Jump to content

leafs

Honorary Members
 View Profile  See their activity

  • Posts

    35

  • Joined

  • Last visited

 Content Type 

Everything posted by leafs

  1. leafs
    No more crashes or problems,i think we got it all fixed,man what a pain in the behind,lol Thx again for all the help,Ive learned alot and plan on being a member of this forums for a long time.Talk to you all later. Leafs
  2. leafs
    Since i stopped zonealarm from monitoring nod it hasnt crashed HJT uninstall list AC3Filter (remove only) Acoustica Beatcraft Acoustica Effects Pack Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 2.0 Adobe Photoshop CS2 Adobe Premiere Pro Adobe Reader 7.0.9 Adobe Stock Photos 1.0 Ahead Nero Burning ROM AnyDVD Cake Mania 2 Cakewalk VST Adapter 4 Cool Edit Pro 2.1 Corel SVG Viewer DAEMON Tools dBpowerAMP AAC (AACEnc CLI) dBpowerAMP mp3PRO Input Codec dBpowerAMP Music Converter dBpowerAMP Ogg Vorbis Codec Dell ResourceCD Diner Dash Diner Dash - Flo on the Go DivX Web Player DreamStation DXi2 DVD Shrink 3.2 GiPo@MoveOnBoot 1.9.5 GuitarPort 2.51.0 (Remove Only) HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Intel
  3. leafs
    no crash yet,,im gonna try to turn on nod32 again,only this time i wont let ZA monitor it,lets see what happens
  4. leafs
    I took a shot in the dark guess that maybe there was a problem between nod32 and zonealarm,so i turned off nod32,15 minutes no crash yet.Ill give it another 10 minutes,usually crashes by now.
  5. leafs
    mysystem.txt ok i added it as an attachment,lets see if that works mysystem.txt
  6. leafs
    The log is to big for the forum,can we narrow it down a bit? there was no blue screen,,just turns right off to black
  7. leafs
    I added zonealarm,defraged the hd since we last spoke
  8. leafs
    I think i still have some kinda problem,,my system turns off randomly,4 times in an hour today it just turned off while in use,any ideas as to what or why this happens? (time for a new comp soon) lol
  9. leafs
    Everything seems to be ok,,,a huge thx to you 1972vet and jean for all the help.The world needs more people like you all,who help out those less knowledgable.
  10. leafs
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:15 PM, on 8/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 3980 bytes
  11. leafs
    ComboFix 08-08-18.05 - damageplan 2008-08-20 22:15:10.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.756 [GMT -4:00] Running from: C:\Documents and Settings\damageplan.BEYOND\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\damageplan.BEYOND\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\WINDOWS\system\actualspystart.lnk . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\410splashfree.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\414splashfree.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\createtimes.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\fileurns.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\filters.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\gnutella.net C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\installation.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\library.dat C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\limewire.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\mojito.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\pub1.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\public.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\questions.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\responses.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\simpp.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\spam.dat C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\tables.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\lime.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\search.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\lime.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\logo.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\notsearching.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\logo.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\notsearching.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splashpro.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\version.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttree.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttrees.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttroot.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\update.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\data\delete_me C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\application.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\audio.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\document.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\image.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\video.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\application.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\audio.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\document.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\image.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\video.xsd C:\WINDOWS\system\actualspystart.lnk . ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))) . 2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-20 19:21 . 2008-08-20 19:30 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\PC Suite 2008-08-20 19:21 . 2008-08-20 20:14 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Nokia 2008-08-20 19:21 . 2008-08-20 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\DIFX 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-20 19:19 . 2008-08-20 19:19 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-20 19:19 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Nokia 2008-08-20 19:19 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-20 19:19 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-20 19:19 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-20 19:19 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-20 19:19 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-20 19:19 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-20 19:19 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-20 19:18 . 2008-08-20 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-08-20 15:17 . 2008-08-20 18:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-19 11:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-19 11:15 . 2008-08-19 11:16 <DIR> d-------- C:\Program Files\Java 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-18 19:32 . 2008-08-18 19:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-17 13:26 . 2008-08-20 13:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-17 13:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 21:20 . 2008-08-16 21:20 <DIR> d-------- C:\Program Files\Panda Security 2008-08-16 21:20 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-16 20:20 . 2008-08-16 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-08-13 17:30 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-11 00:41 . 2008-08-20 20:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 00:41 . 2008-08-11 00:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-24 14:15 . 2008-07-24 14:15 <DIR> d-------- C:\Cakewalk Projects . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 00:44 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-19 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-17 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 00:53 --------- d-----w C:\Program Files\Virtools Web Player 3.0 2008-08-16 21:24 --------- d-----w C:\Program Files\QuickTime 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\agi . ((((((((((((((((((((((((((((( snapshot@2008-08-19_11.41.41.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-20 23:20:00 10,134 ----a-r C:\WINDOWS\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe + 2008-08-20 23:20:44 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe + 2008-08-20 23:19:42 3,262 ----a-r C:\WINDOWS\Installer\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}\ARPPRODUCTICON.exe + 2007-03-30 03:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll - 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-07-19 02:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Before Compact\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Original\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\RCCBakup\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\SM Registry Backup\NTUSER.DAT - 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2004-08-04 06:08:42 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys - 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-05-20 14:37:00 525,824 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll + 2004-08-04 06:08:42 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys + 2008-05-07 11:38:36 8,064 ----a-w C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys + 2006-11-02 11:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys + 2006-11-02 11:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys - 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys + 2006-09-16 02:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys - 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2006-09-16 02:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2008-05-07 11:38:20 17,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys + 2008-05-07 11:38:24 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll + 2008-05-07 11:38:34 659,968 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll + 2008-05-07 11:39:22 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll + 2008-05-07 11:38:36 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys + 2008-06-06 13:24:44 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys + 2008-05-07 11:38:20 20,864 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys + 2007-09-17 19:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys + 2008-05-20 14:37:00 525,824 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll + 2008-05-20 14:32:30 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll - 2008-08-18 01:08:21 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-08-21 00:44:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-10-09 01:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2008-07-19 02:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2008-07-19 02:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2008-07-19 02:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll - 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll + 2006-09-16 03:30:16 87,040 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll - 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe + 2006-09-16 03:30:06 142,848 ------w C:\WINDOWS\system32\WudfHost.exe - 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll + 2006-09-16 02:29:54 163,840 ------w C:\WINDOWS\system32\WudfPlatform.dll - 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll + 2006-09-16 03:30:16 55,296 ------w C:\WINDOWS\system32\WudfSvc.dll + 2008-05-20 14:32:30 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll - 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll + 2006-09-16 03:30:16 308,224 ------w C:\WINDOWS\system32\WUDFx.dll - 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll - 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-19 02:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll + 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Itfy"="C:\WINDOWS\system32\??rvices.exe" [?] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47 557056] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 08:31 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2003-10-06 15:16 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^damageplan^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk] backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anwx HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "SAVScan"=3 (0x3) "ISSVC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Outlook Express\\msimn.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 BCDCNDIS;Belkin Direct Connect Network Adapter;C:\WINDOWS\system32\DRIVERS\BCDCNDIS.SYS [2000-08-08 14:37] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 14:24] R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-01-29 21:22] S3 BCDCLINK;Belkin USB Direct Connect;C:\WINDOWS\system32\DRIVERS\BCDCLINK.SYS [2000-08-08 14:37] S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-29 21:17] S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys [2005-01-21 08:17] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf89c438-758d-11db-b4be-0050fcc1144c}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5da4cbc-757a-11db-b4b3-0050fcc1144c}] \Shell\AutoRun\command - G:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2007-11-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2008-08-17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - D:\Program Files\SpyEraser\SpyEraser.exe [2007-05-23 15:33] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 22:20:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Completion time: 2008-08-20 22:29:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-21 02:29:11 ComboFix2.txt 2008-08-19 15:42:24 Pre-Run: 7,888,089,088 bytes free Post-Run: 7,912,120,320 bytes free 428 --- E O F --- 2008-08-20 22:16:07 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:35 PM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4421 bytes
  12. leafs
    The computer is very laggy at times,not sure if thats cuzz its older or due to more viruses
  13. leafs
    It seems a bit slow on startup,takes about a minute or so longer then usual to be able to open ie or run anything,other then that it seems ok HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:28:27 PM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ESET\bak\nod32kui.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 3719 bytes
  14. leafs
    k,,updated and scanned log Malwarebytes' Anti-Malware 1.25 Database version: 1062 Windows 5.1.2600 Service Pack 2 1:21:15 PM 8/20/2008 mbam-log-08-20-2008 (13-21-15).txt Scan type: Quick Scan Objects scanned: 46485 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. leafs
    Whats the next step?
  16. leafs
    yes sir
  17. leafs
    Updated hjt log after running the removal tool Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:41:47 PM, on 8/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 3685 bytes
  18. leafs
    Volume in drive C has no label. Volume Serial Number is 6CC7-E632 Directory of C:\Program Files Directory of C:\Documents and Settings\damageplan.BEYOND\Desktop
  19. leafs
    i found a folder from symantec,but am unable to delete it,must be from when i had nortons years ago
  20. leafs
    Volume in drive C has no label. Volume Serial Number is 6CC7-E632 Directory of C:\WINDOWS\System32 08/04/2004 03:56 AM 108,032 services.exe 1 File(s) 108,032 bytes Directory of C:\Documents and Settings\damageplan.BEYOND\Desktop could not find anything with oin in it in add and remove or any of those games soulseek,azureus and limewrie are deleted HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:42 PM, on 8/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ESET\bak\nod32kui.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 4402 bytes
  21. leafs
    combofix log ComboFix 08-08-18.05 - damageplan 2008-08-19 11:35:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.769 [GMT -4:00] Running from: C:\Documents and Settings\damageplan.BEYOND\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\damageplan.BEYOND\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\#SharedObjects\2XTB6FNB\interclick.com C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\#SharedObjects\2XTB6FNB\interclick.com\ud.sol C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\#SharedObjects\2XTB6FNB\www.broadcaster.com C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\damageplan.BEYOND\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\damageplan.BEYOND\UserData C:\Documents and Settings\damageplan.BEYOND\UserData\index.dat C:\Documents and Settings\damageplan.BEYOND\UserData\QK07LZ36\Tdy58[1].xml C:\Documents and Settings\damageplan\UserData C:\Documents and Settings\damageplan\UserData\8XA7SD6N\undefined[1].xml C:\Documents and Settings\damageplan\UserData\GTANGDE7\dhtml[1].xml C:\Documents and Settings\damageplan\UserData\GTANGDE7\obe[1].xml C:\Documents and Settings\damageplan\UserData\GTANGDE7\oWindowsUpdate[1].xml C:\Documents and Settings\damageplan\UserData\index.dat C:\Documents and Settings\damageplan\UserData\O5IJGPIR\oXMLStore[1].xml C:\Documents and Settings\damageplan\UserData\O5IJGPIR\sn[1].xml C:\Documents and Settings\damageplan\UserData\WXEFCHAF\oWindowsUpdate[1].xml C:\Documents and Settings\damageplan\UserData\WXEFCHAF\oXMLStoreUnit[1].xml C:\WINDOWS\system32\actskn43.ocx . ((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 ))))))))))))))))))))))))))))))) . 2008-08-19 11:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-19 11:15 . 2008-08-19 11:16 <DIR> d-------- C:\Program Files\Java 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-18 22:53 . 2008-08-18 23:01 692 ---hs---- C:\WINDOWS\system\actualspystart.lnk 2008-08-18 19:32 . 2008-08-18 19:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-17 13:26 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 21:20 . 2008-08-16 21:20 <DIR> d-------- C:\Program Files\Panda Security 2008-08-16 21:20 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-16 20:20 . 2008-08-16 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-08-13 17:30 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-11 00:41 . 2008-08-13 07:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 00:41 . 2008-08-11 00:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-05 00:47 . 2008-08-05 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Soulseek 2008-08-05 00:46 . 2008-08-05 00:46 <DIR> d-------- C:\Program Files\2SoulseekNS 2008-07-24 14:15 . 2008-07-24 14:15 <DIR> d-------- C:\Cakewalk Projects . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 01:09 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-18 01:08 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-17 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 00:53 --------- d-----w C:\Program Files\Virtools Web Player 3.0 2008-08-16 21:24 --------- d-----w C:\Program Files\QuickTime 2008-08-16 04:01 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire 2008-08-16 04:01 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\Azureus 2008-07-08 19:48 327,680 ----a-w C:\WINDOWS\system32\pythoncom25.dll 2008-07-08 19:48 2,113,536 ----a-w C:\WINDOWS\system32\python25.dll 2008-07-08 19:48 102,400 ----a-w C:\WINDOWS\system32\pywintypes25.dll 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\agi 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2002-06-04 09:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^damageplan^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk] backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Itfy] C:\WINDOWS\system32\??rvices.exe [?] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anwx HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2003-10-06 15:16 5058560 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2003-10-06 15:16 49152 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] --a------ 2006-12-20 18:47 557056 C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "SAVScan"=3 (0x3) "ISSVC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Outlook Express\\msimn.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\Program Files\\Azureus\\Azureus.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"= "D:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Program Files\\1Soulseek\\slsk.exe"= "D:\\Program Files\\SoulseekNS\\slsk.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 BCDCNDIS;Belkin Direct Connect Network Adapter;C:\WINDOWS\system32\DRIVERS\BCDCNDIS.SYS [2000-08-08 14:37] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 14:24] R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-01-29 21:22] S3 BCDCLINK;Belkin USB Direct Connect;C:\WINDOWS\system32\DRIVERS\BCDCLINK.SYS [2000-08-08 14:37] S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-29 21:17] S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys [2005-01-21 08:17] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf89c438-758d-11db-b4be-0050fcc1144c}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5da4cbc-757a-11db-b4b3-0050fcc1144c}] \Shell\AutoRun\command - G:\autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2007-11-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2008-08-17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - D:\Program Files\SpyEraser\SpyEraser.exe [2007-05-23 15:33] . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe MSConfigStartUp-ctfmon - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://yahoo.ca/ O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} - hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab C:\WINDOWS\Downloaded Program Files\BellCanadaPortalAX.inf . . ------- File Associations (Beta) ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 11:38:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-19 11:42:23 ComboFix-quarantined-files.txt 2008-08-19 15:42:04 Pre-Run: 8,835,653,632 bytes free Post-Run: 8,851,546,112 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 209 --- E O F --- 2008-08-13 22:14:18 HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:10 AM, on 8/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ESET\bak\nod32kui.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 3772 bytes
  22. leafs
    I got rid of the java,sorry should have left that post,didnt want to waste anyones time. I have not found anything nortons or symantec other then when i run HJT
  23. leafs
    Ok,ill reply soon I only have nod32 installed on my machine,what is the other one you found in the log,is it remnants of an older virus protection i had and how do i rid my system of them
  24. leafs
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:36 PM, on 8/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing) -- End of file - 3704 bytes Theres the 3 logs you asked for,panda said i have 11 threats but wouldnt delete them,and one suspicious one which i deleted ,spybot found 18 problems and deleted them.. thx for the help by the way,so whats the next step Leafs
  25. leafs
    ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-08-18 22:14:48 PROTECTIONS: 1 MALWARE: 11 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Eset NOD32 antivirus system 2.51 2.51 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00029426 adware/sbsoft Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ipreg32.dll 00029426 adware/sbsoft Adware No 0 Yes No c:\windows\webdlg32.inf 00034463 adware/wupd Adware No 0 Yes No hkey_local_machine\software\preview adservice 00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install 00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1 00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\mediapassx.installer 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Application Data\Uniblue\SpyEraser\Quarantine\casalemedia.com_10_03_2008_22_58_38.asq6334 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Application Data\Uniblue\SpyEraser\Quarantine\DoubleClick_10_03_2008_22_58_38.asq26500 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Cookies\damageplan@atdmt[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Cookies\damageplan@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Application Data\Uniblue\SpyEraser\Quarantine\Mediaplex.com_10_03_2008_22_58_38.asq11478 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Cookies\damageplan@advertising[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Application Data\Uniblue\SpyEraser\Quarantine\QuestionMarket.com_10_03_2008_22_58_38.asq29358 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Application Data\Uniblue\SpyEraser\Quarantine\Bravenet.com_10_03_2008_22_58_37.asq41 01204571 Application/CapScrn HackTools No 0 Yes No C:\Documents and Settings\damageplan.BEYOND\Application Data\Uniblue\SpyEraser\Quarantine\CapScrn ActiveX Control_16_08_2008_16_06_27.asq26500 ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== No H:\yup\VSO SoftWare Suite 2006\VSO BlindWrite v5.2.23.156\Blindwrite 5 Tweaker v1.5.6\BW5Tweaker.exe ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.