Jump to content

Kraminator

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by Kraminator

  1. Hi, I've recently obtained what I believe(almost to certainty) to be a host of malicious malware programs. It started about a week ago, with firefox not loading properly and getting error messages saying GoogleInstaller can not run properly and must be shut down, etc. Also, I noticed things were loading much slower. I ran a bunch of virus scanners (McAfee, Ad-aware) and they each found separate viruses and quarantined them. A couple days later, a process called iexplorer.exe would randomly load and play ads. At this point I am pretty concerned, but I make no extra efforts to rid my computer of this mal-ware. I tried installing and using spybot search and destroy since I had heard good things about it, but alas it would not open upon installation. So a couple days later, when my computer started up it would just freeze after about 30 seconds. My cursor would be able to move, but everything was unresponsive. At that point I knew things were FUBAR, so I ran my computer in safe-mode and tried to search for a solution. I once again ran my virus-scanners, they found more malicious files, but the problem still occured. I tried following a bunch of processes of cleaning my computer, but either the programs would not install or would not run once installed. I then figured out to just add a bunch of numbers at the end of the program names, and to my surprise they all loaded. So, I ran HijackThis and ComboFix, and now I present to you, the logs. Thanks in advance for the help. ComboFix Logs ComboFix 09-03-15.01 - Anonymous 2009-03-16 16:23:47.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3037 [GMT -7:00] Running from: c:\documents and settings\Anonymous\Desktop\ComboFix132456.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\UACaaoluqjt.sys c:\windows\system32\UACelpuhqvp.dll c:\windows\system32\UACgrwwxqln.dll c:\windows\system32\UAChdkujkix.log c:\windows\system32\uacinit.dll c:\windows\system32\UACjlcbxwrj.dll c:\windows\system32\UACkhgsblue.dll c:\windows\system32\UACqjsejgdt.log c:\windows\system32\UACtaldpsyc.log c:\windows\system32\UACvypeolil.dll c:\windows\system32\UACxgvqpwvp.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 ))))))))))))))))))))))))))))))) . 2009-03-16 16:09 . 2009-03-16 16:09 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\Malwarebytes 2009-03-16 15:20 . 2009-03-16 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop 2009-03-16 15:19 . 2009-03-16 15:19 <DIR> d-------- c:\program files\PCPitstop 2009-03-16 15:12 . 2009-03-16 15:12 <DIR> d-------- c:\program files\LSOFT 2009-03-15 22:26 . 2009-03-15 22:26 <DIR> d-------- c:\program files\Avira 2009-03-15 22:26 . 2009-03-15 22:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-15 22:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-15 22:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-15 22:15 . 2009-03-16 16:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-15 22:15 . 2009-03-15 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-15 22:03 . 2009-03-15 22:03 <DIR> d-------- c:\program files\CCleaner 2009-03-11 22:54 . 2009-03-11 22:54 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\McAfee 2009-03-11 22:42 . 2009-03-15 21:51 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-03-11 22:42 . 2009-03-15 22:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-09 23:30 . 2009-03-09 23:33 189,072 --a------ c:\windows\system32\PnkBstrB.xtr 2009-03-09 20:59 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb 2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\program files\Spyware Doctor 2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\program files\Common Files\PC Tools 2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\PC Tools 2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-03-09 15:12 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys 2009-03-09 15:12 . 2009-02-23 10:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys 2009-03-09 15:12 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys 2009-03-09 15:12 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys 2009-02-26 11:46 . 2009-02-26 11:46 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-02-22 22:03 . 2009-02-22 22:34 <DIR> d-------- C:\DoW2 2009-02-21 22:31 . 2009-02-21 22:32 <DIR> d-------- c:\program files\THQ 2009-02-21 22:17 . 2009-03-15 22:08 <DIR> d-------- C:\Q3Ademo 2009-02-21 20:38 . 2009-02-21 20:39 <DIR> d-------- c:\program files\VirtualDJ 2009-02-18 14:44 . 2009-02-18 14:44 401,408 --a------ c:\windows\system32\nvcuvid.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 23:16 --------- d-----w c:\documents and settings\Anonymous\Application Data\Xfire 2009-03-16 05:08 --------- d-----w c:\program files\Red Kawa 2009-03-16 03:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-14 00:10 --------- d-----w c:\program files\Xfire 2009-03-13 07:39 --------- d-----w c:\program files\Steam 2009-03-12 22:44 --------- d-----w c:\documents and settings\Anonymous\Application Data\uTorrent 2009-03-12 22:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-12 05:54 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-03-12 05:38 --------- d-----w c:\program files\World of Warcraft 2009-03-10 06:33 189,072 ----a-w c:\windows\system32\PnkBstrB.exe 2009-03-10 06:29 75,064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-03-10 06:29 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-03-10 03:59 --------- d-----w c:\program files\AGEIA Technologies 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 22:17 --------- d-----w c:\program files\Apophysis 2.0 2009-02-07 11:07 7,698 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-02-07 10:56 --------- d-----w c:\program files\Electronic Arts 2009-02-04 02:09 --------- d-----w c:\program files\Aero Studio 2009-01-22 04:45 356 ----a-w C:\drmHeader.bin 2009-01-19 09:35 --------- d-----w c:\program files\EA GAMES 2009-01-17 01:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-12-26 08:08 453,152 ----a-w c:\windows\system32\nvudisp.exe 2008-12-24 05:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-11-13 15:37 22,328 ----a-w c:\documents and settings\Anonymous\Application Data\PnkBstrK.sys 2007-12-14 06:30 769,536 ----a-w c:\documents and settings\Anonymous\Application Data\sfdnwin.dll 2008-07-17 09:21 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-12-09 01:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120820081209\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856] "Google Update"="c:\documents and settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-13 363008] "Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableProfileQuota"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\crysis wars\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\crysis warhead\\Bin32\\Crysis.exe"= "c:\\WINDOWS\\system32\\ElectricSheep.scr"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-09 130424] R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-03-02 12032] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-08 79360] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-28 21920] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-09 348752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dfaa45d-a934-11dc-adad-806d6172696f}] \Shell\AutoRun\command - D:\Setup.exe . Contents of the 'Scheduled Tasks' folder 2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1708537768-725345543-1003.job - c:\documents and settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:08] 2009-01-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-01-02 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Anonymous\Application Data\Mozilla\Firefox\Profiles\pk7787ti.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wowhead FF - prefs.js: browser.startup.homepage - hxxp://www.worldofwarcraft.com/index.xml FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Anonymous\Application Data\Mozilla\Firefox\Profiles\pk7787ti.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll FF - plugin: c:\documents and settings\Anonymous\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\Anonymous\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npDyyno.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Octoshape Streaming Services\Anonymous\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-16 16:27:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-796845957-1708537768-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:d2,7d,1b,24,e3,71,c4,f5,99,19,54,46,48,c2,3a,84,8c,30,a8,99,a3, 7d,de,a8,81,ba,78,a4,03,fb,3b,92,33,46,42,f7,8f,cc,e5,99,7b,57,58,51,5f,9e,\ "rkeysecu"=hex:f5,bd,52,b9,3d,f6,ae,c9,df,da,e2,d4,0d,a7,bf,b5 . Completion time: 2009-03-16 16:35:12 ComboFix-quarantined-files.txt 2009-03-16 23:35:10 Pre-Run: 164,193,902,592 bytes free Post-Run: 164,234,186,752 bytes free 235 --- E O F --- 2009-03-11 05:47:27 HijackThis LogsLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:40, on 2009-03-16 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Razer\Lachesis\razerhid.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Razer\Lachesis\OSD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Documents and Settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Razer\Lachesis\razertra.exe C:\Program Files\Razer\Lachesis\razerofa.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Xfire\xfire.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF28880.exe" /c "C:\ComboFix132456\C.bat" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9807 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.