Jump to content

ESSYMOND

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Still experiencing weird problems, please help analyze this! Much love... Here is the MBAM Log: Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 2 08/09/2009 8:37:15 PM mbam-log-2009-09-08 (20-37-15).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 190392 Time elapsed: 50 minute(s), 4 second(s) Memory Processes Infected: 5 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 2 Registry Data Items Infected: 5 Folders Infected: 4 Files Infected: 81 Memory Processes Infected: C:\WINDOWS\system32\temp1.exe (Trojan.Downloader) -> Unloaded process successfully. C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\Fonts\Fonts.exe (Worm.Archive) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe (Worm.Archive) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe (Worm.Archive) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmanager.exe (Worm.AutoRun) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sys (Worm.Archive) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\windows\svchost.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\temp1.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\copy.exe (Worm.Perlovga) -> Quarantined and deleted successfully. C:\Documents and Settings\Esmond\protect.dll (Rootkit.Small) -> Quarantined and deleted successfully. C:\Documents and Settings\Esmond\Start Menu\Programs\Startup\ChkDisk.dll (Rootkit.Small) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\protect.dll (Rootkit.Small) -> Quarantined and deleted successfully. C:\Program Files\Microsoft Common\svchost.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP193\A0062387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP193\A0062388.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP198\A0063386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP198\A0063387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP199\A0064386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP199\A0064387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP199\A0064777.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP199\A0065386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP199\A0065387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP201\A0066386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP201\A0066387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP201\A0067386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP201\A0067387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP163\A0055385.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP163\A0055386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP163\A0056385.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP163\A0056386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP167\A0057385.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP167\A0057386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP170\A0058386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP170\A0058387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP171\A0059386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP171\A0059387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP172\A0060386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP172\A0060387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP179\A0061386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C8CB69C1-4515-4BD3-B2B6-1337CA6903E7}\RP179\A0061387.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\xcopy.exe (Worm.Perlovga) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\protect.dll (Rootkit.Small) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Rootkit.Small) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ms.dll (Rootkit.Small) -> Quarantined and deleted successfully. D:\copy.exe (Worm.Perlovga) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\init.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss3356.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss3411.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss34bd.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss40e2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss418e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss4269.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss706d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss7251.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdss73d8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS852d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssbd77.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssbe52.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssbefe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssc372.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssc49b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssccc9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSScd62.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdsscd75.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tdssce50.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\Fonts.exe (Worm.Archive) -> Delete on reboot. C:\WINDOWS\Fonts\tskmgr.exe (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Windows_update.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully. C:\autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully. C:\MS-DOS.com (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\PCHealth\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.com (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\Media\rndll32.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\Cursors\Boom.vbs (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\rndll32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\tskmgr.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\Drivers.cab.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\host.exe (Trojan.Agent) -> Quarantined and deleted successfully. Heres the HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:45:43 PM, on 08/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Norman\Nvc\Bin\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Norman\Nvc\Bin\Zanda.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\Bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [RemoveWGA] E:\RemoveWGA.exe -startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe -mini O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user') O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\Bin\Zanda.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8806 bytes THANKS!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.