dan_plus_o

Hello one of my friends on msn keeps sending me a link and a right after. I have looked this up on google before and apparently it is some kind of bug or something.. Anyways today I accidentally clicked right on it as I have sitting down on my computer.. Some strange stuff started happening. For example it was if my left arrow key was being held down constantly. When I would right click on the desktop the drop down menu would turn invisible. So I am now worried that something might be fishy in my pc. So here is my Hijackthis log. If someone with HJT knowledge could plz look at it and tell me if anything looks off.. Whats with the stuff that say (no name).

---------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:03 AM, on 12/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "D:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192540456218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{811315AE-58C1-465A-8A94-018C0FCFE5A0}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6104 bytes

__________________
Case: Antec 900
Mobo: EVGA 680i (TR Version)
CPU: Intel Core 2 Duo E6850
GPU: EVGA Geforce 8800 GTS Superclocked 640MB
RAM: 4x1GB Patriot Extreme Performance (800MHz)
PSU: Corsair 620HX

dan_plus_o

Anyone?

I would also like to add that recently my computer get held up trying to come out of standby. When I turn my PC on (from Standby) it just shows my background for about 20-30 seconds and then goes to the login screen.

__________________
Case: Antec 900
Mobo: EVGA 680i (TR Version)
CPU: Intel Core 2 Duo E6850
GPU: EVGA Geforce 8800 GTS Superclocked 640MB
RAM: 4x1GB Patriot Extreme Performance (800MHz)
PSU: Corsair 620HX

dan_plus_o

This will be my last bump.. Hopefully someone will take a look.

__________________
Case: Antec 900
Mobo: EVGA 680i (TR Version)
CPU: Intel Core 2 Duo E6850
GPU: EVGA Geforce 8800 GTS Superclocked 640MB
RAM: 4x1GB Patriot Extreme Performance (800MHz)
PSU: Corsair 620HX

ceewi1

There's nothing obviously wrong in that log, I'd like to look a little deeper:

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

dan_plus_o

Hey, thanks for the reply.. Sorry it toke me so long to get the log posted up but here it is..
----------------------------------------------

ComboFix 08-05-21.3 - Dano 2008-05-31 14:44:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2274 [GMT -7:00]
Running from: D:\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tmp76.tmp
C:\WINDOWS\system32\tmp77.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-28 18:09 . 2008-05-31 14:45 3,152,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 18:09 . 2008-05-31 14:45 22,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-28 18:09 . 2008-05-29 11:54 19,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 18:09 . 2008-05-29 11:54 3,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-26 01:25 . 2008-05-26 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-20 14:44 . 2008-05-20 14:44 397,312 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-05-17 17:44 . 2008-05-17 17:44 118 --a------ C:\WINDOWS\FICEDULA.INI
2008-05-14 01:11 . 2008-05-14 01:12 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-05-12 18:34 . 2008-04-13 17:12 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-05-12 04:14 . 2008-05-12 04:14 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-12 04:14 . 2008-05-12 04:14 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-12 04:14 . 2008-05-12 04:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-12 04:14 . 2008-05-12 04:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-12 04:13 . 2008-05-12 04:13 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-12 04:06 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 02:49 . 2008-05-12 02:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-11 17:32 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-05-11 17:31 . 2008-05-11 17:31 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-11 17:31 . 2008-03-04 11:02 159,975 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-08 20:14 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-05-08 20:14 . 2008-05-08 20:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2008-05-08 20:14 . 2008-05-08 20:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf
2008-05-08 02:45 . 2008-05-08 02:45 <DIR> d-------- C:\Documents and Settings\Dano\Application Data\gtk-2.0
2008-05-08 02:44 . 2008-05-08 20:14 <DIR> d-------- C:\Documents and Settings\Dano\Application Data\.purple
2008-05-08 02:41 . 2008-05-08 02:41 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-04-29 19:56 . 2008-04-29 19:56 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 19:56 . 2008-04-29 19:56 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-28 18:30 . 2008-04-28 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-23 18:51 . 2008-04-23 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Line 6
2008-04-23 18:51 . 2008-04-02 14:16 521,088 --a------ C:\WINDOWS\system32\drivers\L6TPortA.sys
2008-04-23 18:51 . 2008-04-02 14:16 167,936 --a------ C:\WINDOWS\system32\l6tpux1.dll
2008-04-23 18:51 . 2008-04-02 14:16 29,312 --a------ C:\WINDOWS\system32\drivers\l6dp.sys
2008-04-23 17:48 . 2008-04-23 17:48 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-04-23 17:48 . 2008-04-23 18:51 370 --a------ C:\WINDOWS\GearBox.ini
2008-04-17 19:11 . 2008-04-17 19:11 1,112,288 --a------ C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-15 18:05 . 2008-04-15 18:10 <DIR> d-------- C:\Program Files\Line6
2008-04-15 18:05 . 2008-04-23 18:51 <DIR> d-------- C:\Documents and Settings\Dano\Application Data\Line 6
2008-04-13 17:11 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 11:56 . 2008-04-13 11:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 11:56 . 2008-04-13 11:56 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 11:51 . 2008-04-13 11:51 101,120 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 11:46 . 2008-04-13 11:46 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 11:46 . 2008-04-13 11:46 121,984 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 11:46 . 2008-04-13 11:46 59,136 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 11:46 . 2008-04-13 11:46 37,888 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 11:46 . 2008-04-13 11:46 36,480 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 11:46 . 2008-04-13 11:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 11:46 . 2008-04-13 11:46 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 11:46 . 2008-04-13 11:46 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 11:45 . 2008-04-13 11:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-04-13 11:45 . 2008-04-13 11:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 11:43 . 2008-04-13 11:43 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 11:43 . 2008-04-13 11:43 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 11:43 . 2008-04-13 11:43 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-04-13 11:40 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 11:36 . 2008-04-13 11:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2008-04-13 11:36 . 2008-04-13 11:36 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2008-04-13 11:36 . 2008-04-13 11:36 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2008-04-13 11:36 . 2008-04-13 11:36 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2008-04-13 11:36 . 2008-04-13 11:36 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2008-04-13 11:36 . 2008-04-13 11:36 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2008-04-13 11:36 . 2008-04-13 11:36 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2008-04-13 11:36 . 2008-04-13 11:36 40,960 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2008-04-13 11:36 . 2008-04-13 11:36 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-04-13 11:14 . 2008-04-13 11:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 10:27 . 2008-04-13 10:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-04-13 10:27 . 2008-04-13 10:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-10 22:35 . 2008-05-31 14:30 <DIR> d-------- C:\Documents and Settings\Dano\Application Data\SiteAdvisor
2008-04-10 22:35 . 2008-04-10 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-10 22:35 . 2008-04-10 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-02 14:16 . 2008-04-02 14:16 700,416 --a------ C:\WINDOWS\system32\L6DriverControlPanel.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-31 08:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-31 08:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-31 08:21 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-30 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 18:39 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-29 01:55 --------- d-----w C:\Documents and Settings\Dano\Application Data\uTorrent
2008-05-29 01:36 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-29 01:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-14 08:30 --------- d-----w C:\Documents and Settings\Dano\Application Data\Bioshock
2008-05-14 07:49 --------- d-----w C:\Documents and Settings\Dano\Application Data\DivX
2008-05-12 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 06:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 03:38 --------- d-----w C:\Program Files\Java
2008-05-02 09:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 09:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 09:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 09:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-05-02 09:38 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
2008-04-30 02:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-30 02:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-30 02:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-04-30 02:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-30 02:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-26 02:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-20 11:36 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-17 23:33 4,707,328 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:46 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 19,200 ----a-w C:\WINDOWS\system32\drivers\wstcodec.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-03-04 11:02 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 11:02 8523776]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"EVGAPrecision"="D:\Program Files\EVGA Precision\EVGAPrecision.exe" [2008-05-27 09:28 199696]

C:\Documents and Settings\Dano\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - D:\Program Files\ObjectDock\ObjectDock.exe [11/22/2007 10:23:40 PM 3581680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [5/21/2008 5:03:00 PM 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1.0\adialhk. dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Dano^Start Menu^Programs^Startup^Slacker Tray App.lnk]
path=C:\Documents and Settings\Dano\Start Menu\Programs\Startup\Slacker Tray App.lnk
backup=C:\WINDOWS\pss\Slacker Tray App.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 03:29 220544 D:\Program Files\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
D:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
--a------ 2007-02-01 15:07 285696 C:\Program Files\Portrait Displays\forteManager\DTHtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsMa nager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
D:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2008-01-04 18:33 684118 C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-03-04 11:02 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 13:52 75584 D:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-30 19:38 1271032 d:\games\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS_eCare_Lite_McciTra yApp]
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 14:46 709992 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-04-29 19:56 158624 d:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"McciCMService"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"Bonjour Service"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"LVCOMSer"=2 (0x2)
"LBTServ"=3 (0x3)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"pr2ah4nb"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Games\\F.E.A.R. Combat\\FEARMP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Games\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Games\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Games\\Battlefield 2142\\BF2142.exe"=
"D:\\Games\\Battlefield 2\\BF2.exe"=
"D:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.e xe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Games\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"D:\\Games\\Guitar Hero III\\GH3.exe"=
"D:\\Program Files\\Utorrent\\uTorrent.exe"=
"D:\\Games\\Half-Life-2\\hl2.exe"=
"D:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Games\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=
"D:\\Games\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=
"D:\\Games\\Call of Duty 4\\iw3mp.exe"=
"D:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"D:\\Games\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"D:\\Games\\The Club\\Launcher.exe"=
"D:\\Games\\The Club\\TheClub.exe"=
"D:\\Games\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=
"D:\\Games\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Games\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Games\\FEAR\\FEAR.exe"=
"D:\\Games\\FEAR\\FEARMP.exe"=
"D:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sy s [2007-06-11 04:11]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sy s [2007-06-11 04:10]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2008-04-02 14:16]
S3 L6TPortA;Service - Line 6 TonePort UX1;C:\WINDOWS\system32\Drivers\L6TPortA.sys [2008-04-02 14:16]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 10:43]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 10:43]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 uisp;Motorola USB ICP driver;C:\WINDOWS\system32\Drivers\usbicp.sys []
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 14:46]
S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-26 10:43]
S4 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc []
S4 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S4 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{df437c5e-a556-11dc-b7f9-00044b026722}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HolyBible.chm

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 14:45:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-31 14:46:31
ComboFix-quarantined-files.txt 2008-05-31 21:46:17

Pre-Run: 9,212,153,856 bytes free
Post-Run: 9,516,204,032 bytes free

369 --- E O F --- 2008-04-09 10:15:11

__________________
Case: Antec 900
Mobo: EVGA 680i (TR Version)
CPU: Intel Core 2 Duo E6850
GPU: EVGA Geforce 8800 GTS Superclocked 640MB
RAM: 4x1GB Patriot Extreme Performance (800MHz)
PSU: Corsair 620HX

cohen

Yes people's msn do send links and i have said to them change their password.... and then if it still happens then they have a virus.... i have ever accepted crap like that..... so just be careful!

__________________

dan_plus_o

Yeah I have told him to change his password but I don't think he did.. Stupid Kid! I didn't mean to click on it I was trying to highlight it so I could look it up on google and I guess I clicked too close to it and it opened the link.

__________________
Case: Antec 900
Mobo: EVGA 680i (TR Version)
CPU: Intel Core 2 Duo E6850
GPU: EVGA Geforce 8800 GTS Superclocked 640MB
RAM: 4x1GB Patriot Extreme Performance (800MHz)
PSU: Corsair 620HX

ceewi1

His system is likely infected, it would be a good idea for him to post a log here.

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please click on Start -> Search. Search for HolyBible.chm. If it's found please go to http://www.virustotal.com/ and upload the file for analysis.

Allow the file to be scanned, and then please copy and paste the results here for me to see.

If that scanner is busy, please use this one: http://virusscan.jotti.org

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

dan_plus_o

I searched for HolyBible.chm and nothing was found. I also searched hidden folders and files.

Here is the Malwarebytes' Anti-Malware log:
--------------------------------------------
Malwarebytes' Anti-Malware 1.14
Database version: 812

4:10:58 PM 01/06/2008
mbam-log-6-1-2008 (16-10-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 369681
Time elapsed: 1 hour(s), 18 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (StartMenu.Hijack) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

__________________
Case: Antec 900
Mobo: EVGA 680i (TR Version)
CPU: Intel Core 2 Duo E6850
GPU: EVGA Geforce 8800 GTS Superclocked 640MB
RAM: 4x1GB Patriot Extreme Performance (800MHz)
PSU: Corsair 620HX

ceewi1

Your logs appear to be clean. How is your system running?

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths