Jump to content

Nimmey

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:43 PM, on 2/28/2010 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\SysWOW64\CTsvcCDA.EXE C:\Program Files (x86)\Java\jre6\bin\jqs.exe C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\BitTorrent\bittorrent.exe C:\Program Files (x86)\Songbird\songbird.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/ O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bionix Wallpaper] "C:\Program Files (x86)\Bionix Wallpaper.exe" O4 - HKCU\..\Run: [sun Microsystems] C:\Documents and Settings\Administrator\Application Data\Microsoft\jusched.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: UltraMon.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249755127828 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 7349 bytes everything seems to be running smoothly, no more site redirecting or IE invisibly running
  2. Malwarebytes' Anti-Malware 1.44 Database version: 3806 Windows 5.2.3790 Service Pack 2 Internet Explorer 8.0.6001.18702 2/28/2010 9:45:37 AM mbam-log-2010-02-28 (09-45-37).txt Scan type: Quick Scan Objects scanned: 117072 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 19 Memory Processes Infected: C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe (Trojan.Clicker) -> Unloaded process successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\msinits.exe (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remote system protection (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\msinits.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc10.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc11.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc22.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc24.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc7.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc8.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc9.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\cmd.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\debug.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\smss.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\vwwixjz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\mswintmp.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. ESET scanner log... ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=7f4962279c46c64c87b8259c2c1c2216 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-02-28 04:20:02 # local_time=2010-02-28 10:20:02 (-0600, Central Standard Time) # country="United States" # lang=9 # osver=5.2.3790 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 490044 490044 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=58007 # found=1 # cleaned=1 # scan_time=1677 C:\WINDOWS\system32\BjJEMdNb8b.txt probably a variant of Win32/Injector.APK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  3. 2010-02-27,14:14:11 System Repair Engineer 2.8.2.1321 Smallfrogs (http://www.KZTechs.com) Windows XP Professional x64 Edition (null)Service Pack 2 (Build 3790) - Administrative User - Completed Functions Allowed Follow item(s) have been selected: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Running Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Scheduled Tasks Windows Security Update Check API HOOK Hidden Process Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Creative Detector><C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R> [Creative Technology Ltd] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher] <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG] <Steam><"c:\program files (x86)\steam\steam.exe" -silent> [(Verified)Valve] <Aim6><"C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp> [(Verified)AOL LLC] <NCsoft Launcher><C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized> [File is missing] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher] <Google Update><"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c> [(Verified)Google Inc] <Bionix Wallpaper><"C:\Program Files (x86)\Bionix Wallpaper.exe"> [File is missing] <Sun Microsystems><C:\Documents and Settings\Administrator\Application Data\Microsoft\jusched.exe> [] <Remote System Protection><rundll32.exe C:\WINDOWS\SysWow64\t6al8.dll, HUI_proc> [] <uishf9wuifwuh387fh3wufinhjfdwefe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\du2t21o4u4.exe> [File is missing] <asg984jgkfmgasi8ug98jgkfgfb><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win32.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Adobe Reader Speed Launcher><"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)Adobe Systems, Incorporated] <CTSysVol><"C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r> [Creative Technology Ltd] <P17Helper><Rundll32 P17.dll,P17Helper> [N/A] <UpdReg><C:\WINDOWS\UpdReg.EXE> [Creative Technology Ltd.] <RemoteControl><"C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.] <NWEReboot><> [N/A] <NeroFilterCheck><"C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe"> [Nero AG] <SunJavaUpdateSched><"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"> [(Verified)Sun Microsystems, Inc.] <amd_dc_opt><C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe> [AMD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher] <UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <PostBootReminder><%SystemRoot%\syswow64\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <CDBurn><%SystemRoot%\syswow64\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows] <SysTray><C:\WINDOWS\SysWOW64\stobject.dll> [(Verified)Microsoft Windows Component Publisher] <kibutobib><c:\windows\SysWow64\folopaga.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <WinlogonNotify: dimsntfy><dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS] <WinlogonNotify: EFS><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] <WinlogonNotify: ScCertProp><wlnotify.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] <WinlogonNotify: Schedule><wlnotify.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] <WinlogonNotify: SensLogn><WlNotify.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] <WinlogonNotify: wlballoon><wlnotify.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\SysWOW64\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\SysWOW64\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{A3BA40A2-74F0-42BD-F434-00B15A2C8953}><C:\WINDOWS\SysWow64\t6al8.dll> [] <{298435ac-e9a1-4e09-9f78-f0609dca15e8}><c:\windows\SysWow64\folopaga.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] <Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <N/A><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] <Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><c:\WINDOWS\SysWOW64\Rundll32.exe c:\WINDOWS\SysWOW64\mscories.dll,Install> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\WINDOWS\UltraMon.scr> [Realtime Soft Ltd] ================================== Startup Folders [UltraMon] <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk --> C:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico [N/A]><N> ================================== Services [Alerter / Alerter][Stopped/Disabled] <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\system32\alrsvc.dll><N/A> [Background Intelligent Transfer Service / BITS][Running/Auto Start] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qmgr.dll><N/A> [Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start] <C:\WINDOWS\system32\CTsvcCDA.EXE><Creative Technology Ltd> [DCOM Server Process Launcher / DcomLaunch][Running/Auto Start] <C:\WINDOWS\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A> [Java Quick Starter / JavaQuickStarterService][Running/Auto Start] <"C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.> [Server / lanmanserver][Running/Auto Start] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><N/A> [Workstation / lanmanworkstation][Running/Auto Start] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><N/A> [Messenger / Messenger][Stopped/Disabled] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\msgsvc.dll><N/A> [nProtect GameGuard Service / npggsvc][Stopped/Manual Start] <C:\WINDOWS\system32\GameMon.des -service><(File is missing)> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\system32\nvsvc64.exe><NVIDIA Corporation> [Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start] <"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation> ================================== Drivers [AMD K8 Processor Driver / AmdK8][Running/Manual Start] <system32\DRIVERS\amdk8.sys><Advanced Micro Devices> [AMD Low Level Device Driver / AmdLLD64][Running/Manual Start] <system32\DRIVERS\AmdLLD64.sys><AMD, Inc.> [CdaC15BA / CdaC15BA][Running/Auto Start] <system32\DRIVERS\CdaC15BA.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [CdaD10BA / CdaD10BA][Running/Auto Start] <system32\DRIVERS\CdaD10BA.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [cpuz132 / cpuz132][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x64.sys><N/A> [Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start] <system32\DRIVERS\ctsfm2k.sys><Creative Technology Ltd> [dump_wmimmc / dump_wmimmc][Stopped/Manual Start] <\??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys><N/A> [fmfdisk / fmfdisk][Stopped/Manual Start] <\??\C:\WINDOWS\system32\fmfdisk.sys><N/A> [GEAR ASPI Filter Driver / GEARAspiWDM][Stopped/Manual Start] <System32\Drivers\GEARAspiWDM.sys><N/A> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] <system32\DRIVERS\ipinip.sys><N/A> [NPPTNT2 / NPPTNT2][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npptNT2.sys><N/A> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [nvatabus / nvatabus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation> [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation> [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation> [Creative OS Services Driver / ossrv][Running/Manual Start] <system32\DRIVERS\ctoss2k.sys><Creative Technology Ltd.> [Sound Blaster Audigy / P1764][Running/Manual Start] <system32\drivers\P1764.sys><Creative Technology Ltd.> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Security Driver / Secdrv][Running/Auto Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> ================================== Browser Add-ons [C:\WINDOWS\SysWow64\t6al8.dll] {A3BA40A2-74F0-42BD-F434-00B15A2C8953} <C:\WINDOWS\SysWow64\t6al8.dll, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\SysWow64\wuweb.dll, (Signed) Microsoft Corporation> [Java Plug-in 1.6.0_18] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll, (Signed) > [Java Plug-in 1.6.0_18] {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} <C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll, (Signed) > [Java Plug-in 1.6.0_18] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files (x86)\Java\jre6\bin\npjpi160_18.dll, (Signed) Sun Microsystems, Inc.> [] {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, > [] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, > [Adobe PDF Link Helper] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation> [] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\SysWow64\wuweb.dll, (Signed) Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\syswow64\wmp.dll, Microsoft Corporation> [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation> [XML DOM Document 6.0] {88D96A05-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\SysWOW64\msxml6.dll, (Signed) Microsoft Corporation> [Free Threaded XML DOM Document 6.0] {88D96A06-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\SysWOW64\msxml6.dll, (Signed) Microsoft Corporation> [XSL Template 6.0] {88D96A08-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\SysWOW64\msxml6.dll, (Signed) Microsoft Corporation> [C:\WINDOWS\SysWow64\t6al8.dll] {A3BA40A2-74F0-42BD-F434-00B15A2C8953} <C:\WINDOWS\SysWow64\t6al8.dll, N/A> [Adobe PDF Reader] {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.> [Microsoft Url Search Hook] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SysWow64\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.> [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll, (Signed) Microsoft Corporation> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\SysWOW64\msxml3.dll, (Signed) Microsoft Corporation> [Google Update Plugin] {F3FFF5F4-A643-447E-A5A5-0B5F760C7F4A} <C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll, (Signed) Google Inc.> [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > ================================== Running Processes [PID: 1440 / Administrator][C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe] [Creative Technology Ltd, 3.0.2.0] [C:\Program Files (x86)\Creative\MediaSource\Detector\CTIntrfc.dll] [Creative Technology Ltd, 2.1.0.0] [C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.Crl] [Creative Technology Ltd, 2.1.0.0] [C:\Program Files (x86)\Creative\MediaSource\Detector\DtctrMgr.det] [Creative Technology Ltd, 3.0.2.0] [C:\Program Files (x86)\Creative\MediaSource\Detector\Hdd.det] [Creative Technology Ltd, 1.0.6.0] [C:\Program Files (x86)\Creative\Shared Files\ThmRes.DLL] [Creative Technology Ltd, 2.0.12.0] [C:\Program Files (x86)\Creative\Shared Files\CTIniF.dll] [Creative Technology Ltd, 1.1.0.0] [C:\Program Files (x86)\Creative\MediaSource\Detector\Disc.det] [Creative Technology Ltd, 2.4.2.0] [PID: 1476 / Administrator][C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 2, 0, 13] [C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files (x86)\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 3,15,1, 6800] [C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 2, 0, 13] [C:\Program Files (x86)\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 2, 0, 13] [PID: 1576 / Administrator][C:\WINDOWS\SysWOW64\ctfmon.exe] [(Verified) Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)] [PID: 1804 / SYSTEM][C:\WINDOWS\SysWOW64\CTsvcCDA.EXE] [Creative Technology Ltd, 1.0.1.0] [PID: 1932 / SYSTEM][C:\Program Files (x86)\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.180.7] [C:\Program Files (x86)\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [PID: 288 / Administrator][C:\WINDOWS\SysWOW64\rundll32.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)] [C:\WINDOWS\SysWow64\t6al8.dll] [N/A, ] [PID: 124 / Administrator][C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe] [Creative Technology Ltd, 1.4.2.0] [C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.crl] [Creative Technology Ltd, 1.4.1.0] [C:\Program Files (x86)\Creative\Shared Files\CTTheme.dll] [Creative Technology Ltd, 3.1.3.0] [C:\Program Files (x86)\Creative\Shared Files\CtrlSrc.dll] [Creative Technology Ltd, 2.0.12.0] [C:\Program Files (x86)\Creative\Shared Files\CTIniF.dll] [Creative Technology Ltd, 1.1.0.0] [C:\Program Files (x86)\Creative\Shared Files\GDICtrl.skc] [Creative Technology Ltd, 3.1.18.0] [C:\Program Files (x86)\Creative\Shared Files\GDICtrl2.skc] [Creative Technology Ltd, 3.0.14.0] [C:\Program Files (x86)\Creative\Shared Files\GDICtrl3.skc] [Creative Technology Ltd, 3.1.4.0] [C:\Program Files (x86)\Creative\Shared Files\RtxCtrl.skc] [Creative Technology Ltd, 3.1.3.0] [C:\Program Files (x86)\Creative\Shared Files\mxlib.dll] [Creative Technology Ltd., 1.00.0.13] [PID: 704 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)] [C:\WINDOWS\system32\P17.dll] [, 1.0.1.41] [PID: 788 / Administrator][C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0000] [C:\Program Files (x86)\CyberLink\Shared Files\CLRCEngine2.dll] [CyberLink Corp., 3.20.0000] [PID: 2192 / SYSTEM][C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe] [Viewpoint Corporation, 2, 0, 0, 54] [PID: 2204 / Administrator][C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] [Sun Microsystems, Inc., 2.0.1.2] [PID: 2260 / NETWORK SERVICE][C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\syswow64\wmp.dll] [Microsoft Corporation, 11.0.5721.5268 (WMP_11.090713-1703)] [PID: 2812 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0] [PID: 2108 / Administrator][C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe] [Realtime Soft Ltd, 1.1.1.0] [C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInteropPS.dll] [Realtime Soft Ltd, 1.1.1.0] [C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0] [PID: 2916 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win32.exe] [N/A, ] [PID: 2940 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cmd.exe] [N/A, ] [PID: 2964 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\debug.exe] [N/A, ] [PID: 1132 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msinits.exe] [N/A, ] [PID: 1820 / Administrator][C:\Program Files (x86)\Songbird\songbird.exe] [POTI, Inc., 1.9.0.14] [C:\Program Files (x86)\Songbird\xulrunner\nspr4.dll] [Mozilla Foundation, 4.7.5] [C:\Program Files (x86)\Songbird\xulrunner\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000] [C:\Program Files (x86)\Songbird\xulrunner\plc4.dll] [Mozilla Foundation, 4.7.5] [C:\Program Files (x86)\Songbird\xulrunner\plds4.dll] [Mozilla Foundation, 4.7.5] [C:\Program Files (x86)\Songbird\xulrunner\sqlite3.dll] [sqlite.org, 3.6.10] [C:\Program Files (x86)\Songbird\xulrunner\nssutil3.dll] [Mozilla Foundation, 3.12.3.1] [C:\Program Files (x86)\Songbird\xulrunner\softokn3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC] [C:\Program Files (x86)\Songbird\xulrunner\nss3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC] [C:\Program Files (x86)\Songbird\xulrunner\ssl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC] [C:\Program Files (x86)\Songbird\xulrunner\smime3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC] [C:\Program Files (x86)\Songbird\xulrunner\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files (x86)\Songbird\xulrunner\xul.dll] [Mozilla Foundation, 1.9.0.14] [C:\Program Files (x86)\Songbird\xulrunner\xpcom.dll] [Mozilla Foundation, 1.9.0.14] [C:\Program Files (x86)\Songbird\components\sbThreadPoolService.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbLocalDatabaseLibrary.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbDeviceFirmwareUpdater.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbDeviceManager2.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbLibraryManager.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbMediaExport.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbMediaManager.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbMediacoreManager.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbDeviceManager.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbPlaybackHistoryService.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbSQLBuilder.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbPlaylistCommands.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbWatchFolderService.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbWin32FileSystemEvents.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbAlbumArt.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbProxiedServices.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbStrings.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbIntl.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbWindowWatcher.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbMetadataModule.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbGStreamerStub.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\charset.dll] [Free Software Foundation, 1.2] [C:\Program Files (x86)\Songbird\lib\iconv.dll] [Free Software Foundation, 1.9] [C:\Program Files (x86)\Songbird\lib\intl.dll] [Free Software Foundation, 0.14.5] [C:\Program Files (x86)\Songbird\lib\libglib-2.0-0.dll] [The GLib developer community, 2.16.6.0] [C:\Program Files (x86)\Songbird\lib\libgmodule-2.0-0.dll] [The GLib developer community, 2.16.6.0] [C:\Program Files (x86)\Songbird\lib\libgobject-2.0-0.dll] [The GLib developer community, 2.16.6.0] [C:\Program Files (x86)\Songbird\lib\libgthread-2.0-0.dll] [The GLib developer community, 2.16.6.0] [C:\Program Files (x86)\Songbird\lib\ogg-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\theoradec-1.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\theoraenc-1.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\vorbis-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\vorbisenc-2.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\vorbisfile-3.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\FLAC-8.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstreamer-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstbase-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstdataprotocol-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstcontroller-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstinterfaces-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstaudio-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gsttag-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstcdda-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstfft-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstnetbuffer-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstpbutils-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstriff-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstrtp-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstrtsp-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstsdp-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\gstvideo-0.10-0.dll] [N/A, ] [C:\Program Files (x86)\Songbird\lib\sbGStreamerMediacore.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstacmmp3dec.dll] [N/A, ] [C:\WINDOWS\SysWOW64\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [C:\Program Files (x86)\Songbird\gst-plugins\gstadder.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstadpcmdec.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstaiffparse.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstalaw.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstapetag.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstasf.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstasfmux.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstaudioconvert.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstaudiofx.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstaudiorate.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstaudioresample.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstaudiotestsrc.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstauparse.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstautodetect.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstcoreelements.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstcoreindexers.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstcutter.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstdecodebin.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstdecodebin2.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstdirectsoundsink.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstdmoenc.dll] [N/A, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstdshowdecwrapper.dll] [N/A, ] [C:\WINDOWS\system32\l3codecx.ax] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50] [C:\WINDOWS\SysWOW64\quartz.dll] [, ] [C:\WINDOWS\SysWOW64\devenum.dll] [, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstequalizer.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstflac.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gsticydemux.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstid3demux.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstid3tag.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstlevel.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstmozillasrc.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstmpegaudioparse.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstmulaw.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstmultipart.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstogg.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstplaybin.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstqtdemux.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstqueue2.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstreplaygain.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstrtp.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstrtpmanager.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstrtsp.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstsdpelem.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstselector.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstspectrum.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gsttypefindfunctions.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstudp.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstvolume.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstvorbis.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstwavenc.dll] [N/A, ] [C:\Program Files (x86)\Songbird\gst-plugins\gstwavparse.dll] [N/A, ] [C:\Documents and Settings\Administrator\Application Data\Songbird2\Profiles\moqok1wy.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbdataremote.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbDBEngine.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbProperties.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbDownloadDevice.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbxpcom.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbiTunesMediaImport.dll] [N/A, ] [C:\Program Files (x86)\Songbird\xulrunner\nssdbm3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC] [C:\Program Files (x86)\Songbird\xulrunner\freebl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC] [C:\Program Files (x86)\Songbird\xulrunner\nssckbi.dll] [Mozilla Foundation, 1.75] [C:\Program Files (x86)\Songbird\components\sbMozVariant.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbCDDevice.dll] [N/A, ] [C:\Documents and Settings\Administrator\Application Data\Songbird2\Profiles\moqok1wy.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbMediaSniffer.dll] [N/A, ] [C:\Program Files (x86)\Songbird\components\sbIntegration.dll] [N/A, ] [C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0] [C:\WINDOWS\syswow64\WMASF.DLL] [Microsoft Corporation, 11.0.5721.5238 (WMP_11.071025-0642)] [C:\WINDOWS\syswow64\wmp.dll] [Microsoft Corporation, 11.0.5721.5268 (WMP_11.090713-1703)] [C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ] [PID: 740 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ] [C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\gears.dll] [Google Inc., 0.5.33.0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\rlz.dll] [N/A, ] [PID: 452 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avcodec-52.dll] [N/A, ] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avutil-50.dll] [N/A, ] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avformat-52.dll] [N/A, ] [PID: 976 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avcodec-52.dll] [N/A, ] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avutil-50.dll] [N/A, ] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avformat-52.dll] [N/A, ] [PID: 1676 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ] [C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ] [PID: 2224 / Administrator][C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [PID: 688 / Administrator][C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\SysWow64\t6al8.dll] [N/A, ] [PID: 1532 / Administrator][C:\Documents and Settings\Administrator\Desktop\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321] [PID: 1968 / Administrator][C:\Documents and Settings\Administrator\Desktop\SRE3624a76f.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0] [C:\Documents and Settings\Administrator\Desktop\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP Error. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan N/A ================================== Scheduled Tasks [Enabled] xnbxxtra.job C:\WINDOWS\system32\rundll32.exe [Enabled] GoogleUpdateTaskUserS-1-5-21-3928387891-2072984557-481463973-500UA.job C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [Enabled] GoogleUpdateTaskUserS-1-5-21-3928387891-2072984557-481463973-500Core.job C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [Enabled] chyecimr.job C:\WINDOWS\system32\rundll32.exe ================================== Windows Security Update Check N/A ================================== API HOOK N/A ================================== Hidden Process N/A ==================================
  4. while it was running i got "Autoit Error- Line-1: error: variable used without being declared"
  5. opened it and got "This tool does not support your operating system press any key to continue"
  6. when i open OTL i get "Access violation at address 04326F0 in module 'OTL.exe' Read address 00000047" and never shows any thing to do with "Output" or run scan
  7. hijackthis log (sorry for double post) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:15 AM, on 2/26/2010 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\WINDOWS\SysWOW64\rundll32.exe C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SysWOW64\CTsvcCDA.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG9\avgam.exe C:\PROGRA~2\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Java\jre6\bin\jqs.exe C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/ O2 - BHO: C:\WINDOWS\SysWow64\t6al8.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\SysWow64\t6al8.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bionix Wallpaper] "C:\Program Files (x86)\Bionix Wallpaper.exe" O4 - HKCU\..\Run: [sun Microsystems] C:\Documents and Settings\Administrator\Application Data\Microsoft\jusched.exe O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\SysWow64\t6al8.dll, HUI_proc O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\du2t21o4u4.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: UltraMon.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249755127828 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D760F04B-38E4-48F3-A7CF-32A86C0D197D}: NameServer = 83.149.115.157,4.2.2.1,209.18.47.61 209.18.47.62 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: pedanawe.dll O21 - SSODL: kibutobib - {298435ac-e9a1-4e09-9f78-f0609dca15e8} - c:\windows\SysWow64\folopaga.dll (file missing) O22 - SharedTaskScheduler: 7whfiudhf8s7f3oifhif7syfdhsof - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\SysWow64\t6al8.dll O22 - SharedTaskScheduler: gahurihor - {298435ac-e9a1-4e09-9f78-f0609dca15e8} - c:\windows\SysWow64\folopaga.dll (file missing) O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 8904 bytes
  8. So ive been trying to get rid of this thing myself but cant seem to do it... i have run the anit malware program and avg pro, and i still have it...it says it finds things and i delete them, yet i still cant do much on my computer I will post any logs you require ASAP thanks!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.