1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

plz analyze my HijackThis Log

Discussion in 'General Software' started by HiddenStupid, Dec 26, 2007.

  1. HiddenStupid New Member

    Joined:
    Jul 17, 2007
    Messages:
    741 (0.20/day)
    Thanks Received:
    8
    unsafe tgps..... pop ups.... ask yes or cancel.... clicked cancel.... infected..... wallpaper replaced by fake anti virus advertisement..... 3 fake anti virus icon apear on desktop.... delete but resurrect itself....

    have scanned with:
    - TCspy
    - spybot
    - ad-aware
    - antivir
    - nod32
    - AVG anti virus
    - many more dont remember
    - each scanner takes whole day! 5,6,7 hours!
    - scanned all in safemode

    next
    - smitrem
    - smitfraudfix
    smitfraudfix got rid of the 3 fake icon on desktop and fake advertisement wallpaper... all happy.... but few hours comes back... sad.....

    next
    - atf cleaner
    - rogueremover
    -

    and now
    - AVG anti spyware
    it caught umm.. if i remmeber correctly... backdoor something and adwaretoolbar something and ummm grrr forgot.... umm cant think anyway it caught 3 malwares.
    edit: oh yeah the othe rone is legmir something something.

    next
    - ccleaner reg cleaner
    - ccleaner cleaner

    so far so good.... dont know if it really clean.

    next use HiJackThis and here sthe log

    this is in safemode:

    nevemrind... will post again if decide
     
    Last edited: Dec 26, 2007
    10 Year Member at TPU
  2. HiddenStupid New Member

    Joined:
    Jul 17, 2007
    Messages:
    741 (0.20/day)
    Thanks Received:
    8
    nevemrind... will post again if decide






    ok here it is

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:40:56 PM, on 12/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe..exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwmnf.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: run_startmenu.cmd
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
    O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/activex/IGOLauncher7.cab
    O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
    O21 - SSODL: alxvdvm - {8D835DAF-9A7F-4B36-89FB-D9D01906381B} - C:\WINDOWS\alxvdvm.dll
    O21 - SSODL: bvtqfvx - {BAEE5CD0-2E04-43F8-9021-B15F7BAB09A3} - C:\WINDOWS\bvtqfvx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
    O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 8586 bytes
     
    Last edited: Dec 27, 2007
    10 Year Member at TPU
  3. HiddenStupid New Member

    Joined:
    Jul 17, 2007
    Messages:
    741 (0.20/day)
    Thanks Received:
    8
    .....and here is SDfix log


    SDFix: Version 1.119

    Run by Owner on Wed 12/26/2007 at 09:53 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Owner\Desktop\Error Cleaner.url - Deleted
    C:\Documents and Settings\Owner\Favorites\Error Cleaner.url - Deleted
    C:\Documents and Settings\Owner\Desktop\Privacy Protector.url - Deleted
    C:\Documents and Settings\Owner\Favorites\Privacy Protector.url - Deleted
    C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url - Deleted
    C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url - Deleted
    C:\autorun.inf - Deleted
    C:\WINDOWS\alxvdvm.dll - Deleted
    C:\WINDOWS\bvtqfvx.dll - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\domnftwmnf.dll - Deleted
    C:\WINDOWS\emlkdvo.dll - Deleted
    C:\WINDOWS\fvkwdrt.exe - Deleted
    C:\WINDOWS\rs.txt - Deleted




    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-26 22:08:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG08.00.00.01WORKSTATION"="FB4307C6B06AAEB20C870D38DEA5C0760DF956084B29BE3048F3AADB90075445E01A868848A0CA0D342BA4FBD942BB3D9061D6AB944C12EB3B6BAC271DF0D8193FE86DA22CFADED31BFDE02795A921602CF866C02B1C1300F700DDCCE4CB29373F5960C8DD93BB3065B5CAC0234F382B1F9D92BDCD051F797D58EFD3EF1BD58A3C77D6B3D328C911EA67BFD0844BDB2C608BBE1DAA16A4A57EF9EBC9BC888444C4371D1FF89A01A6B90DEFE63056FAB31A689EDDE683FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D14078EDD5E5BE2F6E66718095FDBB90CE9C1C5A93ED50294881A0856E53F715D9A0BF335367FB6258023CEAC5C6A4F8EF82BBCD5849F5E1C3950C273E28058325B61968A0232F5B0201440F6EB2D8096F1E689209EE3E93A4883BD344EF2B40F50BE3EFA7AE0AE7E6E23DC30D2F6F449048790F1ED20CF05123D75C2C659591B21491D131C39F9E501ACABE58A7E2BD0D245CEFA86B213176730F98C20DEEC02EAC877A1174D4243E1B4476A3EDC725B74F9D32DB35E89100C2DEF47DF0EE9733F2B273CCD9349F70F5FDCD05091EF9974A5C13E71CBDB12B72F8E693F589FA3230019BA57E2A068FB76B0F452FD9D4151E95127738589C3165024AC2F91AFC90F7D4F3801FAAF7D0EE896F00FE9C60C7F0E4B291CFA63CF48508E1350F19121EFFB5E1549FB35249DC8FAA802FD0C38647D114388000F65E114C35C7917906928F7EF76636ABD4C7A4BDA3F5DCA6486DCC6163E03CB0736EAA34B12B67F4BE68B134144B732306B664A481E0441163D359C60220F7A97785FA9C0FEC4903361E391242A611FC17897C3EAF38EB7BEA5B3578CBDE10AE4E72FF65632181311A36CDCFC982FE27F7237D9FB31CA69CF8D8C6FC7A3E35EE2C3BDFECE7E5433FD7E5882C4432592C7D8E3D1C90AB7F28D47EC05582AB4BFDB4D645B037A5601E9C34CB18923FBA7D030AE9637788A5910A772DB926A24586D4C6EC45F02AC71974DDF416C739D0020809F353A392B824588305963C3B7B80A0B9C1DE23518DC1D75A1A723B5AADC92582F615C4EB7B66DC72E894AD62AD376D6A068247590FDE41C9284762DF563D7464BED3E7C7F269DC6661BD88B6800CD84A54E496B40F7AE2526974361071DF3E057D70F4C86623E6A48DFB70B93FA7C69461A1080864D0E7747447B2099783D3E283A170B07638B1EB6CF23C301E1C4E0913DC76574676600D11624779DC4E17E08D9304B6C81984F890668E73BB9BBC88D49D48C511276AC97B8D63DB538DFBFB59947DFD7FB47ED0B41EA6D7FE84D843178B0AD187CCBF25D7CC0093AED8BA6E106E1649CF55271FAE3A30FBFBA3579E7A565C3F4BE47C85B5723B6"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\n0\x152[\x17d\26NLuMQ9\x8dHr\v0]
    "Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,02,00,00,00,7a,..
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0A5D735-D056-B06A-4A00-0C1BBE81A98C}]
    "iaifhacomgppaakemb"=hex:6a,61,6c,66,62,6d,6e,6e,6f,63,68,62,61,69,6c,66,6d,69,6d,6e,00,..
    "haghfofolieimcbd"=hex:6b,61,64,67,6b,65,64,70,6c,69,67,63,66,64,69,65,6a,61,64,65,6f,..
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D18AE723-B919-4785-490F-E2034FA24ADD}]
    "eagninegpl"=hex:66,61,69,6e,66,6f,69,6c,6b,6b,64,6d,00,fc
    "dabofnpf"=hex:64,62,63,61,70,64,6c,68,6d,69,6c,6b,61,65,6f,6c,68,63,6b,70,63,..
    "iaopjflmkjieflcknn"=hex:6a,61,6c,61,70,66,67,61,6c,64,6b,68,64,69,68,6f,70,64,6c,63,00,..
    "haaapofampddgohl"=hex:6a,61,6c,61,70,66,67,61,6c,64,6b,68,64,69,68,6f,70,64,6c,63,00,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:paltalk Messenger 8.1"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe:*:Enabled:LaunchPad"
    "C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin"="C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
    "C:\\Program Files\\Phoenix Games Studio\\Fung Wan Online\\FWOnline.exe"="C:\\Program Files\\Phoenix Games Studio\\Fung Wan Online\\FWOnline.exe:*:Enabled:FWOnline"
    "C:\\Program Files\\VitalSign_IGO\\updater.exe"="C:\\Program Files\\VitalSign_IGO\\updater.exe:*:Enabled:delay"
    "C:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"="C:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe:*:Enabled:dndclient"
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\\Program Files\\Serious Sam 2 Demo\\Bin\\Sam2.exe"="C:\\Program Files\\Serious Sam 2 Demo\\Bin\\Sam2.exe:*:Disabled:Sam2"
    "C:\\Program Files\\Codemasters\\RF Online\\RF.exe"="C:\\Program Files\\Codemasters\\RF Online\\RF.exe:*:Enabled:RFLauncher"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\Program Files\\Cabal_ENG\\update\\ESTdnheadless.exe"="C:\\Program Files\\Cabal_ENG\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
    "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
    "C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
    "C:\\Program Files\\ZipTorrent\\ZipTorrent.exe"="C:\\Program Files\\ZipTorrent\\ZipTorrent.exe:*:Enabled:ZipTorrent Application"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
    "C:\\Program Files\\Chrome MP Demo 2004\\ChromeNet.exe"="C:\\Program Files\\Chrome MP Demo 2004\\ChromeNet.exe:*:Enabled:Chrome"
    "C:\\Alien Arena 2007\\crx.exe"="C:\\Alien Arena 2007\\crx.exe:*:Enabled:crx"
    "C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe:*:Enabled:Warhammerr: Mark of ChaosT Single Player Demo"
    "C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe:*:Enabled:GRAW_demo"
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown Demo\\Lockdown.exe"="C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown Demo\\Lockdown.exe:*:Enabled:Lockdown"
    "C:\\Program Files\\infinity_eng\\xclient.exe"="C:\\Program Files\\infinity_eng\\xclient.exe:*:Enabled:xclient"
    "C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARServer.exe"="C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARServer.exe:*:Enabled:F.E.A.R. MP Demo Dedicated Server"
    "C:\\Program Files\\Sierra\\FEAR MP Demo\\Config.exe"="C:\\Program Files\\Sierra\\FEAR MP Demo\\Config.exe:*:Enabled:F.E.A.R. MP Demo Configuration Utility"
    "C:\\Program Files\\Monte Cristo\\Silverfall Demo\\Silverfall.exe"="C:\\Program Files\\Monte Cristo\\Silverfall Demo\\Silverfall.exe:*:Enabled:Silverfall"
    "C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient"
    "C:\\Program Files\\Ubisoft\\Demo\\Techland\\Call of Juarez MP Demo\\CoJMPdemo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Techland\\Call of Juarez MP Demo\\CoJMPdemo.exe:*:Enabled:ChromeEngine3"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Documents and Settings\\Owner\\My Documents\\My Completed Downloads\\wowclient-downloader.exe"="C:\\Documents and Settings\\Owner\\My Documents\\My Completed Downloads\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
    "C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe"="C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe:*:Enabled:Templar"
    "C:\\Program Files\\Fury\\Binaries\\LauncherApp.exe"="C:\\Program Files\\Fury\\Binaries\\LauncherApp.exe:*:Enabled:LauncherApp"
    "C:\\Program Files\\Metin2_UK\\metin2.bin"="C:\\Program Files\\Metin2_UK\\metin2.bin:*:Enabled:metin2"
    "C:\\Program Files\\Silent Grove Studios\\Dawnspire\\Dawnspire.exe"="C:\\Program Files\\Silent Grove Studios\\Dawnspire\\Dawnspire.exe:*:Enabled:Dawnspire"
    "C:\\Program Files\\NGD Studios\\Regnum Online\\LiveServer\\ROClientGame.exe"="C:\\Program Files\\NGD Studios\\Regnum Online\\LiveServer\\ROClientGame.exe:*:Enabled:RegnumOnline"
    "C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\MageKnight.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\MageKnight.exe:*:Enabled:MageKnight"
    "C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\update.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\update.exe:*:Enabled:Auto Update "
    "C:\\Program Files\\WEBZEN\\Soul of the Ultimate Nation\\VMModule._ex"="C:\\Program Files\\WEBZEN\\Soul of the Ultimate Nation\\VMModule._ex:*:Disabled:AA" A«¬§A’A"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\X2S06NW5\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\X2S06NW5\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\ZXDFA2AP\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\ZXDFA2AP\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nslA5.tmp\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nslA5.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:playOnline Viewer"
    "C:\\Program Files\\Guild Wars\\Gw.exe"="C:\\Program Files\\Guild Wars\\Gw.exe:*:Enabled:Guild Wars"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:pnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:pnkBstrB"
    "C:\\Program Files\\Immortals Online\\Immortals.exe"="C:\\Program Files\\Immortals Online\\Immortals.exe:*:Enabled:Immortals"
    "C:\\UT2004Demo\\System\\UT2004.exe"="C:\\UT2004Demo\\System\\UT2004.exe:*:Enabled:UT2004"
    "C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
    "C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:<ijji Downloader>"
    "C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin"="C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin:*:Enabled:LevelR"
    "C:\\Program Files\\Talisman\\game.exe"="C:\\Program Files\\Talisman\\game.exe:*:Enabled:Talisman online"
    "C:\\Program Files\\DriftCity\\DriftCity.exe"="C:\\Program Files\\DriftCity\\DriftCity.exe:*:Enabled:DriftCity"
    "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nse1B.tmp\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nse1B.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe"="C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe:*:Enabled:Mythos"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    --- 4,263 ..SH. --- "C:\WINDOWS\windllreg1c.sys"
    Fri 23 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT14.tmp"
    Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3.tmp"
    Wed 26 Dec 2007 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4.tmp"
    Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT9.tmp"
    Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BITC.tmp"
    Wed 26 Dec 2007 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BITD.tmp"
    Wed 21 Nov 2007 1,776 ...HR --- "C:\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!
     
    10 Year Member at TPU
  4. erocker

    erocker Senior Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    42,315 (10.30/day)
    Thanks Received:
    18,373
    Dude, wtf is this shit? You need to stop watching so much pr0n. If you actually did all the things to remedy this that you said you did, you shouldn't have any problems. You might as well just nuke all your HDD's and start over. And stop watching so much damn pr0n!!:shadedshu

    Dude, please remove your damn spyware links. Why are you trying to hurt our computers too?!
     
    10 Year Member at TPU
  5. Kursah

    Kursah Moderator Staff Member

    Joined:
    Oct 15, 2006
    Messages:
    10,831 (2.69/day)
    Thanks Received:
    5,001
    Location:
    Missoula, MT, USA
    Gotta agree with erocker there Hidden, this is pretty rediculous. Proper precaution can save you from hassles like this, and going to places that thrive on spreading the junk you have only make matters worse.

    Plus those 3 posts are rediculous...no way I'm going to read through all of them word for word! :p

    I hope you can get your rig back in shape w/o nuking and starting over though.

    :toast:
     
    10 Year Member at TPU
  6. ktr

    ktr

    Joined:
    Apr 7, 2006
    Messages:
    7,404 (1.76/day)
    Thanks Received:
    683
    Back up you data, and re-install windows. You brought this upon yourself by installing programs like kazaa, Morpheus, limewire, etc...which are known apps to contain massive amounts of malware. What i would do is backup you data, re-install windows, install VirtualPC (free) and install another windows on that...and use that for you dling.
     
    10 Year Member at TPU
  7. wiak

    wiak

    Joined:
    Sep 5, 2004
    Messages:
    1,869 (0.39/day)
    Thanks Received:
    247
    Location:
    The Kingdom of Norway
    go into msconfig > Startup and REMOVE everything in there
    and then in services and click on "hide all Microsoft services" and remove all tose non-m$
    and then apply and OK, then reboot
    then it should be fixed
    as you wont have any crap load on startup ;)
    and you should try NOD32 and remove some more crap :)
    http://www.eset.com/
     
    10 Year Member at TPU
  8. HiddenStupid New Member

    Joined:
    Jul 17, 2007
    Messages:
    741 (0.20/day)
    Thanks Received:
    8
    hey that might be a great idea.... I heard of virtual pc before. it is great idea if I decided to give up and reformat.



    I never knew you could remove all non ms stuff at startup. that is a great idea.... might be doing it later.













    here is the latest hijackthis log after ran SDfix.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:30:51 PM, on 12/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe..exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: run_startmenu.cmd
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
    O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/activex/IGOLauncher7.cab
    O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
    O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 8158 bytes
     
    10 Year Member at TPU
  9. wiak

    wiak

    Joined:
    Sep 5, 2004
    Messages:
    1,869 (0.39/day)
    Thanks Received:
    247
    Location:
    The Kingdom of Norway
    you are just jelius for NOT having a 3870 witch is 50% cheaper than 2900 XT and has UVD hehe
     
    10 Year Member at TPU
  10. erocker

    erocker Senior Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    42,315 (10.30/day)
    Thanks Received:
    18,373
    I think you should change your name to ObviousStupid. Blessed are the meek.:laugh: I think though, you really need to simplify your system.
     
    10 Year Member at TPU
  11. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    9,896 (2.27/day)
    Thanks Received:
    2,339
    Either you have edited your running process list, or you have a rootkit, plus alot of other issues.


    Your are missing some key windows components in your running list, and stop starting it in safe mode, unless that is all you can start it in.




    Get me a screen shot of lspfix. http://www.cexx.org/lspfix.htm DO NOT DELETE ANYTHING!!!!!
     
    10 Year Member at TPU 10 Million points folded for TPU
  12. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    9,896 (2.27/day)
    Thanks Received:
    2,339
    YOu can do this the easy way, and still have some crap, or the hard way and have to re-install a bit of software.

    So here is the hard way, to make sure that no files have become infected/corrupt. Some programs might not work correctly untill you reinstall them.



    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - Global Startup: run_startmenu.cmd
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/down...auncherNew.cab
    O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/a...OLauncher7.cab
    O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
    O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe





    Check all these. and click fix, Before you do so however download on a UNINFECTED PC and burn to a CD-ROM or some other non changeable media the following.


    http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0
    http://free.grisoft.com/doc/avg-anti-spyware-free/lng/us/tpl/v5



    Use both free editions, as they will work fine for our purposes.

    I will also need the screen shot of what LSPfix comes up with.

    http://www.filehippo.com/download_ccleaner/

    Get the most recent edition.

    http://www.download.com/3000-2085-10062969.html


    This is useful if you keep getting infected by a boot time resident DLL, you can add a wrong entry to your hosts file to prevent the connection from becoming active. A screenshot of this.




    Once you have all of that downloaded, and installed, then unplug from the net, and fix the checked, then start running the anit-spyware, then the rootkit checker. After that run crap cleaner, let it delete all your temp files, get that screenshot of LSPfix, do not reconnect to the internet.

    Also you might consider getting Comodo Firewall, it is really good, but can be annoying. However it has saved me a few times from things that anti-virus, anti-spyware, and a rootkit detector has ignored.
     
    10 Year Member at TPU 10 Million points folded for TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)