Jump to content

Explorer.exe Crashing Often when I open any App


Recommended Posts

Im having this problem that explorer.exe crashes almost everytime I open a program. It is very annoying cuz my taskbar disappears for a moment. I googled this problem and in many Forums people dont get the solution for this. I hope someone in this forum has the solution. Thanks

The error looks like this

dataexecexplorer6qh.png

Link to post
Share on other sites

  • Root Admin

Hi einzerox and Welcome to Malwarebytes.

Please follow the instructions posted here and provide the information requested and someone will be happy to assist you.

Pre- HJT Post Instructions

It's very likely that some Virus or Malware has potentially infected your system.

Link to post
Share on other sites

Hi einzerox and Welcome to Malwarebytes.

Please follow the instructions posted here and provide the information requested and someone will be happy to assist you.

Pre- HJT Post Instructions

It's very likely that some Virus or Malware has potentially infected your system.

Malwarebytes' Anti-Malware 1.25

Database version: 1095

Windows 5.1.2600 Service Pack 3

1:17:19 PM 8/29/2008

mbam-log-08-29-2008 (13-17-19).txt

Scan type: Quick Scan

Objects scanned: 52218

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-08-29 15:25:59

PROTECTIONS: 1

MALWARE: 3

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Norton Antivirus Internet Security 2008 15.5.0.23 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Einzerox\My Documents\VistaVortex\I386\Process.ex_[Process.exe]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Einzerox\Cookies\einzerox@server.iad.liveperson[1].txt

00194066 Application/Pskill.E HackTools No 0 Yes No C:\WINDOWS\system32\pskill.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location ~

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\system32\suppdll.dll ~

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description ~

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:38:24 PM, on 8/29/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Einer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 102.54.94.97 rhino.acme.com # source server

O1 - Hosts: 38.25.63.10 x.acme.com # x client host

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - S-1-5-18 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')

O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 13407 bytes

Is this all you need ? If not I'm Here for further instructions

BTW I get this error After I turn off the computer

Error.jpg

Link to post
Share on other sites

  • Root Admin

Okay I've moved your topic to the correct forum. Please stand by and give someone a chance to review your information and assist you.

I'm currently working on another post and won't have time to review yours till later tonight. Hopefully someone else that has time today will stop by to assist you.

Thanks for your patience.

Link to post
Share on other sites

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

I'd say repair/reinstall Nero, then run a sfc /scannow

I reinstalled Nero but when a run a sfc / scannow is asking me for the CD of the OS and when I inserted it says that that is not the correct disk. I think maybe is because I have Service Pack 3 install because that was an update and the CD is Service Pack 2. So Do I have to uninstall service pack 3 in order to the scan to work ?

Link to post
Share on other sites

Read here find the I386 folder for SP3 and it should work just the same as in the instructions.

Hi thanks for helping. But in regedit i dont find SourcePath there are other options there. Like BootDir, CDInstall, DrivercachePath, Installation Sources, Log level, Private Hash, Service Pack Cache Path, and Service Pack Source Path. Maybe in my computer is different ? idk

Hope to hear from you soon thanks

Link to post
Share on other sites

Im sure it's there by the time you get to this step your going to find "source path" in the right side large box, not in the left side column.

Service Pack Source Path <========= bingo

oh thanks ...I tried it and now its not asking me for the CD hopefully it worked !!

i JUST finish with the scan and this is what it found. " Windows File Protection scan found that the system file c:\windows\system32\inetcplc.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0. "

Link to post
Share on other sites

So, everything is working? Update MBAM and do a quick scan again and post that and a new HJT log.

well the computer is working ok but the problem is that sometimes when I open programs or even if im not doing anything it crashes.

Malwarebytes' Anti-Malware 1.26

Database version: 1111

Windows 5.1.2600 Service Pack 3

9/3/2008 8:03:50 PM

mbam-log-2008-09-03 (20-03-50).txt

Scan type: Quick Scan

Objects scanned: 61283

Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:07:29 PM, on 9/3/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Einer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 102.54.94.97 rhino.acme.com # source server

O1 - Hosts: 38.25.63.10 x.acme.com # x client host

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - S-1-5-18 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')

O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 13472 bytes

Link to post
Share on other sites

You could have system damage. You have a lot of stuff running and a resource hog AV.

Let's clean up some stuff with HJT. Run in scan only and put a check next to the following then click fix.

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: (no name) - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

Your log keeps changing on review, you had Ares installed and now it doesn't show, did you uninstall it?

C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe <======== that file gets mixed results in malware search. What can you tell me?

Link to post
Share on other sites

You could have system damage. You have a lot of stuff running and a resource hog AV.

Let's clean up some stuff with HJT. Run in scan only and put a check next to the following then click fix.

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: (no name) - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

Your log keeps changing on review, you had Ares installed and now it doesn't show, did you uninstall it?

C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe <======== that file gets mixed results in malware search. What can you tell me?

Yes I uninstalled Ares and Transbar.exe came with Brickopack to make the taskbar transparent. Which I dont think it is a malware. I'll Post the HJT Log as soon as I get home.

Link to post
Share on other sites

If you downloaded a cracked version using Ares it's highly possible it was bundled with malware. If you got a legal copy it's probably clean. Google search for Brickopack comes up with mixed site rating via SiteAdvisor, from green to red.

I downloaded BricoPack from its website http://www.crystalxp.net/bricopack/. This program is free.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:49:54 PM, on 9/5/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Einer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 102.54.94.97 rhino.acme.com # source server

O1 - Hosts: 38.25.63.10 x.acme.com # x client host

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - S-1-5-18 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')

O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 13226 bytes

Link to post
Share on other sites

OK, some of the sites were red rated. Yours is green ;)

Remove the line below with HJT

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

What if any symptoms are you still having?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:18:13 PM, on 9/6/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Einer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 102.54.94.97 rhino.acme.com # source server

O1 - Hosts: 38.25.63.10 x.acme.com # x client host

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - S-1-5-18 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')

O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 13284 bytes

Well explorer.exe crashes sometimes for no reason. I never had that problem before.

Link to post
Share on other sites

Well I don't think your problem is or ever was malware. But to be absolute we will do this.

Review this article here how to use ComboFix

Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data.

1. Download this file :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop.

2. Double click combofix.exe. It will be a red icon with a white X on your desktop.

Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.

3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.

Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall.

You might also want to post event logs in the PC help forum and let more people have access to your issues.

Link to post
Share on other sites

Well I don't think your problem is or ever was malware. But to be absolute we will do this.

Review this article here how to use ComboFix

Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data.

1. Download this file :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop.

2. Double click combofix.exe. It will be a red icon with a white X on your desktop.

Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.

3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.

Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall.

You might also want to post event logs in the PC help forum and let more people have access to your issues.

ComboFix 08-09-05.03 - Einzerox 2008-09-07 12:24:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1434 [GMT -5:00]

Running from: C:\Documents and Settings\Einzerox\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\pskill.exe

C:\WINDOWS\system32\rqnawger.ini

.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))

.

2008-09-07 11:45 . 2008-09-07 11:45 <DIR> d--hs---- C:\found.000

2008-09-04 15:21 . 2008-09-04 15:21 <DIR> d-------- C:\Program Files\Smilebox

2008-09-04 15:20 . 2008-09-04 15:29 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Smilebox

2008-08-31 21:52 . 2008-04-13 19:12 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2008-08-31 21:52 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe

2008-08-31 21:52 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe

2008-08-31 21:52 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

2008-08-31 21:52 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys

2008-08-31 21:52 . 2008-04-13 19:12 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll

2008-08-31 21:52 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys

2008-08-31 21:52 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys

2008-08-31 21:52 . 2008-04-13 19:12 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll

2008-08-31 21:52 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe

2008-08-31 21:50 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys

2008-08-31 21:49 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll

2008-08-31 21:48 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys

2008-08-31 21:47 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll

2008-08-31 21:46 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll

2008-08-31 21:45 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll

2008-08-31 21:44 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2008-08-31 21:43 . 2008-04-13 19:10 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll

2008-08-31 21:42 . 2008-04-13 13:31 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-08-31 21:41 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys

2008-08-31 21:40 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys

2008-08-31 21:39 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll

2008-08-31 21:38 . 2008-04-13 19:11 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll

2008-08-31 21:37 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll

2008-08-31 21:36 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys

2008-08-31 21:35 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys

2008-08-31 21:34 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys

2008-08-31 21:33 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys

2008-08-31 12:48 . 2008-08-31 12:53 <DIR> d-------- C:\I386

2008-08-30 12:30 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll

2008-08-30 12:29 . 2008-04-13 14:27 2,188,928 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-08-29 13:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-08-29 13:19 . 2008-08-29 13:23 <DIR> d-------- C:\Program Files\EsetOnlineScanner

2008-08-28 17:33 . 2008-08-28 17:34 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Picaboo

2008-08-28 17:14 . 2008-08-28 17:33 <DIR> d-------- C:\Program Files\Picaboo

2008-08-28 12:29 . 2008-08-28 12:29 <DIR> d-------- C:\Program Files\Uniblue

2008-08-28 12:29 . 2008-08-28 12:29 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Uniblue

2008-08-28 12:29 . 2008-08-28 12:29 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}

2008-08-28 12:12 . 2008-08-28 12:21 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\ErrorSmart

2008-08-27 10:45 . 2008-08-27 10:45 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Nero

2008-08-27 10:41 . 2008-08-27 10:43 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-08-26 12:37 . 2008-08-26 12:37 <DIR> d-------- C:\Program Files\7-Zip

2008-08-25 14:39 . 2008-08-25 14:39 <DIR> d-------- C:\Program Files\PixiePack Codec Pack

2008-08-25 14:13 . 2008-08-25 14:13 <DIR> d-------- C:\Program Files\RapidSolution

2008-08-25 14:13 . 2008-08-25 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution

2008-08-24 18:31 . 2008-08-24 18:31 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Launchy

2008-08-20 15:27 . 2007-03-12 23:34 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-08-20 15:27 . 2007-03-12 23:34 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-08-20 15:27 . 2007-03-12 23:34 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-08-15 11:58 . 2008-08-31 12:43 <DIR> d-------- C:\Music for Cell phone

2008-08-15 11:43 . 2008-08-15 11:46 320,860 --a------ C:\amt1

2008-08-15 11:42 . 2008-08-15 11:42 <DIR> d-------- C:\Program Files\AnMing

2008-08-15 11:42 . 2004-08-04 20:46 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe

2008-08-15 11:42 . 2005-10-21 20:20 278,528 --a------ C:\WINDOWS\system32\ammpp.dll

2008-08-15 11:42 . 2005-10-18 11:14 144,896 --a------ C:\WINDOWS\system32\lame_dshow.ax

2008-08-15 11:42 . 2005-10-26 13:12 70,144 --a------ C:\WINDOWS\system32\AudioFileConvert.ocx

2008-08-15 11:42 . 2005-07-13 15:13 65,536 --a------ C:\WINDOWS\system32\a1.dll

2008-08-15 11:42 . 2005-09-18 13:17 61,440 --a------ C:\WINDOWS\system32\anming.ocx

2008-08-15 11:42 . 2005-10-26 13:12 3,772 --a------ C:\WINDOWS\system32\AudioFileConvert.tlb

2008-08-15 11:42 . 2008-08-31 12:37 552 --a------ C:\WINDOWS\MP3trtg.ini

2008-08-14 22:40 . 2008-08-14 22:40 <DIR> d-------- C:\Program Files\mTC

2008-08-14 20:47 . 2008-08-14 20:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-08-14 20:46 . 2008-08-14 20:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-14 20:39 . 2008-08-14 20:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-08-14 20:39 . 2008-08-14 20:39 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys

2008-08-14 20:39 . 2008-08-14 20:39 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys

2008-08-14 19:00 . 2008-08-14 19:00 <DIR> d-------- C:\Program Files\Avanquest update

2008-08-14 19:00 . 2008-08-14 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

2008-08-14 18:59 . 2008-08-14 20:35 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-08-14 18:59 . 2008-08-14 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-08-14 18:20 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-08-14 18:20 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-08-13 12:49 . 2008-08-13 12:49 <DIR> d-------- C:\Documents and Settings\Einzerox\System

2008-08-13 12:49 . 2008-08-13 12:55 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\SmartDraw

2008-08-13 12:44 . 2008-08-27 11:00 <DIR> d-------- C:\Program Files\SmartDraw 2008

2008-08-08 14:29 . 2008-08-08 14:29 <DIR> d-------- C:\Program Files\Apple Software Update

2008-08-08 14:28 . 2008-08-08 14:28 <DIR> d-------- C:\Program Files\iTunes

2008-08-08 14:28 . 2008-08-08 14:28 <DIR> d-------- C:\Program Files\iPod

2008-08-08 14:25 . 2008-08-30 13:55 90,104 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-08-08 14:18 . 2008-08-08 14:18 <DIR> d-------- C:\Program Files\Safari

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-07 17:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-04 00:47 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-02 05:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-02 05:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-08-29 18:54 --------- d-----w C:\Program Files\Panda Security

2008-08-29 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-29 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-08-28 17:25 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner

2008-08-28 16:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-08-27 23:39 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Apple Computer

2008-08-27 15:55 --------- d-----w C:\Program Files\RivaTuner v2.09

2008-08-27 15:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-27 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-27 15:41 --------- d-----w C:\Program Files\Nero

2008-08-27 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2008-08-27 14:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-27 14:34 --------- d-----w C:\Program Files\SpywareBlaster

2008-08-25 19:14 --------- d-----w C:\Program Files\Winamp

2008-08-19 17:41 --------- d-----w C:\Program Files\Yahoo!

2008-08-19 08:00 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 00:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-08 02:06 --------- d-----w C:\Program Files\CrossLoop

2008-08-04 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-08-02 12:42 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\mjusbsp

2008-07-30 22:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-07-30 22:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-07-30 22:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-07-29 20:15 --------- d-----w C:\Program Files\Musicnotes

2008-07-29 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes

2008-07-27 05:03 --------- d-----w C:\Program Files\EA Sports

2008-07-26 18:49 --------- d-----w C:\Program Files\ImTOO

2008-07-26 03:24 --------- d-----w C:\Program Files\Learning Essentials

2008-07-26 03:02 --------- d-----w C:\Program Files\PicLensIE

2008-07-26 02:52 --------- d-----w C:\Program Files\MSECache

2008-07-26 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-07-24 16:27 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\DivX

2008-07-24 16:17 --------- d-----w C:\Program Files\proDAD

2008-07-24 16:17 --------- d-----w C:\Program Files\LooksBuilderSE

2008-07-24 16:17 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\proDAD

2008-07-24 16:16 --------- d-----w C:\Program Files\Boris FX, Inc

2008-07-24 16:15 --------- d-----w C:\Program Files\Pinnacle

2008-07-24 16:13 --------- d-----w C:\Program Files\Common Files\Pinnacle

2008-07-24 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate

2008-07-24 16:01 --------- d-----w C:\Program Files\Common Files\Yahoo!

2008-07-24 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Studio 12

2008-07-24 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus

2008-07-24 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle

2008-07-23 20:38 --------- d-----w C:\Program Files\Alcohol Soft

2008-07-23 20:24 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-22 20:04 --------- d-----w C:\Program Files\CamStudio

2008-07-22 17:59 --------- d-----w C:\Program Files\MagniGlass

2008-07-21 20:49 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-20 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo

2008-07-19 05:02 --------- d-----w C:\Program Files\TechSmith

2008-07-18 19:19 --------- d-----w C:\Program Files\ViStart

2008-07-18 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith

2008-07-18 16:48 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\TuneUp Software

2008-07-18 16:44 --------- d-----w C:\Program Files\Common Files\TechSmith Shared

2008-07-16 19:41 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\MiniDm

2008-07-16 16:50 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\iolo

2008-07-14 15:01 --------- d-----w C:\Program Files\WebcamMax

2008-07-13 23:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo

2008-07-13 21:08 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Yahoo!

2008-07-13 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-07-12 00:44 --------- d-----w C:\Program Files\Free iPod Video Converter

2008-07-12 00:42 --------- d-----w C:\Program Files\Red Kawa

2008-07-12 00:42 --------- d-----w C:\Program Files\AviSynth 2.5

2008-07-12 00:37 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Media Player Classic

2008-07-11 18:39 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\ViStart

2008-07-10 21:03 --------- d-----w C:\Program Files\RogueRemover FREE

2008-07-10 14:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-09 23:15 --------- d-----w C:\Program Files\Winflip

2008-07-08 20:47 64,643 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-07-08 20:47 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-07-08 20:35 --------- d-----w C:\Program Files\Java

2008-07-08 20:33 --------- d-----w C:\Program Files\Common Files\Java

2008-07-08 17:21 --------- d-----w C:\Program Files\AlienGUIse

2008-07-08 17:12 --------- d-----w C:\Program Files\TrueTransparency

2008-07-07 23:03 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Move Networks

2008-07-07 23:01 --------- d-----w C:\Program Files\BillP Studios

2008-07-07 23:01 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\WinPatrol

2008-07-07 22:49 --------- d-----w C:\Program Files\FireTrust

2008-07-05 19:18 197 --sha-w C:\Program Files\Common Files\maxtreme.dat

2008-06-24 21:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-06-23 06:44 20 ----a-w C:\sccfg.sys

2008-06-16 05:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-02-13 00:10 2,682,880 ------w C:\Documents and Settings\All Users\VCREDI~3.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856]

"cdloader"="C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 50520]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"Uniblue RegistryBooster 2009"="C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-22 2018584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-18 8523776]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]

"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-16 185896]

C:\Documents and Settings\Einzerox\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-16 3450608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

"vidc.mjpg"= pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 9.lnk]

backup=C:\WINDOWS\pss\SnagIt 9.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinFlip.exe]

backup=C:\WINDOWS\pss\WinFlip.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Einzerox^Start Menu^Programs^Startup^Desktoptopia.lnk]

backup=C:\WINDOWS\pss\Desktoptopia.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Einzerox^Start Menu^Programs^Startup^Picaboo.lnk]

backup=C:\WINDOWS\pss\Picaboo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wakoopa

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2008-02-18 13:37 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

--------- 2006-09-28 20:09 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-11-18 00:12 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

--a------ 2008-01-15 13:31 106496 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

--a------ 2008-02-07 01:49 718704 C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--a------ 2008-02-20 13:22 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-06-24 12:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-06-16 12:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]

--a------ 2008-08-22 10:30 2018584 C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2008-05-16 14:39 16862720 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TapiSrv"=3 (0x3)

"lanmanserver"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"AresChatServer"=3 (0x3)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=

"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=

"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

"C:\\Documents and Settings\\Einzerox\\Application Data\\mjusbsp\\magicJack.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-08 941784]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]

R2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys [2008-03-13 36640]

R2 UpdateCenterService;Update Center Service;C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-03-13 114688]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-14 13352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59a9a9a1-43d1-11dd-bc31-001ec92f54f3}]

\Shell\AutoRun\command - H:\autorun.exe

\Shell\phone\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59a9a9a2-43d1-11dd-bc31-001ec92f54f3}]

\Shell\AutoRun\command - I:\magicJack\autorun.exe

\Shell\phone\command - I:\magicJack\autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

MSConfigStartUp-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe

MSConfigStartUp-PWRISOVM - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Einzerox\Application Data\Mozilla\Firefox\Profiles\m38gfatj.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF -: plugin - C:\Program Files\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\plugins\np_VR_OgloPlugin.dll

FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

.

------- File Associations (Beta) -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 12:34:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2008-09-07 12:41:00 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-07 17:40:46

Pre-Run: 179,025,551,360 bytes free

Post-Run: 179,169,808,384 bytes free

379 --- E O F --- 2008-08-29 08:12:22

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48:09 PM, on 9/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 11219 bytes

Link to post
Share on other sites

Well now what do you have going on? I'm going to have the person that wanted the CF log have a look here. There were deletions, I'm a sick pup right now, but getting antibiotics so will be better soon. I'll shoot this url to nosirrah and if he replies here please cooperate.

Link to post
Share on other sites

Well now what do you have going on? I'm going to have the person that wanted the CF log have a look here. There were deletions, I'm a sick pup right now, but getting antibiotics so will be better soon. I'll shoot this url to nosirrah and if he replies here please cooperate.

Well I still have the same problem like in 10 minutes explorer.exe crashes twice. Thanks Jean I hope you get better soon. I'll cooperate dont worry.

Link to post
Share on other sites

OK let's go for another special scan tool.

Download GMER get the zip file and save to your desktop.

Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. .

Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.

Link to post
Share on other sites

OK let's go for another special scan tool.

Download GMER get the zip file and save to your desktop.

Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. .

Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-09-10 15:04:42

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spdn.sys ZwEnumerateKey [0xF74F7CA2]

SSDT spdn.sys ZwEnumerateValueKey [0xF74F8030]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A7C61F8

Device \FileSystem\Fastfat \Fat 8A533500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.