<SWIFTS~1>
2007-03-18 17:32:13 2699 --a------ C:\\WINDOWS\\extend.dat
2007-03-10 08:25:43 0 d-------- C:\\Program Files\\iTunes
2007-03-10 08:25:38 0 d-------- C:\\Program Files\\Messenger<MESSEN~1>
2007-03-10 08:25:25 0 d-------- C:\\Program Files\\Google
2007-03-10 08:25:20 0 d-------- C:\\Program Files\\Windows Live Toolbar<WI81E8~1>
2007-03-10 08:24:35 0 d-------- C:\\Program Files\\MSN Messenger<MSNMES~1>
2007-03-10 08:23:41 0 d-------- C:\\Program Files\\LimeWire
2007-03-04 20:25:40 0 d--h----- C:\\Program Files\\InstallShield Installation Information<INSTAL~1>
2007-03-02 20:38:58 0 d-------- C:\\Program Files\\RuanEngine<RUANEN~1>
2007-03-02 20:38:22 0 d-------- C:\\Program Files\\AC Tool<ACTOOL~1>
2007-02-06 06:09:19 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\AdobeUM

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run]
\"CTFMON.EXE\"=\"C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe\"
\"swg\"=\"C:\\\\Program Files\\\\Google\\\\GoogleToolbarNotifier\\\\1.2.1128.5462\\\\GoogleToolbarNotifier.exe\"
\"Free Download Manager\"=\"C:\\\\Program Files\\\\Free Download Manager\\\\fdm.exe -autorun\"
\"updateMgr\"=\"C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\AdobeUpdateManager.exe AcRdB7_0_0\"
\"msnmsgr\"=\"\\\"C:\\\\Program Files\\\\MSN Messenger\\\\msnmsgr.exe\\\" /background\"
\"MSMSGS\"=\"\\\"C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\\" /background\"

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run]
\"NVMixerTray\"=\"\\\"C:\\\\Program Files\\\\NVIDIA Corporation\\\\NvMixer\\\\NVMixerTray.exe\\\"\"
\"NvCplDaemon\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvCpl.dll,NvStartup\"
\"nwiz\"=\"nwiz.exe /install\"
\"NvMediaCenter\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvMcTray.dll,NvTaskbarInit\"
\"ATIPTA\"=\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI Control Panel\\\\atiptaxx.exe\"
\"ATICCC\"=\"\\\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI.ACE\\\\cli.exe\\\" runtime\"
\"iTunesHelper\"=\"\\\"C:\\\\Program Files\\\\iTunes\\\\iTunesHelper.exe\\\"\"
\"SunJavaUpdateSched\"=\"\\\"C:\\\\Program Files\\\\Java\\\\jre1.5.0_10\\\\bin\\\\jusched.exe\\\"\"
\"aol\"=\"\\\"C:\\\\Program Files\\\\AOL\\\\Active Virus Shield\\\\avp.exe\\\"\"


[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\securityproviders]
\"SecurityProviders\"=\"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll\"

[HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost]
HTTPFilter   REG_MULTI_SZ    HTTPFilter\\
LocalService   REG_MULTI_SZ    Alerter\WebClient\LmHosts\RemoteRegistry\upnphost\SSDPSRV\\
NetworkService   REG_MULTI_SZ    DnsCache\\
DcomLaunch   REG_MULTI_SZ    DcomLaunch\TermService\\
rpcss   REG_MULTI_SZ    RpcSs\\
imgsvc   REG_MULTI_SZ    StiSvc\\
termsvcs   REG_MULTI_SZ    TermService\\
Usnsvc   REG_MULTI_SZ    usnsvc\\

-- End of ComboScan: finished at 2007-03-24 at 20:03:36 ------------------------

World · « **Reply #10 on:** March 25, 2007, 05:06:32 AM »

Wait, ignore the one above, think i did wrong here\'s a new one still cant find supplarmary.txt

ComboScan v20070306.20 run by Tristan on 2007-03-25 at 11:04:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Tristan.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:04:29, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jucheck.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\LimeWire\\LimeWire.exe
C:\\Documents and Settings\\Tristan\\Desktop\\comboscan.exe
C:\\DOCUME~1\\Tristan\\Desktop\\Tristan.exe

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = www.miniclip.co.uk/runescape_game.html
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\system32\\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O4 - HKLM\\..\\Run: [NVMixerTray] \"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [aol] \"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Free Download Manager] C:\\Program Files\\Free Download Manager\\fdm.exe -autorun
O4 - HKCU\\..\\Run: [updateMgr] C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
O4 - Global Startup: MSOFFICE.EXE.lnk = C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/puzzlepirates/mi...pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123068450406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\\WINDOWS\\system32\\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe

-- Files created between 2007-02-25 and 2007-03-25 -----------------------------

2007-03-23 21:00:54 2045416 --a------ C:\\WINDOWS\\system32\\codevb.dll
2007-03-23 20:59:11 150528 --a------ C:\\WINDOWS\\system32\\tlbinf32.dll
2007-03-23 20:20:08 118784 --a------ C:\\WINDOWS\\system32\\MSSTDFMT.DLL
2007-03-23 20:20:07 0 d-------- C:\\Program Files\\SpywareBlaster<SPYWAR~1>
2007-03-23 18:29:07 111227 --a------ C:\\WINDOWS\\system32\\drivers\\dump_wmimmc.sys<DUMP_W~1.SYS>
2007-03-18 20:13:26 0 d-------- C:\\Program Files\\AlisPasswordCracker<ALISPA~1>
2007-03-18 18:32:29 84 --a------ C:\\Documents and Settings\\Tristan\\sfdb_ou.dat
2007-03-18 09:36:52 0 d-------- C:\\mrs
2007-03-17 14:59:38 0 d-------- C:\\Documents and Settings\\Ashley\\.jagex_cache_32<JAGEX_~1>
2007-03-11 07:58:00 0 d-------- C:\\Program Files\\AOL
2007-03-11 07:57:59 29984 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox2.dat
2007-03-11 07:57:59 3250720 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox.dat
2007-03-11 07:50:48 0 d-------- C:\\Program Files\\AOL Security Toolbar<AOLSEC~1>
2007-03-10 19:04:12 0 d-------- C:\\Documents and Settings\\Tristan\\DoctorWeb<DOCTOR~1>
2007-03-10 17:35:48 106 --a------ C:\\delete.bat
2007-03-10 16:35:00 0 d-------- C:\\SDFix
2007-03-10 08:59:53 0 d-------- C:\\WINDOWS\\system32\\ActiveScan<ACTIVE~1>
2007-03-09 19:43:30 0 d-------- C:\\HJT
2007-03-09 19:24:37 3584 --a------ C:\\WINDOWS\\system32\\Copy (2) of riched32.dll<COPY(2~1.DLL>
2007-03-09 19:24:35 3584 --a------ C:\\WINDOWS\\system32\\Copy of riched32.dll<COPYOF~2.DLL>
2007-03-09 19:24:11 431616 --a------ C:\\WINDOWS\\system32\\Copy of riched20.dll<COPYOF~1.DLL>
2007-03-09 15:38:54 0 d-------- C:\\Program Files\\Project1
2007-03-09 15:38:44 286720 -----n--- C:\\WINDOWS\\Setup1.exe
2007-03-09 15:38:42 73216 --a------ C:\\WINDOWS\\ST6UNST.EXE
2007-03-09 15:26:44 0 d-------- C:\\WINDOWS\\system32\\Package
2007-03-09 15:22:29 0 d-------- C:\\WINDOWS\\system32\\User controls<USERCO~1>
2007-03-09 15:20:06 0 d-------- C:\\WINDOWS\\User controls<USERCO~1>
2007-03-09 15:16:30 0 d-------- C:\\WINDOWS\\system32\\disk1
2007-03-04 21:25:36 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\InstallShield<INSTAL~1>
2007-03-03 12:57:50 0 d--hs---- C:\\found.002
2007-03-03 12:41:00 0 d--h----- C:\\Documents and Settings\\Ashley\\Application Data\\ijji
2007-03-02 19:36:35 0 d--h----- C:\\Documents and Settings\\Tristan\\Application Data\\ijji
2007-02-25 10:01:04 0 d--hs---- C:\\found.001

-- Find3M Report ---------------------------------------------------------------

2007-03-24 13:52:19 0 d-------- C:\\Program Files\\SwiftSwitch<SWIFTS~1>
2007-03-18 18:32:13 2699 --a------ C:\\WINDOWS\\extend.dat
2007-03-10 09:25:43 0 d-------- C:\\Program Files\\iTunes
2007-03-10 09:25:38 0 d-------- C:\\Program Files\\Messenger<MESSEN~1>
2007-03-10 09:25:25 0 d-------- C:\\Program Files\\Google
2007-03-10 09:25:20 0 d-------- C:\\Program Files\\Windows Live Toolbar<WI81E8~1>
2007-03-10 09:24:35 0 d-------- C:\\Program Files\\MSN Messenger<MSNMES~1>
2007-03-10 09:23:41 0 d-------- C:\\Program Files\\LimeWire
2007-03-04 21:25:40 0 d--h----- C:\\Program Files\\InstallShield Installation Information<INSTAL~1>
2007-03-02 21:38:58 0 d-------- C:\\Program Files\\RuanEngine<RUANEN~1>
2007-03-02 21:38:22 0 d-------- C:\\Program Files\\AC Tool<ACTOOL~1>
2007-02-06 07:09:19 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\AdobeUM

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run]
\"CTFMON.EXE\"=\"C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe\"
\"swg\"=\"C:\\\\Program Files\\\\Google\\\\GoogleToolbarNotifier\\\\1.2.1128.5462\\\\GoogleToolbarNotifier.exe\"
\"Free Download Manager\"=\"C:\\\\Program Files\\\\Free Download Manager\\\\fdm.exe -autorun\"
\"updateMgr\"=\"C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\AdobeUpdateManager.exe AcRdB7_0_0\"
\"msnmsgr\"=\"\\\"C:\\\\Program Files\\\\MSN Messenger\\\\msnmsgr.exe\\\" /background\"
\"MSMSGS\"=\"\\\"C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\\" /background\"

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run]
\"NVMixerTray\"=\"\\\"C:\\\\Program Files\\\\NVIDIA Corporation\\\\NvMixer\\\\NVMixerTray.exe\\\"\"
\"NvCplDaemon\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvCpl.dll,NvStartup\"
\"nwiz\"=\"nwiz.exe /install\"
\"NvMediaCenter\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvMcTray.dll,NvTaskbarInit\"
\"ATIPTA\"=\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI Control Panel\\\\atiptaxx.exe\"
\"ATICCC\"=\"\\\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI.ACE\\\\cli.exe\\\" runtime\"
\"iTunesHelper\"=\"\\\"C:\\\\Program Files\\\\iTunes\\\\iTunesHelper.exe\\\"\"
\"SunJavaUpdateSched\"=\"\\\"C:\\\\Program Files\\\\Java\\\\jre1.5.0_10\\\\bin\\\\jusched.exe\\\"\"
\"aol\"=\"\\\"C:\\\\Program Files\\\\AOL\\\\Active Virus Shield\\\\avp.exe\\\"\"


[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\securityproviders]
\"SecurityProviders\"=\"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll\"

[HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost]
HTTPFilter   REG_MULTI_SZ    HTTPFilter\\
LocalService   REG_MULTI_SZ    Alerter\WebClient\LmHosts\RemoteRegistry\upnphost\SSDPSRV\\
NetworkService   REG_MULTI_SZ    DnsCache\\
DcomLaunch   REG_MULTI_SZ    DcomLaunch\TermService\\
rpcss   REG_MULTI_SZ    RpcSs\\
imgsvc   REG_MULTI_SZ    StiSvc\\
termsvcs   REG_MULTI_SZ    TermService\\
Usnsvc   REG_MULTI_SZ    usnsvc\\

-- End of ComboScan: finished at 2007-03-25 at 11:04:58 ------------------------

guestolo · « **Reply #11 on:** March 25, 2007, 04:27:25 PM »

Is everything running ok now?
Your AV picking up on anything?

Try running a complete scan with Active virus shield and see if it picks up anything

guestolo · « **Reply #12 on:** June 09, 2007, 04:31:46 PM »

As the original poster has not returned, I'll lock this topic

TheTechGuide Forum

News:

Author Topic: a check up (Read 738 times)

World

a check up

guestolo

a check up

guestolo

a check up

World

a check up

guestolo

a check up

World

a check up

guestolo

a check up

World

a check up

guestolo

a check up

World

a check up

World

a check up

guestolo

a check up

guestolo

a check up