Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Everything runs super fast, but explorer extremely slo


  • This topic is locked This topic is locked
16 replies to this topic

#1 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 10 May 2008 - 12:17 PM

Problem: When I turn my computer on, everything seems to be fine. Running programs are fine (once they are actually running. There is a delay when trying to run any program). Whenever I try to open a folder or to copy a file, there is extreme delay/lag: in a folder, clicking on a file can have up to a 3-10 second delay and (Sometimes) also delays all other programs/windows up and running at that moment (freezes the toolbar sometimes for up to a minute if so); copying a file or right-clicking on a file can take up to 1 minute. Once I close the one folder or the copying is done, the computer goes back to being fast (for right clicking, all I can do is wait until the menu pops up and disappears)

I found that it is specifically laggy when right clicking ANY file (not just the desktop) and especially folders with videos. Browsing through music seems to be fine, but right clicking on music has the same effect. In the folder, when I try to click on a video (single click, not opening), the whole computer becomes delayed (i have to navigate through windows with alt+tab. The programs themselves run fine... just the toolbar and the explorer freezes), responding at about 1 click per 5-10 seconds and almost freezing the toolbar. Also, copying any file (by ctrl+C instead of right click/copy, since it lags) also lags the computer
Now, running ANY program is extremely slow to start up, even without a window up (windows media player takes a couple minutes to load when double-clicking a meda file). Once the programs are up, they run fine



How I've tried to fix:
1) Running my computer in safe mode and running a complete virus/adware/malware scan and deleting what is found. (NOD32, AVG Anti-Spyware, SpyBot S&D, and MalwareBytes' Anti-Malware)
2) running ATFCleaner/CCleaner to delete temporary files and excess things (or clearing all temp caches, files, etc.)
3) Killing unused processes to clear up memory (although I still have 512MB unused)
4) defragging my harddrive
5) Fixing any reg issues using RegCure
**I have the latest windows updates
***After I run AVG Anti-Spyware, I find about 20+ problems. After I fix them, my computer is still slow. I decided to run another scan a few hours later and came up with 10+ problems... they just keep coming back. Is it better to DELETE or QUARANTINE the ads once they are found?

This is really weird, because I have never heard of this problem and I couldn't find help anywhere on the net
At first, I thought it would be the explorer.exe problem, but I can't find any solution to fix the explorer.exe

(Also, I don't know if this is relevant to this problem, but when i boot up my computer, instead of a Windows Xp black boot screen, I see a "IBM" "OS/2 WARP" boot screen. I looked what it was on google and it was another sort of browser or operating system, which I never even knew about or installed on my computer. Ever since I saw this screen, my computer has been acting slow (as stated above))





Logfile of HijackThis v1.99.1
Scan saved at 7:49:06 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202337510947
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: vtUomNGW - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DriveAlrt - {0b69cf67-52f0-4f8e-875d-1dc62b0e73b6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by yoshiness, 13 May 2008 - 08:49 PM.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 06:19 AM

Posted Image

I'm not seeing anything bad but lets see if we can find anything.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 10:42 AM

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Quick Scan
Objects scanned: 36865
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of HijackThis v1.99.1
Scan saved at 9:42:14 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202337510947
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: vtUomNGW - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DriveAlrt - {0b69cf67-52f0-4f8e-875d-1dc62b0e73b6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 10:44 AM

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 10:53 AM

after a computer restart, the computer seems to be running pretty well
(i know it's a little slow from the ATF Cleaner)
but, there isn't much lag anymore when browsing through videos and right clicking


~EDIT~
well, after plugging in my external harddrive and trying to go to my computer, my computer froze and I had to restart it
Now, it's back to being laggy when clicking on videos



does clearing "Hide file extensions for known file types" and "Hide protected operating system files" allow the computer to scan files that are hidden? or does the scanner always scan all hidden files, because those 2 infected files were never detected before when i ran Malwarebytes' Anti-Malware?

Edited by yoshiness, 17 May 2008 - 11:18 AM.


#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 11:28 AM

That allows us to see the hidden files

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 12:30 PM

ComboFix 08-05-15.3 - Jason 2008-05-17 10:39:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.445 [GMT -7:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bJjSAJjl.ini
C:\WINDOWS\system32\bJjSAJjl.ini2
C:\WINDOWS\system32\hbjgsdsv.ini
C:\WINDOWS\system32\hbjgsdsv.ini2
C:\WINDOWS\system32\hbjgsdsv.tmp
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-13 19:56 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-13 19:56 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-13 19:56 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-13 19:56 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-13 19:56 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-13 19:56 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-13 19:56 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-13 19:56 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-13 19:56 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-12 18:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 18:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 23:47 . 2008-05-11 00:07 <DIR> d-------- C:\efbd2f086b03ed839ded566ecede3e1b
2008-05-10 16:31 . 2008-05-16 22:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 16:31 . 2008-05-10 16:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 23:28 . 2008-05-09 23:28 <DIR> d-------- C:\Program Files\CCleaner
2008-05-08 19:21 . 2008-05-08 19:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-05-08 15:58 . 2008-05-08 15:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-08 15:58 . 2008-05-08 15:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-08 15:58 . 2008-05-17 10:37 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-05-07 21:01 . 2008-05-07 21:01 10,985,472 --a------ C:\Documents and Settings\Jason\NTUSER.DAT_TU_13317
2008-05-07 21:01 . 2008-05-07 21:01 217,088 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_93419
2008-05-07 21:01 . 2008-05-07 21:01 102,400 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT_TU_89471
2008-05-07 17:46 . 2008-05-13 21:02 2,275,840 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-05-07 17:46 . 2004-04-26 13:47 163,456 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-06 22:30 . 2008-05-06 22:31 <DIR> d-------- C:\Program Files\Audacity
2008-05-06 22:26 . 2008-05-06 22:58 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Mp3 Audio Editor
2008-05-06 16:58 . 2008-05-06 16:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-06 16:52 . 2008-05-06 16:52 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-05-05 17:00 . 2008-05-05 17:00 <DIR> d-------- C:\Program Files\Movkit
2008-05-05 16:36 . 2008-05-05 16:59 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-05 16:36 . 2008-05-05 17:00 <DIR> d-------- C:\Program Files\AVSMedia
2008-05-05 16:36 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-05 16:36 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-05-05 16:36 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-05-05 16:36 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-05-05 16:36 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-05-05 16:36 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-05-05 16:36 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-05 16:36 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-05-02 19:07 . 2008-05-09 16:16 50 --a------ C:\WINDOWS\MegaManager.INI
2008-05-02 18:36 . 2008-05-02 18:36 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\GlobalSCAPE
2008-05-02 16:10 . 2008-05-02 16:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Megaupload
2008-05-02 16:08 . 2008-05-02 16:09 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-02 16:08 . 2008-05-02 16:08 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\MegauploadToolbar
2008-04-28 21:12 . 2008-04-28 21:12 0 --a------ C:\WINDOWS\WB.ini
2008-04-28 19:52 . 2008-04-28 19:52 <DIR> d-------- C:\Program Files\Google
2008-04-25 23:37 . 2007-03-23 11:01 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-04-25 23:36 . 2008-04-25 23:36 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-25 23:36 . 2007-03-23 11:01 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-04-25 23:35 . 2008-04-25 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-24 21:48 . 2008-04-24 21:48 <DIR> d-------- C:\Program Files\DIFX
2008-04-24 19:46 . 2008-04-24 19:46 <DIR> d-------- C:\Program Files\Pure Networks
2008-04-23 15:52 . 2000-09-25 17:47 30,096 -ra------ C:\WINDOWS\system32\drivers\3ccmusb.sys
2008-04-23 15:52 . 2000-08-25 03:22 28,672 -ra------ C:\WINDOWS\system32\3ccmusbx.exe
2008-04-22 17:21 . 2008-05-13 15:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 16:18 . 2008-04-22 16:18 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\GeoVid
2008-04-22 16:16 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-04-22 16:15 . 2008-04-22 16:15 <DIR> d-------- C:\Program Files\GeoVid
2008-04-22 16:10 . 2008-04-22 16:12 275 --a------ C:\WINDOWS\w32dasm8.ini
2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Malwarebytes
2008-04-21 17:09 . 2008-04-21 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 15:08 . 2008-04-21 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vcfqzyhu
2008-04-20 21:57 . 2008-04-20 21:57 686,080 --a------ C:\WINDOWS\is-QMDFC.exe
2008-04-20 21:57 . 2008-04-20 21:57 10,453 --a------ C:\WINDOWS\is-QMDFC.msg
2008-04-20 21:57 . 2008-04-20 21:57 1,255 --a------ C:\WINDOWS\is-QMDFC.lst
2008-04-20 19:48 . 2008-04-20 19:50 <DIR> d-------- C:\Program Files\AllToAVI
2008-04-20 19:36 . 2008-05-09 16:15 <DIR> d-------- C:\Program Files\MKVtoolnix
2008-04-20 14:53 . 2008-04-20 20:19 <DIR> d-------- C:\Program Files\Gabest
2008-04-20 14:52 . 2008-04-20 14:53 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo
2008-04-19 23:47 . 2008-04-21 17:37 <DIR> d-------- C:\Program Files\AutoShutdown
2008-04-18 20:00 . 2008-04-18 20:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-04-17 17:55 . 2008-04-20 14:54 <DIR> d-------- C:\Program Files\Flash Slideshow Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 17:27 --------- d-----w C:\Program Files\Steam
2008-05-17 17:26 --------- d-----w C:\Documents and Settings\Jason\Application Data\uTorrent
2008-05-17 06:02 --------- d-----w C:\Program Files\FlashGet
2008-05-15 22:31 --------- d-----w C:\Program Files\AIM
2008-05-15 02:35 --------- d-----w C:\Program Files\Paint.NET
2008-05-14 23:36 --------- d-----w C:\Program Files\Common Files\River Past
2008-05-14 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-05-09 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 03:28 --------- d-----w C:\Program Files\Diablo II
2008-05-08 00:46 --------- d-----w C:\Program Files\Stardock
2008-05-08 00:46 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-06 23:31 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-21 03:22 167,936 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-04-20 19:56 --------- d-----w C:\Program Files\Total Video Converter
2008-04-17 05:43 --------- d-----w C:\Documents and Settings\Jason\Application Data\U3
2008-04-17 02:20 --------- d-----w C:\Documents and Settings\Jason\Application Data\River Past G5
2008-04-17 00:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 00:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-16 23:55 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-16 22:57 --------- d-----w C:\Program Files\TI Education
2008-04-16 22:40 17,408 ----a-w C:\psapi.dll
2008-04-16 22:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 22:32 --------- d-----w C:\Program Files\Webroot
2008-04-16 22:32 --------- d-----w C:\Documents and Settings\Jason\Application Data\Webroot
2008-04-16 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-16 22:31 32,768 ----a-w C:\WINDOWS\Keygen.exe
2008-04-15 23:24 --------- d-----w C:\Program Files\GiPo@Utilities
2008-04-15 23:20 --------- d-----w C:\Program Files\SpywareGuard
2008-04-15 00:20 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 00:34 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-14 00:30 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-13 05:19 --------- d-----w C:\Program Files\eread7.0
2008-04-13 05:16 --------- d-----w C:\Program Files\real
2008-04-13 02:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 06:42 --------- d-----w C:\Program Files\Absolute MP3 Splitter
2008-04-12 06:41 --------- d-----w C:\Program Files\123 AVI to GIF Converter
2008-04-12 06:39 --------- d-----w C:\Program Files\CoffeeCup Software
2008-04-12 02:52 --------- d-----w C:\Program Files\Video-AVI to GIF Converter
2008-04-12 02:49 --------- d-----w C:\Program Files\Flash MP3 Player Builder
2008-04-12 02:48 --------- d-----w C:\Program Files\SourceTec
2008-04-12 02:48 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-04-09 04:35 --------- d-----w C:\Program Files\Replay Music 2
2008-04-09 04:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-08 02:08 --------- d-----w C:\Program Files\HP
2008-04-06 03:03 --------- d-----w C:\Program Files\Eset
2008-04-06 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-04-05 21:18 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-05 21:18 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-31 01:41 --------- d-----w C:\Program Files\avisplit
2008-03-31 01:34 --------- d-----w C:\Program Files\BT Engine
2008-03-31 00:29 --------- d-----w C:\Program Files\RM Converter
2008-03-30 22:47 --------- d-----w C:\Program Files\Xvid
2008-03-30 04:16 --------- d-----w C:\Program Files\DsNET Corp
2008-03-29 21:02 --------- d-----w C:\Program Files\Starcraft
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 03:40 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-03-25 22:36 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-03-23 23:51 --------- d-----w C:\Program Files\Fast AVI MPEG Joiner
2008-03-23 23:37 --------- d-----w C:\Program Files\TechSmith
2008-03-23 20:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nero
2008-03-23 03:52 --------- d-----w C:\Documents and Settings\Jason\Application Data\Hamachi
2008-03-23 03:48 10,546 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-23 03:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-23 03:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-23 03:31 22,328 ----a-w C:\Documents and Settings\Jason\Application Data\PnkBstrK.sys
2008-03-23 03:31 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-22 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-22 20:09 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-03-21 05:27 --------- d-----w C:\Documents and Settings\Jason\Application Data\Nero
2008-03-21 05:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-21 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-21 05:20 --------- d-----w C:\Program Files\Nero
2008-03-20 22:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-20 03:37 --------- d-----w C:\Program Files\SEGA
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 05:55 --------- d-----w C:\Documents and Settings\Jason\Application Data\Corel
2008-03-17 00:08 88 --sh--r C:\Documents and Settings\All Users\Application Data\B295045006.sys
2008-03-17 00:08 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-03 21:25 5,702 ---ha-w C:\WINDOWS\nod32restoretemdono.reg
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-18 18:11 51184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 05:00 455168]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"CTHelper"="CTHELPER.EXE" [2004-03-19 01:33 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-02-28 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 15:42 321088]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54 5361464]

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomNGW]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-04-28 21:09 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
"BM2fb1a30a"="Rundll32.exe" "C:\WINDOWS\system32\shwbeuox.dll",s
"2c829096"="rundll32.exe" "C:\WINDOWS\system32\vsdsgjbh.dll",b
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Calendar"="C:\Program Files\Desksware\Calendar.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\krnblind55@hotmail.com\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-05-05 20:46]
R2 MBAMService;MBAMService;"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-05-05 20:46]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-02-28 05:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S0 nmfilter;DriverStudio Device Filter;C:\WINDOWS\system32\DRIVERS\nmfilter.sys []
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-02-28 05:00]
S3 3CCMUSB;3Com HomeConnect Cable Modem External with USB Driver;C:\WINDOWS\system32\DRIVERS\3ccmusb.sys [2000-09-25 17:47]
S3 cosdrv;CherryOS Network Adapter;C:\WINDOWS\system32\DRIVERS\cosdrv.sys [2005-03-07 12:59]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-05 14:18]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20709dfc-d5d0-11dc-8293-0011090028df}]
\shell\Browse Music\command - explorer \Music\
\shell\Browse Pictures\command - explorer \Pictures\
\shell\Browse Video\command - explorer \Video\

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-17 17:47:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 00:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-17 03:51:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 11:20:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-05-17 11:26:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 18:25:57

Pre-Run: 97,146,380,288 bytes free
Post-Run: 97,053,306,880 bytes free

312 --- E O F --- 2008-05-14 03:32:25





Logfile of HijackThis v1.99.1
Scan saved at 11:30:11 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202337510947
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: vtUomNGW - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DriveAlrt - {0b69cf67-52f0-4f8e-875d-1dc62b0e73b6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 12:47 PM

I can't find any information on these but if you know what they are, remove from the fix.
C:\WINDOWS\is-QMDFC.exe
C:\WINDOWS\is-QMDFC.msg
C:\WINDOWS\is-QMDFC.lst



Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\is-QMDFC.exe
C:\WINDOWS\is-QMDFC.msg
C:\WINDOWS\is-QMDFC.lst
C:\WINDOWS\system32\shwbeuox.dll
C:\WINDOWS\system32\vsdsgjbh.dll
C:\WINDOWS\Keygen.exe

Folder::
C:\efbd2f086b03ed839ded566ecede3e1b
C:\Documents and Settings\All Users\Application Data\vcfqzyhu
C:\Program Files\Bonjour
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomNGW]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM2fb1a30a"=-
"2c829096"=-

Save this as Save this as "CFScript"


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 04:58 PM

ComboFix 08-05-15.3 - Jason 2008-05-17 15:38:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.397 [GMT -7:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\is-QMDFC.exe
C:\WINDOWS\is-QMDFC.lst
C:\WINDOWS\is-QMDFC.msg
C:\WINDOWS\Keygen.exe
C:\WINDOWS\system32\shwbeuox.dll
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\system32\vsdsgjbh.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\vcfqzyhu
C:\efbd2f086b03ed839ded566ecede3e1b
C:\efbd2f086b03ed839ded566ecede3e1b\audiodev.dll
C:\efbd2f086b03ed839ded566ecede3e1b\blackbox.dll
C:\efbd2f086b03ed839ded566ecede3e1b\cewmdm.dll
C:\efbd2f086b03ed839ded566ecede3e1b\drmupgds.exe
C:\efbd2f086b03ed839ded566ecede3e1b\drmv2clt.dll
C:\efbd2f086b03ed839ded566ecede3e1b\laprxy.dll
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.401
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.404
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.405
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.406
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.407
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.408
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.409
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.40b
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.40c
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.40d
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.40e
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.410
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.411
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.412
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.413
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.414
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.415
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.416
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.419
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.41b
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.41d
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.41f
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.424
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.804
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.816
C:\efbd2f086b03ed839ded566ecede3e1b\locbin\wpdshextres.dll.c0a
C:\efbd2f086b03ed839ded566ecede3e1b\logagent.exe
C:\efbd2f086b03ed839ded566ecede3e1b\mfplat.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mp43decd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mp43dmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mp4sdecd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mp4sdmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mpg4decd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mpg4dmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\msnetobj.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mspmsnsv.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mspmsp.dll
C:\efbd2f086b03ed839ded566ecede3e1b\msscp.dll
C:\efbd2f086b03ed839ded566ecede3e1b\mswmdm.dll
C:\efbd2f086b03ed839ded566ecede3e1b\portabledeviceapi.dll
C:\efbd2f086b03ed839ded566ecede3e1b\portabledeviceclassextension.dll
C:\efbd2f086b03ed839ded566ecede3e1b\portabledevicetypes.dll
C:\efbd2f086b03ed839ded566ecede3e1b\portabledevicewiacompat.dll
C:\efbd2f086b03ed839ded566ecede3e1b\portabledevicewmdrm.dll
C:\efbd2f086b03ed839ded566ecede3e1b\qasf.dll
C:\efbd2f086b03ed839ded566ecede3e1b\spuninst.exe
C:\efbd2f086b03ed839ded566ecede3e1b\spupdsvc.exe
C:\efbd2f086b03ed839ded566ecede3e1b\update\update.exe
C:\efbd2f086b03ed839ded566ecede3e1b\update\update.inf
C:\efbd2f086b03ed839ded566ecede3e1b\update\update.ver
C:\efbd2f086b03ed839ded566ecede3e1b\update\updspapi.dll
C:\efbd2f086b03ed839ded566ecede3e1b\update\wmfdist11.cat
C:\efbd2f086b03ed839ded566ecede3e1b\update\wmfdist11.cdf
C:\efbd2f086b03ed839ded566ecede3e1b\update\wpdinstallutil.dll
C:\efbd2f086b03ed839ded566ecede3e1b\uwdf.exe
C:\efbd2f086b03ed839ded566ecede3e1b\wdfapi.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wdfmgr.exe
C:\efbd2f086b03ed839ded566ecede3e1b\wmadmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmadmoe.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmasf.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmdmlog.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmdmps.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmdrmdev.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmdrmnet.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmdrmsdk.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmidx.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmnetmgr.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmsdmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmsdmoe2.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmsetsdk.exe
C:\efbd2f086b03ed839ded566ecede3e1b\wmspdmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmspdmoe.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvadvd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvadve.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvcore.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvdecod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvdmod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvdmoe2.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvencod.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvsdecd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvsencd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wmvxencd.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpd_ci.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdconns.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdinstallutil.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdmtp.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdmtp.inf
C:\efbd2f086b03ed839ded566ecede3e1b\wpdmtpdr.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdmtphw.inf
C:\efbd2f086b03ed839ded566ecede3e1b\wpdmtpus.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdshext.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdshextautoplay.exe
C:\efbd2f086b03ed839ded566ecede3e1b\wpdshserviceobj.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdsp.dll
C:\efbd2f086b03ed839ded566ecede3e1b\wpdusb.sys
C:\Program Files\Bonjour
C:\Program Files\Bonjour\mdnsNSP.dll
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
C:\WINDOWS\is-QMDFC.exe
C:\WINDOWS\is-QMDFC.lst
C:\WINDOWS\is-QMDFC.msg
C:\WINDOWS\Keygen.exe
C:\WINDOWS\system32\TUKernel.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-13 19:56 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-13 19:56 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-13 19:56 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-13 19:56 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-13 19:56 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-13 19:56 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-13 19:56 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-13 19:56 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-13 19:56 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-12 18:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 18:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 16:31 . 2008-05-16 22:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 16:31 . 2008-05-10 16:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 23:28 . 2008-05-09 23:28 <DIR> d-------- C:\Program Files\CCleaner
2008-05-08 19:21 . 2008-05-08 19:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-05-08 15:58 . 2008-05-08 15:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-08 15:58 . 2008-05-08 15:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-08 15:58 . 2008-05-17 10:37 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-05-07 21:01 . 2008-05-07 21:01 10,985,472 --a------ C:\Documents and Settings\Jason\NTUSER.DAT_TU_13317
2008-05-07 21:01 . 2008-05-07 21:01 217,088 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_93419
2008-05-07 21:01 . 2008-05-07 21:01 102,400 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT_TU_89471
2008-05-07 17:46 . 2004-04-26 13:47 163,456 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-06 22:30 . 2008-05-06 22:31 <DIR> d-------- C:\Program Files\Audacity
2008-05-06 22:26 . 2008-05-06 22:58 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Mp3 Audio Editor
2008-05-06 16:58 . 2008-05-06 16:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-06 16:52 . 2008-05-06 16:52 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-05-05 17:00 . 2008-05-05 17:00 <DIR> d-------- C:\Program Files\Movkit
2008-05-05 16:36 . 2008-05-05 16:59 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-05 16:36 . 2008-05-05 17:00 <DIR> d-------- C:\Program Files\AVSMedia
2008-05-05 16:36 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-05 16:36 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-05-05 16:36 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-05-05 16:36 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-05-05 16:36 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-05-05 16:36 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-05-05 16:36 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-05 16:36 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-05-02 19:07 . 2008-05-09 16:16 50 --a------ C:\WINDOWS\MegaManager.INI
2008-05-02 18:36 . 2008-05-02 18:36 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\GlobalSCAPE
2008-05-02 16:10 . 2008-05-02 16:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Megaupload
2008-05-02 16:08 . 2008-05-02 16:09 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-02 16:08 . 2008-05-02 16:08 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\MegauploadToolbar
2008-04-28 21:12 . 2008-04-28 21:12 0 --a------ C:\WINDOWS\WB.ini
2008-04-28 19:52 . 2008-04-28 19:52 <DIR> d-------- C:\Program Files\Google
2008-04-25 23:37 . 2007-03-23 11:01 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-04-25 23:36 . 2008-04-25 23:36 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-25 23:36 . 2007-03-23 11:01 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-04-25 23:35 . 2008-04-25 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-24 21:48 . 2008-04-24 21:48 <DIR> d-------- C:\Program Files\DIFX
2008-04-24 19:46 . 2008-04-24 19:46 <DIR> d-------- C:\Program Files\Pure Networks
2008-04-23 15:52 . 2000-09-25 17:47 30,096 -ra------ C:\WINDOWS\system32\drivers\3ccmusb.sys
2008-04-23 15:52 . 2000-08-25 03:22 28,672 -ra------ C:\WINDOWS\system32\3ccmusbx.exe
2008-04-22 17:21 . 2008-05-13 15:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 16:18 . 2008-04-22 16:18 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\GeoVid
2008-04-22 16:16 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-04-22 16:15 . 2008-04-22 16:15 <DIR> d-------- C:\Program Files\GeoVid
2008-04-22 16:10 . 2008-04-22 16:12 275 --a------ C:\WINDOWS\w32dasm8.ini
2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Malwarebytes
2008-04-21 17:09 . 2008-04-21 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 19:48 . 2008-04-20 19:50 <DIR> d-------- C:\Program Files\AllToAVI
2008-04-20 19:36 . 2008-05-09 16:15 <DIR> d-------- C:\Program Files\MKVtoolnix
2008-04-20 14:53 . 2008-04-20 20:19 <DIR> d-------- C:\Program Files\Gabest
2008-04-20 14:52 . 2008-04-20 14:53 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo
2008-04-19 23:47 . 2008-04-21 17:37 <DIR> d-------- C:\Program Files\AutoShutdown
2008-04-18 20:00 . 2008-04-18 20:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-04-17 17:55 . 2008-04-20 14:54 <DIR> d-------- C:\Program Files\Flash Slideshow Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 22:31 --------- d-----w C:\Documents and Settings\Jason\Application Data\uTorrent
2008-05-17 19:39 --------- d-----w C:\Program Files\uTorrent
2008-05-17 18:33 --------- d-----w C:\Program Files\Steam
2008-05-17 06:02 --------- d-----w C:\Program Files\FlashGet
2008-05-15 22:31 --------- d-----w C:\Program Files\AIM
2008-05-15 02:35 --------- d-----w C:\Program Files\Paint.NET
2008-05-14 23:36 --------- d-----w C:\Program Files\Common Files\River Past
2008-05-14 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-05-09 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 03:28 --------- d-----w C:\Program Files\Diablo II
2008-05-08 00:46 --------- d-----w C:\Program Files\Stardock
2008-05-08 00:46 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-06 23:31 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-20 19:56 --------- d-----w C:\Program Files\Total Video Converter
2008-04-17 05:43 --------- d-----w C:\Documents and Settings\Jason\Application Data\U3
2008-04-17 02:20 --------- d-----w C:\Documents and Settings\Jason\Application Data\River Past G5
2008-04-17 00:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 00:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-16 23:55 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-16 22:57 --------- d-----w C:\Program Files\TI Education
2008-04-16 22:40 17,408 ----a-w C:\psapi.dll
2008-04-16 22:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 22:32 --------- d-----w C:\Program Files\Webroot
2008-04-16 22:32 --------- d-----w C:\Documents and Settings\Jason\Application Data\Webroot
2008-04-16 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-15 23:24 --------- d-----w C:\Program Files\GiPo@Utilities
2008-04-15 23:20 --------- d-----w C:\Program Files\SpywareGuard
2008-04-15 00:20 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 00:34 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-14 00:30 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-13 05:19 --------- d-----w C:\Program Files\eread7.0
2008-04-13 05:16 --------- d-----w C:\Program Files\real
2008-04-13 02:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 06:42 --------- d-----w C:\Program Files\Absolute MP3 Splitter
2008-04-12 06:41 --------- d-----w C:\Program Files\123 AVI to GIF Converter
2008-04-12 06:39 --------- d-----w C:\Program Files\CoffeeCup Software
2008-04-12 02:52 --------- d-----w C:\Program Files\Video-AVI to GIF Converter
2008-04-12 02:49 --------- d-----w C:\Program Files\Flash MP3 Player Builder
2008-04-12 02:48 --------- d-----w C:\Program Files\SourceTec
2008-04-12 02:48 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-04-09 04:35 --------- d-----w C:\Program Files\Replay Music 2
2008-04-09 04:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-08 02:08 --------- d-----w C:\Program Files\HP
2008-04-06 03:03 --------- d-----w C:\Program Files\Eset
2008-04-06 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-04-05 21:18 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-31 01:41 --------- d-----w C:\Program Files\avisplit
2008-03-31 01:34 --------- d-----w C:\Program Files\BT Engine
2008-03-31 00:29 --------- d-----w C:\Program Files\RM Converter
2008-03-30 22:47 --------- d-----w C:\Program Files\Xvid
2008-03-30 04:16 --------- d-----w C:\Program Files\DsNET Corp
2008-03-29 21:02 --------- d-----w C:\Program Files\Starcraft
2008-03-27 03:40 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-03-25 22:36 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-03-23 23:51 --------- d-----w C:\Program Files\Fast AVI MPEG Joiner
2008-03-23 23:37 --------- d-----w C:\Program Files\TechSmith
2008-03-23 20:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nero
2008-03-23 03:52 --------- d-----w C:\Documents and Settings\Jason\Application Data\Hamachi
2008-03-23 03:48 10,546 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-23 03:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-23 03:31 22,328 ----a-w C:\Documents and Settings\Jason\Application Data\PnkBstrK.sys
2008-03-22 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-22 20:09 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-03-21 05:27 --------- d-----w C:\Documents and Settings\Jason\Application Data\Nero
2008-03-21 05:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-21 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-21 05:20 --------- d-----w C:\Program Files\Nero
2008-03-20 03:37 --------- d-----w C:\Program Files\SEGA
2008-03-19 05:55 --------- d-----w C:\Documents and Settings\Jason\Application Data\Corel
2008-03-17 00:08 88 --sh--r C:\Documents and Settings\All Users\Application Data\B295045006.sys
2008-03-17 00:08 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-03 21:25 5,702 ---ha-w C:\WINDOWS\nod32restoretemdono.reg
.

((((((((((((((((((((((((((((( snapshot@2008-05-17_11.25.21.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 18:20:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 22:44:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-18 18:11 51184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 05:00 455168]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"CTHelper"="CTHELPER.EXE" [2004-03-19 01:33 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-02-28 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 15:42 321088]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54 5361464]

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomNGW]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-04-28 21:09 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Calendar"="C:\Program Files\Desksware\Calendar.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\krnblind55@hotmail.com\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-05-05 20:46]
R2 MBAMService;MBAMService;"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-05-05 20:46]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-02-28 05:00]
S0 nmfilter;DriverStudio Device Filter;C:\WINDOWS\system32\DRIVERS\nmfilter.sys []
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-02-28 05:00]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 3CCMUSB;3Com HomeConnect Cable Modem External with USB Driver;C:\WINDOWS\system32\DRIVERS\3ccmusb.sys [2000-09-25 17:47]
S3 cosdrv;CherryOS Network Adapter;C:\WINDOWS\system32\DRIVERS\cosdrv.sys [2005-03-07 12:59]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-05 14:18]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-17 17:47:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 00:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-17 03:51:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 15:45:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Jason\Application Data\Webroot\Spy Sweeper\Logs\080511165336.ses 1841 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-05-17 15:51:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 22:50:56
ComboFix2.txt 2008-05-17 18:26:14

Pre-Run: 90,937,282,560 bytes free
Post-Run: 90,894,184,448 bytes free

428 --- E O F --- 2008-05-14 03:32:25






Logfile of HijackThis v1.99.1
Scan saved at 3:52:37 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\CF22180.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202337510947
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: vtUomNGW - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DriveAlrt - {0b69cf67-52f0-4f8e-875d-1dc62b0e73b6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




right now, the computer seems to be running fine
so far, there is little lag

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 05:12 PM

Please wait until I let you know we're finished.

You have several anti-spyware programs running.

Spy Sweeper
AVG Anti-Spyware
Spybot - Search & Destroy
Malwarebytes' Anti-Malware <--I had you download this one.

You might want to consider getting down to 1 or 2 of these.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O20 - Winlogon Notify: vtUomNGW - C:\WINDOWS\
O21 - SSODL: DriveAlrt - {0b69cf67-52f0-4f8e-875d-1dc62b0e73b6} - (no file)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 05:39 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:35:51 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202337510947
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe





I prevented AVG and Webroots Spysweeper from running on startup, but when i look at the HJT log they still seem to be running
For some reason, Malwarebytes' Anti-Malware is using up over 50% of my CPU constantly... I can't tell if my computer is lagging from that or if I still have the problem. Either way, my computer is running pretty slow right now.

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 05:45 PM

You need To disable TeaTimer, it can stop our fix.

The best way is to do both, Right click the system tray icon and shut down. This will reset TT's registry snapshot. Then, open spybot in advanced mode and turn it off. When cleaning is done, open Spybot in advanced mode to turn back on.

Once fix is completed in the all clear post!!


Please do not delete anything unless instructed to.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    [list]
  • Posted Image

Next:

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
Malwarebytes' Anti-Malware
AVG Anti-Spyware



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"

Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 06:04 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:02:10 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202337510947
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



everything seems to be running fine now
there is no apparent lag or delay

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 06:06 PM

Good job. You should be good to go :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 yoshiness

yoshiness

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 17 May 2008 - 06:09 PM

Thanks for the help as usual :) Hopefully this problem won't come back

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users