Jump to content

Reagan72

Honorary Members
  • Posts

    88
  • Joined

  • Last visited

Reputation

0 Neutral
  1. thanks, I have. I will let you know how things went
  2. SOrry for not getting back at you sooner.(it wasnt possible) I've decided to come up with 5 more discs, run the recovery cd creator and try a full system recovery.
  3. I was actually thinking do a full restore-I was going to use the recovery cd creator,but I need 5 more discs. if we can try to continue to fix the problem I'd rather do that p.s. what you suggested in your 2nd to last post- I could'nt do it
  4. nvm I found it, i didnt think it'd be so dayum expensive though-this has been a somewhat depressing day
  5. what would i look for at newegg.com, I put in windows xp in the search and a whole bunch of other stuff came up?
  6. okay retail xp i guess-compaq presario s3000nx
  7. Sometimes not even 5 minutes, other times, maybe 20-30 minutes. Sometimes it wont come on for hours or not at all. No unfortunately i do not have the windows xp cd. Is that something I can obtain online? Oh, task manager still doesnt work and 2 new apps are still present in c:\ "8u1e5q9s9y8.exe" and "i4p5a1y7a7s7.exe"
  8. dayum computer keeps restarting-wont give me a chance to reply all in one post. It keeps restarting with that NT authority/system message. I took a pic so I now have the message in front of me. It reads: This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM Time before shutdown: (i think it starts at 59, when i took the picture I captured it at 15 seconds) Message The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code 0. The system will now shutdown and restart. Anyways... I ran into a few problems when I attempted to follow your instructions. Lets see if I can remember them now... In hijackthis, when I went to fix what you told me to, O4 - HKLM\..\Run: [lsass.exe] C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe were both gone. I did however 'fix' the rest without any problems.(at least to my knowledge, I think so) Then when I went to do Avenger, when it wanted to reboot, it started to and got stuck at 'closing network connections' longer than I've ever seen the machine stuck at that part after any kind of scan or whatever Avenger does. So i held the power button 'til it shut off. I turned it back on and a logfile came up. To me it seemed like it deleted everything successfully, though I do recall seeing the word "failed" a few times here and there. Anyways, I went to run MBAM and when it wanted to reboot, it got stuck at 'closing network connections' again. So I just held the button again until it shut off. When It booted up again. I ran MBAM again just in case, and it found nothing. As you can see I posted both logs. I did however not find the first avenger log, the really detailed one. I ran Avenger again and the results are showed in the log I posted.
  9. Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 1 10/3/2008 5:27:40 PM mbam-log-2008-10-03 (17-27-40).txt Scan type: Quick Scan Objects scanned: 54525 Time elapsed: 7 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 11 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 19 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot. C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\7ADC2AB1.dll (Spyware.OnlineGames) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-293d48b2ae99} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7adc2ab1-5c6a-4178-82da-94863354af7c} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\thunderadvise (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msnmsg (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7adc2ab1-5c6a-4178-82da-94863354af7c} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot. C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\7ADC2AB1.dll (Spyware.OnlineGames) -> Delete on reboot. C:\Documents and Settings\Owner\Local Settings\Temp\15.cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8DYZW52N\05[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8DYZW52N\17[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8DYZW52N\19[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8DYZW52N\abb[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GD2DESJ8\15[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GD2DESJ8\99[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QNE9INM5\13[2].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QNE9INM5\14[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QNE9INM5\18[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QNE9INM5\20[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VMGX3KOX\16[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\System.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\Photo_14301.zip (Backdoor.Bot) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 1 10/3/2008 5:48:32 PM mbam-log-2008-10-03 (17-48-32).txt Scan type: Quick Scan Objects scanned: 54298 Time elapsed: 7 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "nvmini" found! DisplayName: NVIDIA Compatible Windows Miniport Driver ImagePath: system32\DRIVERS\nvmini.sys Start Type: 2 (Automatic) Rootkit scan completed. Error: file "c:\8b4l8r9h1v9.exe" not found! Deletion of file "c:\8b4l8r9h1v9.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\drivers\etc\hosts" deleted successfully. Error: file "c:\windows\system32\drivers\PrdMgr.exe" not found! Deletion of file "c:\windows\system32\drivers\PrdMgr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBmhly.dll" not found! Deletion of file "c:\windows\system32\HBmhly.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HB1000Y.dll" not found! Deletion of file "c:\windows\system32\HB1000Y.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBXY2.dll" not found! Deletion of file "c:\windows\system32\HBXY2.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBSO2.dll" not found! Deletion of file "c:\windows\system32\HBSO2.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBFY.dll" not found! Deletion of file "c:\windows\system32\HBFY.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBFY.dll" not found! Deletion of file "c:\windows\system32\HBFY.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBKDXY.dll" not found! Deletion of file "c:\windows\system32\HBKDXY.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBZHUXIAN.dll" not found! Deletion of file "c:\windows\system32\HBZHUXIAN.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBBO.dll" not found! Deletion of file "c:\windows\system32\HBBO.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBCONQUER.dll" not found! Deletion of file "c:\windows\system32\HBCONQUER.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBSOUL.dll" not found! Deletion of file "c:\windows\system32\HBSOUL.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBCHIBI.dll" not found! Deletion of file "c:\windows\system32\HBCHIBI.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBCT.dll" not found! Deletion of file "c:\windows\system32\HBCT.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBQQSG.dll" not found! Deletion of file "c:\windows\system32\HBQQSG.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\HBQQFFO.dll" not found! Deletion of file "c:\windows\system32\HBQQFFO.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\regvcs.exe" not found! Deletion of file "C:\WINDOWS\system32\drivers\regvcs.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\547661CQWZ.exe" not found! Deletion of file "C:\WINDOWS\547661CQWZ.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe" not found! Deletion of file "C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\FmMgr.exe" not found! Deletion of file "C:\WINDOWS\system32\drivers\FmMgr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:03:50 PM, on 10/3/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\drivers\LBTWiz.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\pchealth\helpctr\binaries\VTskMgr.exe c:\i4p5a1y7a7s7.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\LBTWiz.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\system32\drivers\LBTWiz.exe O4 - HKLM\..\Run: [VTskMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTskMgr.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219522215203 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 3448 bytes
  11. My apologies AS and thank you for your patience. As you might have read in earlier posts, there was someone who wouldnt cooperate with staying off the machine while I was trying to fix it. Waiting for my probation to end seemed like my best bet-with what me wanting to express how I felt about the situation to that person(and that seeming to be the only solution to get cooperation). Serious consequences would've been handed down to me by the law had I not waited and violated probation. Probation was up Friday, did what I had to do-you can imagine I got into a little trouble. Anyways, sorry for the inconvenience-there shall be no more interuptions.(hopefully) While I was away, mom was using the computer. 4 new apps appeared in c:\, and task manager doesnt work. Other than that, everything is fine Im not quite sure if you understood what I was trying to tell you in my last post so I just went and did MBAM(let it reboot) and ran hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:33 PM, on 10/2/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\drivers\PrdMgr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe C:\WINDOWS\system32\drivers\FmMgr.exe c:\8b4l8r9h1v9.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exe O1 - Hosts: 127.1 localhost O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn O1 - Hosts: 127.1 61.134.37.12 O1 - Hosts: 127.1 ko.ssa387.cn O1 - Hosts: 127.1 www.ndxrr.cn O1 - Hosts: 127.1 12345.ssa387.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 wwwwhf.cn O1 - Hosts: 127.1 a89369093.sq.u9idc.com O1 - Hosts: 127.1 www.mmd178.cn O1 - Hosts: 127.1 www.178mmd.cn O1 - Hosts: 127.1 www.wenzhuoyyy.cn O1 - Hosts: 127.1 tw.lovechina.tw.cn O1 - Hosts: 127.1 222.189.238.151 O1 - Hosts: 127.1 222.179.185.78 O1 - Hosts: 127.1 www.wq9q.cn O1 - Hosts: 127.1 593ffcey.cn O1 - Hosts: 127.1 set.yay520.cn O1 - Hosts: 127.1 tenmoc999.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 121.kcuf-01.com O1 - Hosts: 127.1 www.ew1q.cn O1 - Hosts: 127.1 www.b3sk.cn O1 - Hosts: 127.1 up.bizmd.cn O1 - Hosts: 127.1 www.ms2a.cn O1 - Hosts: 127.1 www.wo9188.cn O1 - Hosts: 127.1 www.fgetchr.cn O1 - Hosts: 127.1 www.e6zx.cn O1 - Hosts: 127.1 hai067.com O1 - Hosts: 127.1 hai088.com O1 - Hosts: 127.1 778899.jd8j.cn O1 - Hosts: 127.1 sql.78-11.net O1 - Hosts: 127.1 www.bbbirdy.com O1 - Hosts: 127.1 www.s1na1.com.cn O1 - Hosts: 127.1 www.dianyinjzd.cn O1 - Hosts: 127.1 www.dj5201314dj.com O1 - Hosts: 127.1 max-2.cn O1 - Hosts: 127.1 a.asp-o.cn O1 - Hosts: 127.1 b.asp-o.cn O1 - Hosts: 127.1 c.asp-o.cn O1 - Hosts: 127.1 x.kprobb.cn O1 - Hosts: 127.1 js.php-k.cn O1 - Hosts: 127.1 max-1.cn O1 - Hosts: 127.1 max-3.cn O1 - Hosts: 127.1 max-4.cn O1 - Hosts: 127.1 max-5.cn O1 - Hosts: 127.1 max-6.cn O1 - Hosts: 127.1 max-7.cn O1 - Hosts: 127.1 max-8.cn O1 - Hosts: 127.1 max-9.cn O1 - Hosts: 127.1 max-10.cn O1 - Hosts: 127.1 max-11.cn O1 - Hosts: 127.1 max-12.cn O1 - Hosts: 127.1 twocannon250.com.cn O1 - Hosts: 127.1 www.133mm.cn O1 - Hosts: 127.1 www.51vmm.cn O1 - Hosts: 127.1 www.7mmoo.cn O1 - Hosts: 127.1 www.99mmm.org.cn O1 - Hosts: 127.1 www.hdec.cn O1 - Hosts: 127.1 www.picc18.com O1 - Hosts: 127.1 www.kissdh.com O1 - Hosts: 127.1 www.x7v.cn O1 - Hosts: 127.1 biqulu.cn O1 - Hosts: 127.1 2008.qq2006.com.cn O1 - Hosts: 127.1 giaitrisex.com O1 - Hosts: 127.1 www.giaitrisex.com O1 - Hosts: 127.1 www.giaitrituoitre.net O1 - Hosts: 127.1 mekiep.com O1 - Hosts: 127.1 www.1sex1day.com O1 - Hosts: 127.1 a.9ymm.com O1 - Hosts: 127.1 bobo.7wyt.com O1 - Hosts: 127.1 www.591caobi.cn O1 - Hosts: 127.1 www.hrz008.cn O1 - Hosts: 127.1 asp-15.cn O1 - Hosts: 127.1 asp-12.cn O1 - Hosts: 127.1 www.jb88.net O1 - Hosts: 127.1 6.a88a.com O1 - Hosts: 127.1 w.b2c3.cn O1 - Hosts: 127.1 m.c5x8.com O1 - Hosts: 127.1 www.518sfw.cn O1 - Hosts: 127.1 www.jjyyzmj.cn O1 - Hosts: 127.1 u.cnmrx.net O1 - Hosts: 127.1 duowan.czm.cn O1 - Hosts: 127.1 xccxcxcxcxcx.cn O1 - Hosts: 127.1 google-yahoo.org.cn O1 - Hosts: 127.1 tudou-net.org.cn O1 - Hosts: 127.1 downloads.zango.com O1 - Hosts: 127.1 ftp.surfnet.nl O1 - Hosts: 127.1 bis.180solutions.com O1 - Hosts: 127.1 installs.hotbar.com O1 - Hosts: 127.1 www.hbdownloads.com O1 - Hosts: 127.1 static.zangocash.com O1 - Hosts: 127.1 www.qq-songli.cn O1 - Hosts: 127.1 aa.9234.net O1 - Hosts: 127.1 www.97love.info O1 - Hosts: 127.1 97love.info O1 - Hosts: 127.1 www.zyzhuiku.cn O1 - Hosts: 127.1 zyzhuiku.cn O1 - Hosts: 127.1 www.lang18.com O1 - Hosts: 127.1 lang18.com O1 - Hosts: 127.1 sao6666.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe O4 - HKLM\..\Run: [WinWZSys] C:\WINDOWS\547661CQWZ.exe O4 - HKLM\..\Run: [lsass.exe] C:\WINDOWS\pchealth\helpctr\binaries\lsass.exe O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219522215203 O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBXY2.dll,HBSO2.dll,HBFY.dll,HBKDXY.dll,HBZHUXIAN.dll,HBB O.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBCT.dll,HBQQSG.dll,HBQQFFO.dll O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7250 bytes
  12. Thanks AS, [problem] In etc, I tried to delete the host file but it didnt look like I was successful. I right-clicked on it and clicked on delete then the message: the file 'hosts' is a system file. If you remove it, your computer, or one of your programs may no longer work correctly. Are you sure you want to move it to the recycling bin?" came up. I said yes and then the message disappeared but the hosts file never left. I did this again and went to the recycling bin to see what was there. Sure enough there were two identical copies of the hosts file so I deleted them from the bin. I clicked back on the etc folder and the hosts file was still there. My new hosts file I created in notepad is there too, with a .txt extension. Read-only in properties too. The newly creatd hosts file's icon is like that of anyother file created in notepad. The old hosts file however has that paper with the fold in the corner and the little window on it icon. I also didnt reboot right after I hikacked this because you never said to and you were pretty thorough. MBAM: alwarebytes' Anti-Malware 1.28 Database version: 1209 Windows 5.1.2600 Service Pack 1 9/26/2008 7:46:14 AM mbam-log-2008-09-26 (07-46-14).txt Scan type: Quick Scan Objects scanned: 53995 Time elapsed: 8 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 5 Registry Keys Infected: 11 Registry Values Infected: 6 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 17 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\sysocmgr.dll (Spyware.OnlineGames) -> Delete on reboot. C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{da1de019-a6a8-ed40-4b87-248b2a93de99} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-293d48b2ae99} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\thunderadvise (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysocmgr (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msnmsg (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3PMmUpdate (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsysw (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\sysocmgr.dll (Spyware.OnlineGames) -> Delete on reboot. C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2HSTGFW7\20[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2VOH61EP\22[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2VOH61EP\abb[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EB4JE9A9\18[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EB4JE9A9\21[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HJJXZLRG\05[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HJJXZLRG\19[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\Update.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\System.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\547661L.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> Delete on reboot. HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:51:14 AM, on 9/26/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\drivers\regvcs.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\svchost.exe c:\3j5r5e3j6c2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\regvcs.exe O1 - Hosts: 127.1 localhost O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn O1 - Hosts: 127.1 61.134.37.12 O1 - Hosts: 127.1 ko.ssa387.cn O1 - Hosts: 127.1 www.ndxrr.cn O1 - Hosts: 127.1 12345.ssa387.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 wwwwhf.cn O1 - Hosts: 127.1 a89369093.sq.u9idc.com O1 - Hosts: 127.1 www.mmd178.cn O1 - Hosts: 127.1 www.178mmd.cn O1 - Hosts: 127.1 www.wenzhuoyyy.cn O1 - Hosts: 127.1 tw.lovechina.tw.cn O1 - Hosts: 127.1 222.189.238.151 O1 - Hosts: 127.1 222.179.185.78 O1 - Hosts: 127.1 www.wq9q.cn O1 - Hosts: 127.1 593ffcey.cn O1 - Hosts: 127.1 set.yay520.cn O1 - Hosts: 127.1 tenmoc999.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 121.kcuf-01.com O1 - Hosts: 127.1 www.ew1q.cn O1 - Hosts: 127.1 www.b3sk.cn O1 - Hosts: 127.1 up.bizmd.cn O1 - Hosts: 127.1 www.ms2a.cn O1 - Hosts: 127.1 www.wo9188.cn O1 - Hosts: 127.1 www.fgetchr.cn O1 - Hosts: 127.1 www.e6zx.cn O1 - Hosts: 127.1 hai067.com O1 - Hosts: 127.1 hai088.com O1 - Hosts: 127.1 778899.jd8j.cn O1 - Hosts: 127.1 sql.78-11.net O1 - Hosts: 127.1 www.bbbirdy.com O1 - Hosts: 127.1 www.s1na1.com.cn O1 - Hosts: 127.1 www.dianyinjzd.cn O1 - Hosts: 127.1 www.dj5201314dj.com O1 - Hosts: 127.1 max-2.cn O1 - Hosts: 127.1 a.asp-o.cn O1 - Hosts: 127.1 b.asp-o.cn O1 - Hosts: 127.1 c.asp-o.cn O1 - Hosts: 127.1 x.kprobb.cn O1 - Hosts: 127.1 js.php-k.cn O1 - Hosts: 127.1 max-1.cn O1 - Hosts: 127.1 max-3.cn O1 - Hosts: 127.1 max-4.cn O1 - Hosts: 127.1 max-5.cn O1 - Hosts: 127.1 max-6.cn O1 - Hosts: 127.1 max-7.cn O1 - Hosts: 127.1 max-8.cn O1 - Hosts: 127.1 max-9.cn O1 - Hosts: 127.1 max-10.cn O1 - Hosts: 127.1 max-11.cn O1 - Hosts: 127.1 max-12.cn O1 - Hosts: 127.1 twocannon250.com.cn O1 - Hosts: 127.1 www.133mm.cn O1 - Hosts: 127.1 www.51vmm.cn O1 - Hosts: 127.1 www.7mmoo.cn O1 - Hosts: 127.1 www.99mmm.org.cn O1 - Hosts: 127.1 www.hdec.cn O1 - Hosts: 127.1 www.picc18.com O1 - Hosts: 127.1 www.kissdh.com O1 - Hosts: 127.1 www.x7v.cn O1 - Hosts: 127.1 biqulu.cn O1 - Hosts: 127.1 2008.qq2006.com.cn O1 - Hosts: 127.1 giaitrisex.com O1 - Hosts: 127.1 www.giaitrisex.com O1 - Hosts: 127.1 www.giaitrituoitre.net O1 - Hosts: 127.1 mekiep.com O1 - Hosts: 127.1 www.1sex1day.com O1 - Hosts: 127.1 a.9ymm.com O1 - Hosts: 127.1 bobo.7wyt.com O1 - Hosts: 127.1 www.591caobi.cn O1 - Hosts: 127.1 www.hrz008.cn O1 - Hosts: 127.1 asp-15.cn O1 - Hosts: 127.1 asp-12.cn O1 - Hosts: 127.1 www.jb88.net O1 - Hosts: 127.1 6.a88a.com O1 - Hosts: 127.1 w.b2c3.cn O1 - Hosts: 127.1 m.c5x8.com O1 - Hosts: 127.1 www.518sfw.cn O1 - Hosts: 127.1 www.jjyyzmj.cn O1 - Hosts: 127.1 u.cnmrx.net O1 - Hosts: 127.1 duowan.czm.cn O1 - Hosts: 127.1 xccxcxcxcxcx.cn O1 - Hosts: 127.1 google-yahoo.org.cn O1 - Hosts: 127.1 tudou-net.org.cn O1 - Hosts: 127.1 downloads.zango.com O1 - Hosts: 127.1 ftp.surfnet.nl O1 - Hosts: 127.1 bis.180solutions.com O1 - Hosts: 127.1 installs.hotbar.com O1 - Hosts: 127.1 www.hbdownloads.com O1 - Hosts: 127.1 static.zangocash.com O1 - Hosts: 127.1 www.qq-songli.cn O1 - Hosts: 127.1 aa.9234.net O1 - Hosts: 127.1 www.97love.info O1 - Hosts: 127.1 97love.info O1 - Hosts: 127.1 www.zyzhuiku.cn O1 - Hosts: 127.1 zyzhuiku.cn O1 - Hosts: 127.1 www.lang18.com O1 - Hosts: 127.1 lang18.com O1 - Hosts: 127.1 sao6666.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe O4 - HKLM\..\Run: [WinWZSys] C:\WINDOWS\547661CQWZ.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219522215203 O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBXY2.dll,HBSO2.dll,HBFY.dll,HBCONQUER.dll,HBSOUL.dll,HBC HIBI.dll,HBCT.dll,HBQQSG.dll,HBQQFFO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 6797 bytes task manager still isnt working but pc is running ok, just a little slow getting to this page
  13. Thanks Raid, my heart goes out to you and your family. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:35 PM, on 9/25/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\drivers\regvcs.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/ F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\regvcs.exe O1 - Hosts: 127.1 localhost O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn O1 - Hosts: 127.1 61.134.37.12 O1 - Hosts: 127.1 ko.ssa387.cn O1 - Hosts: 127.1 www.ndxrr.cn O1 - Hosts: 127.1 12345.ssa387.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 wwwwhf.cn O1 - Hosts: 127.1 a89369093.sq.u9idc.com O1 - Hosts: 127.1 www.mmd178.cn O1 - Hosts: 127.1 www.178mmd.cn O1 - Hosts: 127.1 www.wenzhuoyyy.cn O1 - Hosts: 127.1 tw.lovechina.tw.cn O1 - Hosts: 127.1 222.189.238.151 O1 - Hosts: 127.1 222.179.185.78 O1 - Hosts: 127.1 www.wq9q.cn O1 - Hosts: 127.1 593ffcey.cn O1 - Hosts: 127.1 set.yay520.cn O1 - Hosts: 127.1 tenmoc999.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 121.kcuf-01.com O1 - Hosts: 127.1 www.ew1q.cn O1 - Hosts: 127.1 www.b3sk.cn O1 - Hosts: 127.1 up.bizmd.cn O1 - Hosts: 127.1 www.ms2a.cn O1 - Hosts: 127.1 www.wo9188.cn O1 - Hosts: 127.1 www.fgetchr.cn O1 - Hosts: 127.1 www.e6zx.cn O1 - Hosts: 127.1 hai067.com O1 - Hosts: 127.1 hai088.com O1 - Hosts: 127.1 778899.jd8j.cn O1 - Hosts: 127.1 sql.78-11.net O1 - Hosts: 127.1 www.bbbirdy.com O1 - Hosts: 127.1 www.s1na1.com.cn O1 - Hosts: 127.1 www.dianyinjzd.cn O1 - Hosts: 127.1 www.dj5201314dj.com O1 - Hosts: 127.1 max-2.cn O1 - Hosts: 127.1 a.asp-o.cn O1 - Hosts: 127.1 b.asp-o.cn O1 - Hosts: 127.1 c.asp-o.cn O1 - Hosts: 127.1 x.kprobb.cn O1 - Hosts: 127.1 js.php-k.cn O1 - Hosts: 127.1 max-1.cn O1 - Hosts: 127.1 max-3.cn O1 - Hosts: 127.1 max-4.cn O1 - Hosts: 127.1 max-5.cn O1 - Hosts: 127.1 max-6.cn O1 - Hosts: 127.1 max-7.cn O1 - Hosts: 127.1 max-8.cn O1 - Hosts: 127.1 max-9.cn O1 - Hosts: 127.1 max-10.cn O1 - Hosts: 127.1 max-11.cn O1 - Hosts: 127.1 max-12.cn O1 - Hosts: 127.1 twocannon250.com.cn O1 - Hosts: 127.1 www.133mm.cn O1 - Hosts: 127.1 www.51vmm.cn O1 - Hosts: 127.1 www.7mmoo.cn O1 - Hosts: 127.1 www.99mmm.org.cn O1 - Hosts: 127.1 www.hdec.cn O1 - Hosts: 127.1 www.picc18.com O1 - Hosts: 127.1 www.kissdh.com O1 - Hosts: 127.1 www.x7v.cn O1 - Hosts: 127.1 biqulu.cn O1 - Hosts: 127.1 2008.qq2006.com.cn O1 - Hosts: 127.1 giaitrisex.com O1 - Hosts: 127.1 www.giaitrisex.com O1 - Hosts: 127.1 www.giaitrituoitre.net O1 - Hosts: 127.1 mekiep.com O1 - Hosts: 127.1 www.1sex1day.com O1 - Hosts: 127.1 a.9ymm.com O1 - Hosts: 127.1 bobo.7wyt.com O1 - Hosts: 127.1 www.591caobi.cn O1 - Hosts: 127.1 www.hrz008.cn O1 - Hosts: 127.1 asp-15.cn O1 - Hosts: 127.1 asp-12.cn O1 - Hosts: 127.1 www.jb88.net O1 - Hosts: 127.1 6.a88a.com O1 - Hosts: 127.1 w.b2c3.cn O1 - Hosts: 127.1 m.c5x8.com O1 - Hosts: 127.1 www.518sfw.cn O1 - Hosts: 127.1 www.jjyyzmj.cn O1 - Hosts: 127.1 u.cnmrx.net O1 - Hosts: 127.1 duowan.czm.cn O1 - Hosts: 127.1 xccxcxcxcxcx.cn O1 - Hosts: 127.1 google-yahoo.org.cn O1 - Hosts: 127.1 tudou-net.org.cn O1 - Hosts: 127.1 downloads.zango.com O1 - Hosts: 127.1 ftp.surfnet.nl O1 - Hosts: 127.1 bis.180solutions.com O1 - Hosts: 127.1 installs.hotbar.com O1 - Hosts: 127.1 www.hbdownloads.com O1 - Hosts: 127.1 static.zangocash.com O1 - Hosts: 127.1 www.qq-songli.cn O1 - Hosts: 127.1 aa.9234.net O1 - Hosts: 127.1 www.97love.info O1 - Hosts: 127.1 97love.info O1 - Hosts: 127.1 www.zyzhuiku.cn O1 - Hosts: 127.1 zyzhuiku.cn O1 - Hosts: 127.1 www.lang18.com O1 - Hosts: 127.1 lang18.com O1 - Hosts: 127.1 sao6666.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe O4 - HKLM\..\Run: [WinWZSys] C:\WINDOWS\547661CQWZ.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219522215203 O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBXY2.dll,HBFY.dll,HBCONQUER.dll,HBSOUL.dll,HBCT.dll,HBQQ SG.dll,HBQQFFO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7129 bytes pc is running a little better, task manager is running this time around, there is a new app in c:, I believe I mentioned it in the above post and I already uploaded it to the site
  14. I dont think so Raid... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:51:33 PM, on 9/22/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\drivers\regvcs.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\mduaeyk.exe c:\3j5r5e3j6c2.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/ F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\regvcs.exe O1 - Hosts: 127.1 localhost O1 - Hosts: 127.1 vt0r48p760.cn O1 - Hosts: 127.1 www.1txx.com O1 - Hosts: 127.1 www.myovec.cn O1 - Hosts: 127.1 po.uc-us.cn O1 - Hosts: 127.1 219.139.83.20 O1 - Hosts: 127.1 www.msj007.cn O1 - Hosts: 127.1 www.wyf009.cn O1 - Hosts: 127.1 219.153.71.185 O1 - Hosts: 127.1 59.34.148.68 O1 - Hosts: 127.1 208.43.165.86 O1 - Hosts: 127.1 208.43.166.171 O1 - Hosts: 127.1 219.153.71.185 O1 - Hosts: 127.1 61.164.140.39 O1 - Hosts: 127.1 www.dsabh.cnwww.dsabh.cn O1 - Hosts: 127.1 cwk1237.3322.org O1 - Hosts: 127.1 www.woaigan.com O1 - Hosts: 127.1 munchkin.marketo.net O1 - Hosts: 127.1 post.marketo.net O1 - Hosts: 127.1 www.mv2z.cn O1 - Hosts: 127.1 www.91vva.cn O1 - Hosts: 127.1 www.wq9q.cn O1 - Hosts: 127.1 facaizhifuok.cn O1 - Hosts: 127.1 www.wo9188.cn O1 - Hosts: 127.1 a.woaigan.com O1 - Hosts: 127.1 b.woaigan.com O1 - Hosts: 127.1 xxx.usxx.info O1 - Hosts: 127.1 alenxya.1122mb.com O1 - Hosts: 127.1 www.972se.com O1 - Hosts: 127.1 972se.com O1 - Hosts: 127.1 pic.03wyt.com O1 - Hosts: 127.1 d.03wyt.com O1 - Hosts: 127.1 xs.03wyt.com O1 - Hosts: 127.1 www.8jse.net O1 - Hosts: 127.1 8jse.net O1 - Hosts: 127.1 www.bmwtvb.cn O1 - Hosts: 127.1 www.kcuf-09.cn O1 - Hosts: 127.1 www.dvgdfg4650.com O1 - Hosts: 127.1 www.kcuf-08.cn O1 - Hosts: 127.1 www.kcuf-11.cn O1 - Hosts: 127.1 www.kcuf-12.cn O1 - Hosts: 127.1 1aa1aa.com O1 - Hosts: 127.1 xx.avno3.com O1 - Hosts: 127.1 xxx.avno5.com O1 - Hosts: 127.1 www.avno7.com O1 - Hosts: 127.1 avno7.com O1 - Hosts: 127.1 ok.avno4.com O1 - Hosts: 127.1 ok.avno5.com O1 - Hosts: 127.1 ok.avno6.com O1 - Hosts: 127.1 ok.avno7.com O1 - Hosts: 127.1 ok.avno9.com O1 - Hosts: 127.1 avno1.com O1 - Hosts: 127.1 avno3.com O1 - Hosts: 127.1 avno4.com O1 - Hosts: 127.1 aikanav.com O1 - Hosts: 127.1 link.selink.org O1 - Hosts: 127.1 www.avno6.com O1 - Hosts: 127.1 avno6.com O1 - Hosts: 127.1 4.chibbs.info O1 - Hosts: 127.1 bbs.chibbs.info O1 - Hosts: 127.1 aa.ss99.biz O1 - Hosts: 127.1 se.ss99.biz O1 - Hosts: 127.1 aa.sxlk.net O1 - Hosts: 127.1 se.sxlk99.com O1 - Hosts: 127.1 www.88xj.net O1 - Hosts: 127.1 88xj.net O1 - Hosts: 127.1 www.99xj.net O1 - Hosts: 127.1 99xj.net O1 - Hosts: 127.1 www.91semi.com O1 - Hosts: 127.1 91semi.com O1 - Hosts: 127.1 haobaidu.1122mb.com O1 - Hosts: 127.1 xiao777.za.pl O1 - Hosts: 127.1 ccavo6.avno6.com O1 - Hosts: 127.1 a.sxlk99.com O1 - Hosts: 127.1 www.91vva.cn O1 - Hosts: 127.1 www.qq08w12.cn O1 - Hosts: 127.1 www.21xx.info O1 - Hosts: 127.1 php-1.cn O1 - Hosts: 127.1 www.v232.com O1 - Hosts: 127.1 php-2.cn O1 - Hosts: 127.1 php-3.cn O1 - Hosts: 127.1 php-4.cn O1 - Hosts: 127.1 php-5.cn O1 - Hosts: 127.1 php-6.cn O1 - Hosts: 127.1 php-7.cn O1 - Hosts: 127.1 php-8.cn O1 - Hosts: 127.1 php-9.cn O1 - Hosts: 127.1 php-10.cn O1 - Hosts: 127.1 php-11.cn O1 - Hosts: 127.1 k.5x2x.com O1 - Hosts: 127.1 a.5x2x.com O1 - Hosts: 127.1 202.108.23.205 O1 - Hosts: 127.1 60.190.218.21 O1 - Hosts: 127.1 121.14.154.195 O1 - Hosts: 127.1 218.30.82.201 O1 - Hosts: 127.1 59.34.198.48 O1 - Hosts: 127.1 121.14.154.216 O1 - Hosts: 127.1 219.152.120.237 O1 - Hosts: 127.1 121.14.154.184 O1 - Hosts: 127.1 125.67.67.201 O1 - Hosts: 127.1 222.168.102.12 O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [HBService32] System.exe O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main O4 - HKLM\..\Run: [regvcs.exe] C:\WINDOWS\system32\drivers\regvcs.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\547661M.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219522215203 O20 - AppInit_DLLs: mduaey.dll zosdof.dll micsus.dll stepps.dll lensch.dll comboaus.dll jolndyo.dll aotoppt.dll pewire.dll catower.dll wllame.dll O21 - SSODL: nauqskuc.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\System32\fdnxdfix.dll O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - C:\WINDOWS\sysocmgr.dll O21 - SSODL: xvoxwesl.dll - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} - C:\WINDOWS\System32\xvoxwesl.dll O21 - SSODL: dsccuodg.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\System32\irapqlzk.dll O21 - SSODL: gcxpmpwr.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\System32\gcxpmpwr.dll O21 - SSODL: nptaqjhn.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\System32\fwjraiqh.dll O21 - SSODL: tcpstksq.dll - {D1CC9DC6-F0BC-40fc-9552-E497B05E05B8} - C:\WINDOWS\System32\sornmfcq.dll O21 - SSODL: axmdemdl.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\System32\fdnxdfix.dll O21 - SSODL: dzgqomvw.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\System32\jnpdngai.dll O21 - SSODL: qhytdhjn.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\System32\cieyfdzc.dll O21 - SSODL: trbzviby.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\System32\fsyexdrn.dll O21 - SSODL: uyefqglo.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\System32\zqrnrexc.dll O21 - SSODL: nttbhksi.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\System32\mugdddmy.dll O21 - SSODL: qdvgadkt.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\System32\qdvgadkt.dll O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll O21 - SSODL: irapqlzk.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\System32\irapqlzk.dll O21 - SSODL: sornmfcq.dll - {D1CC9DC6-F0BC-40fc-9552-E497B05E05B8} - C:\WINDOWS\System32\sornmfcq.dll O21 - SSODL: fwjraiqh.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\System32\fwjraiqh.dll O21 - SSODL: zqrnrexc.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\System32\zqrnrexc.dll O21 - SSODL: fdnxdfix.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\System32\fdnxdfix.dll O21 - SSODL: jnpdngai.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\System32\jnpdngai.dll O21 - SSODL: cieyfdzc.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\System32\cieyfdzc.dll O21 - SSODL: fsyexdrn.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\System32\fsyexdrn.dll O21 - SSODL: mugdddmy.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\System32\mugdddmy.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10232 bytes this is all thanks to "my next charge"! Someone's been busy while I've been away 1.)Task manager doesnt work2.)internet/overall performance is slower3.)new app has been created in c: Thanks for everything Raid, really, but unless this can be fixed tonight, this has all been a waste. I might get at you when I get out though since the pc still wont be clean. Pray for me bro
  15. Here they go... MBAM: Malwarebytes' Anti-Malware 1.28 Database version: 1185 Windows 5.1.2600 Service Pack 1 9/21/2008 11:21:09 AM mbam-log-2008-09-21 (11-21-09).txt Scan type: Quick Scan Objects scanned: 49960 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 10 Registry Keys Infected: 15 Registry Values Infected: 18 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 30 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\flutjbcw.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\avicapwm.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\voedogzi.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\mncshawz.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\twnxpxba.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\gpuubunj.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\jkltrxoe.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{da1de019-a6a8-ed40-4b87-248b2a93de99} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-292a3d48be99} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{eb9660d8-e1cd-4ff0-b4a9-00cd907f928a} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6b9fead7-4319-4312-ab05-d8c9cd255bfe} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{434fa69c-5f0a-42e1-82b8-10af2c8e53c6} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{71a78cd4-e470-4a18-8457-e0e0283dd507} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2cb77746-8ecc-40ca-8217-10ca8be5efc8} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d3112b69-a745-4805-874e-abd480ea1299} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0930a2f-d971-4828-8209-b7dfd266ed44} (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\thunderadvise (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysocmgr (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\desktopwin (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{eb9660d8-e1cd-4ff0-b4a9-00cd907f928a} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\flutjbcw.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6b9fead7-4319-4312-ab05-d8c9cd255bfe} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\avicapwm.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{434fa69c-5f0a-42e1-82b8-10af2c8e53c6} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\voedogzi.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{71a78cd4-e470-4a18-8457-e0e0283dd507} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mncshawz.dll (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2cb77746-8ecc-40ca-8217-10ca8be5efc8} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\twnxpxba.dll (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d3112b69-a745-4805-874e-abd480ea1299} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gpuubunj.dll (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f0930a2f-d971-4828-8209-b7dfd266ed44} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\jkltrxoe.dll (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3PMmUpdate (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\sysocmgr.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\AppPatch\DesktopWin.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\flutjbcw.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\avicapwm.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\voedogzi.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\mncshawz.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\twnxpxba.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\gpuubunj.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\jkltrxoe.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\linkinfo.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\wllame.dll (Trojan.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cdralw.sys (Trojan.Alman) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IJIFYLEL\24[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IJIFYLEL\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MLIVMJY9\1b[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MLIVMJY9\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MLIVMJY9\abb[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MLIVMJY9\d[1].gif (Virus.Alman) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PW7UHY51\10[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PW7UHY51\25[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PW7UHY51\29[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SROZ4X6N\23[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SROZ4X6N\update[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SROZ4X6N\27[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SROZ4X6N\b[1].gif (Spyware.OnLineGames) -> Quarantined and deleted successfully. C:\WINDOWS\Update.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\System.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> Delete on reboot. HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:56 AM, on 9/21/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/ O1 - Hosts: 127.1 localhost O1 - Hosts: 127.1 vt0r48p760.cn O1 - Hosts: 127.1 www.1txx.com O1 - Hosts: 127.1 www.myovec.cn O1 - Hosts: 127.1 po.uc-us.cn O1 - Hosts: 127.1 219.139.83.20 O1 - Hosts: 127.1 www.msj007.cn O1 - Hosts: 127.1 www.wyf009.cn O1 - Hosts: 127.1 219.153.71.185 O1 - Hosts: 127.1 59.34.148.68 O1 - Hosts: 127.1 208.43.165.86 O1 - Hosts: 127.1 208.43.166.171 O1 - Hosts: 127.1 219.153.71.185 O1 - Hosts: 127.1 61.164.140.39 O1 - Hosts: 127.1 www.dsabh.cnwww.dsabh.cn O1 - Hosts: 127.1 cwk1237.3322.org O1 - Hosts: 127.1 www.woaigan.com O1 - Hosts: 127.1 munchkin.marketo.net O1 - Hosts: 127.1 post.marketo.net O1 - Hosts: 127.1 www.mv2z.cn O1 - Hosts: 127.1 www.91vva.cn O1 - Hosts: 127.1 www.wq9q.cn O1 - Hosts: 127.1 facaizhifuok.cn O1 - Hosts: 127.1 www.wo9188.cn O1 - Hosts: 127.1 a.woaigan.com O1 - Hosts: 127.1 b.woaigan.com O1 - Hosts: 127.1 xxx.usxx.info O1 - Hosts: 127.1 alenxya.1122mb.com O1 - Hosts: 127.1 www.972se.com O1 - Hosts: 127.1 972se.com O1 - Hosts: 127.1 pic.03wyt.com O1 - Hosts: 127.1 d.03wyt.com O1 - Hosts: 127.1 xs.03wyt.com O1 - Hosts: 127.1 www.8jse.net O1 - Hosts: 127.1 8jse.net O1 - Hosts: 127.1 www.bmwtvb.cn O1 - Hosts: 127.1 www.kcuf-09.cn O1 - Hosts: 127.1 www.dvgdfg4650.com O1 - Hosts: 127.1 www.kcuf-08.cn O1 - Hosts: 127.1 www.kcuf-11.cn O1 - Hosts: 127.1 www.kcuf-12.cn O1 - Hosts: 127.1 1aa1aa.com O1 - Hosts: 127.1 xx.avno3.com O1 - Hosts: 127.1 xxx.avno5.com O1 - Hosts: 127.1 www.avno7.com O1 - Hosts: 127.1 avno7.com O1 - Hosts: 127.1 ok.avno4.com O1 - Hosts: 127.1 ok.avno5.com O1 - Hosts: 127.1 ok.avno6.com O1 - Hosts: 127.1 ok.avno7.com O1 - Hosts: 127.1 ok.avno9.com O1 - Hosts: 127.1 avno1.com O1 - Hosts: 127.1 avno3.com O1 - Hosts: 127.1 avno4.com O1 - Hosts: 127.1 aikanav.com O1 - Hosts: 127.1 link.selink.org O1 - Hosts: 127.1 www.avno6.com O1 - Hosts: 127.1 avno6.com O1 - Hosts: 127.1 4.chibbs.info O1 - Hosts: 127.1 bbs.chibbs.info O1 - Hosts: 127.1 aa.ss99.biz O1 - Hosts: 127.1 se.ss99.biz O1 - Hosts: 127.1 aa.sxlk.net O1 - Hosts: 127.1 se.sxlk99.com O1 - Hosts: 127.1 www.88xj.net O1 - Hosts: 127.1 88xj.net O1 - Hosts: 127.1 www.99xj.net O1 - Hosts: 127.1 99xj.net O1 - Hosts: 127.1 www.91semi.com O1 - Hosts: 127.1 91semi.com O1 - Hosts: 127.1 haobaidu.1122mb.com O1 - Hosts: 127.1 xiao777.za.pl O1 - Hosts: 127.1 ccavo6.avno6.com O1 - Hosts: 127.1 a.sxlk99.com O1 - Hosts: 127.1 www.91vva.cn O1 - Hosts: 127.1 www.qq08w12.cn O1 - Hosts: 127.1 www.21xx.info O1 - Hosts: 127.1 php-1.cn O1 - Hosts: 127.1 www.v232.com O1 - Hosts: 127.1 php-2.cn O1 - Hosts: 127.1 php-3.cn O1 - Hosts: 127.1 php-4.cn O1 - Hosts: 127.1 php-5.cn O1 - Hosts: 127.1 php-6.cn O1 - Hosts: 127.1 php-7.cn O1 - Hosts: 127.1 php-8.cn O1 - Hosts: 127.1 php-9.cn O1 - Hosts: 127.1 php-10.cn O1 - Hosts: 127.1 php-11.cn O1 - Hosts: 127.1 k.5x2x.com O1 - Hosts: 127.1 a.5x2x.com O1 - Hosts: 127.1 202.108.23.205 O1 - Hosts: 127.1 60.190.218.21 O1 - Hosts: 127.1 121.14.154.195 O1 - Hosts: 127.1 218.30.82.201 O1 - Hosts: 127.1 59.34.198.48 O1 - Hosts: 127.1 121.14.154.216 O1 - Hosts: 127.1 219.152.120.237 O1 - Hosts: 127.1 121.14.154.184 O1 - Hosts: 127.1 125.67.67.201 O1 - Hosts: 127.1 222.168.102.12 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [HBService32] System.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wrm32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wrm32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219522215203 O20 - AppInit_DLLs: mduaey.dll eskisl.dll lensch.dll micsus.dll cupops.dll jolndyo.dll johandy.dll aotoppt.dll pewire.dll comboaus.dll catower.dll wllame.dll,HBmhly.dll,HB1000Y.dll,HBXY2.dll,HBFY.dll,HBCONQUER.dll,HBSOUL.dll,HB CT.dll,HBQQSG.dll,HBQQFFO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7245 bytes more files keep poppin up in that "avenger" folder in c:, and wont be deleted. Computer's still running fine though
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.