ComputerForum.com ComputerForum.com  
TigerDirect
  
Go Back   Computer Forum > Computer Software > Computer Security
Popups Popups
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes
Old 06-20-2008, 01:28 AM   #1 (permalink)
Bronze Member
 
Join Date: Jan 2005
Posts: 92
Default Popups
I just got a new college issued laptop and it’s a piece of crap Dell Latitude. Here is the problem; I have gotten lots of popups, so I downloaded a couple of popup blockers, to see what the best one was. I found one that stopped the popups, but with it installed I wasn’t able to load a couple of websites such as gmail, yahoo, and some forums that I regularly go on. So I guessed it was the popup blockers so I uninstalled and deleted as far as I can tell everything that is associated with them. So after I did that everything was back to normal. During the night, the power went out, I restarted the computer and now I am back to not being able to load some pages. Any ideas on what I can check settings or anything.
camaro1185 is offline   Reply With Quote


Old 06-20-2008, 01:33 AM   #2 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
Download and install hijackthis from the link posted below. Run it and click "Do a system scan only". When its finished click "save log". Then copy ALL the text and paste it here in a new post.

http://www.trendsecure.com/portal/en...kthis/download


Click "Download Hijackthis Installer".

Note: This program is needed to identify if you are infected. If we find that the log is clean then we will move on with different steps.
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 06-20-2008, 02:14 AM   #3 (permalink)
Bronze Member
 
Join Date: Jan 2005
Posts: 92
Default
Logfile of HijackThis v1.98.2
Scan saved at 9:21:44 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
E:\Apps\Common Programs\Hijack This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vernier.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {074DCAE7-5496-46B5-BF19-46754B3CFC11} - (no file)
O2 - BHO: (no name) - {3a75bc81-18bb-417a-8007-a700c1933e84} - (no file)
O2 - BHO: (no name) - {530CE5DB-202C-4AE2-8CB7-C18F23306EAD} - C:\WINDOWS\system32\geBuUlLD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {853B95C0-607B-4596-97B0-74C4E2C657EF} - C:\WINDOWS\system32\urqPHAtT.dll (file missing)
O2 - BHO: {94318282-b7d8-0678-6724-8dab40d93b79} - {97b39d04-bad8-4276-8760-8d7b28281349} - C:\WINDOWS\system32\yrvckije.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: (no name) - {CB2D0806-8D5A-4259-83B7-70FDBABD5D73} - (no file)
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - C:\WINDOWS\system32\hgGASMdB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d458cd1f] rundll32.exe "C:\WINDOWS\system32\fshwgjmw.dll",b
O4 - HKLM\..\Run: [BMd76bfe83] Rundll32.exe "C:\WINDOWS\system32\ioujeptc.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.wit.edu/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\Software\..\Telephony: DomainName = wit.private
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wit.private
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
camaro1185 is offline   Reply With Quote
Old 06-20-2008, 03:08 AM   #4 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
You forgot the bottom part. The byte size part.

Anyways if you dont mind there are a few things in there that are slowing your system down. Is it alright if we do that first? Then we can get to the pop-ups problem. The first thing is I see you have Viewpoint Manager installed. Dont worry it is installed with AIM and Viewpoint is not needed for AIM but, Viewpoint is a major system hog. To get rid of this go to add/remove programs and un-install Viewpoint manager. When you have done that post a FRESH hijackthis log.
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 06-20-2008, 04:45 AM   #5 (permalink)
Bronze Member
 
Join Date: Jan 2005
Posts: 92
Default
Logfile of HijackThis v1.98.2
Scan saved at 11:53:15 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
E:\Apps\Common Programs\Hijack This.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vernier.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {074DCAE7-5496-46B5-BF19-46754B3CFC11} - (no file)
O2 - BHO: (no name) - {3a75bc81-18bb-417a-8007-a700c1933e84} - (no file)
O2 - BHO: (no name) - {530CE5DB-202C-4AE2-8CB7-C18F23306EAD} - C:\WINDOWS\system32\geBuUlLD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {853B95C0-607B-4596-97B0-74C4E2C657EF} - C:\WINDOWS\system32\urqPHAtT.dll (file missing)
O2 - BHO: {94318282-b7d8-0678-6724-8dab40d93b79} - {97b39d04-bad8-4276-8760-8d7b28281349} - C:\WINDOWS\system32\yrvckije.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: (no name) - {CB2D0806-8D5A-4259-83B7-70FDBABD5D73} - (no file)
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - C:\WINDOWS\system32\hgGASMdB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d458cd1f] rundll32.exe "C:\WINDOWS\system32\fshwgjmw.dll",b
O4 - HKLM\..\Run: [BMd76bfe83] Rundll32.exe "C:\WINDOWS\system32\ioujeptc.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.wit.edu/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\Software\..\Telephony: DomainName = wit.private
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wit.private
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
camaro1185 is offline   Reply With Quote


Old 06-20-2008, 04:57 AM   #6 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
Ok to me your log looks clean but, you still didnt post the whole log. When you press save log and the notepad pops up go to Edit and click Select all and then go to Edit and press Copy. Then paste it here.

The next step is running combofix. Click on the link below to download and save it to your desktop. Then close all programs and double click "Combofix". A blue prompt (window) will appear. During Combofix's scanning it will change your clock and icons. DO NOT change them back. When Combofix is done it will automatically restart your pc. When you sign back on a Text file will appear. If it doesnt it is located in your root C drive. Copy ALL the text and paste it here along with a fresh Hijackthis log.

Download from any of the following places:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 06-20-2008, 08:53 AM   #7 (permalink)
Moderator
 
ceewi1's Avatar
 
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 21
Posts: 5,237
Default
He has posted the whole log, and the log shows a Vundo infection.

camaro1185, you are running a very old version of HijackThis.

Please delete this version from your PC and download the HijackThis installer from http://www.trendsecure.com/portal/en...HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Please use this version for posting further HijackThis logs.


Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log from the new version.
__________________

CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870
RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths
As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity.
- The "Warranty void if removed" sticker on numerous CoolerMaster PSUs.
ceewi1 is offline   Reply With Quote
Old 06-20-2008, 12:37 PM   #8 (permalink)
Bronze Member
 
Join Date: Jan 2005
Posts: 92
Default
Thanks for all the help guys! here is the combofix file and the new Hijack this file:

combofix:

ComboFix 08-06-19.2 - varhuem 2008-06-20 7:07:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1185 [GMT -4:00]
Running from:
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BMd76bfe83.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aylknvco.dll
C:\WINDOWS\system32\bhyjbnli.dll
C:\WINDOWS\system32\bkbvxcgh.dll
C:\WINDOWS\system32\buewmnky.dll
C:\WINDOWS\system32\bwtavvaw.ini
C:\WINDOWS\system32\djphvggt.ini
C:\WINDOWS\system32\dkipppvp.dll
C:\WINDOWS\system32\DLlUuBeg.ini
C:\WINDOWS\system32\DLlUuBeg.ini2
C:\WINDOWS\system32\eapoytgt.dll
C:\WINDOWS\system32\efmfifoj.dll
C:\WINDOWS\system32\eleeqslf.ini
C:\WINDOWS\system32\emccgrad.dll
C:\WINDOWS\system32\fknuxkvj.ini
C:\WINDOWS\system32\fkuiwjte.ini
C:\WINDOWS\system32\foelccet.exe
C:\WINDOWS\system32\fqvvtejf.dll
C:\WINDOWS\system32\fshwgjmw.dll
C:\WINDOWS\system32\fvavojtx.dll
C:\WINDOWS\system32\geBuUlLD.dll
C:\WINDOWS\system32\ghevlqfo.ini
C:\WINDOWS\system32\gsoyhdrl.ini
C:\WINDOWS\system32\gwmcekuh.ini
C:\WINDOWS\system32\gxieirih.dll
C:\WINDOWS\system32\hldppsti.dll
C:\WINDOWS\system32\hovcgsnu.exe
C:\WINDOWS\system32\hpqqpcch.dll
C:\WINDOWS\system32\hturdljm.dll
C:\WINDOWS\system32\hukecmwg.dll
C:\WINDOWS\system32\hxjdavhe.dll
C:\WINDOWS\system32\hxsxuwlt.dll
C:\WINDOWS\system32\imymxxdk.dll
C:\WINDOWS\system32\ioujeptc.dll
C:\WINDOWS\system32\jcvrcejk.dll
C:\WINDOWS\system32\jdpqpfhj.dll
C:\WINDOWS\system32\jevrxvuw.dll
C:\WINDOWS\system32\jgmgqxyo.exe
C:\WINDOWS\system32\jyknilve.dll
C:\WINDOWS\system32\kbsywbsu.dll
C:\WINDOWS\system32\kkbfueni.dll
C:\WINDOWS\system32\kqvfgrrc.dll
C:\WINDOWS\system32\laoicyaf.dll
C:\WINDOWS\system32\ldapvubl.ini
C:\WINDOWS\system32\lnlsltox.dll
C:\WINDOWS\system32\lsilapab.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdngerwv.exe
C:\WINDOWS\system32\mppuypwg.ini
C:\WINDOWS\system32\mrpaugxr.ini
C:\WINDOWS\system32\myatvapw.dll
C:\WINDOWS\system32\nkedxhlx.dll
C:\WINDOWS\system32\ocgaxpqm.ini
C:\WINDOWS\system32\ocwjkshh.dll
C:\WINDOWS\system32\odwwrhuu.ini
C:\WINDOWS\system32\oqiitkvf.ini
C:\WINDOWS\system32\owqpempy.exe
C:\WINDOWS\system32\oxfibyqs.ini
C:\WINDOWS\system32\pgywdayp.exe
C:\WINDOWS\system32\qdmvntmh.dll
C:\WINDOWS\system32\qksdbcpi.dll
C:\WINDOWS\system32\qyrehyhg.ini
C:\WINDOWS\system32\rfbsoadc.dll
C:\WINDOWS\system32\rmbhmhpj.exe
C:\WINDOWS\system32\rslvlkgp.exe
C:\WINDOWS\system32\TtAHPqru.ini
C:\WINDOWS\system32\TtAHPqru.ini2
C:\WINDOWS\system32\uuhrwwdo.dll
C:\WINDOWS\system32\vahfwjxt.dll
C:\WINDOWS\system32\vdmhddqq.ini
C:\WINDOWS\system32\vmvowmaw.exe
C:\WINDOWS\system32\wdbltxau.dll
C:\WINDOWS\system32\WEfOqXyb.ini
C:\WINDOWS\system32\WEfOqXyb.ini2
C:\WINDOWS\system32\wjkfqkoc.dll
C:\WINDOWS\system32\wmjgwhsf.ini
C:\WINDOWS\system32\wuvxrvej.ini
C:\WINDOWS\system32\xlkhvhlq.dll
C:\WINDOWS\system32\yfwwrwiq.exe
C:\WINDOWS\system32\yjwwprht.dll
C:\WINDOWS\system32\yrvckije.dll
E:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://witwsus.wit.private
.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 07:17 . 2008-06-20 07:17 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-18 22:22 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-18 22:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-18 22:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-18 22:22 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-18 14:44 . 2008-06-18 14:44 <DIR> d-------- C:\Program Files\CCleaner
2008-06-18 12:39 . 2008-06-18 14:29 <DIR> d-------- C:\Incomplete
2008-06-18 12:38 . 2008-06-18 14:30 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\LimeWire
2008-06-18 12:37 . 2008-06-18 12:38 <DIR> d-------- C:\Program Files\LimeWire
2008-06-18 11:45 . 2008-06-18 11:45 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\STOPzilla!
2008-06-18 11:44 . 2008-06-18 20:52 <DIR> d-------- C:\Program Files\STOPzilla!
2008-06-18 11:42 . 2008-06-18 11:54 <DIR> d-------- C:\Program Files\Desktop Armor
2008-06-16 18:56 . 2008-06-16 18:57 99 --a------ C:\WINDOWS\WirelessFTP.INI
2008-06-15 12:13 . 2008-06-15 12:13 <DIR> d-------- C:\Program Files\AOD
2008-06-15 12:13 . 2008-06-15 12:13 <DIR> d-------- C:\Program Files\AIM
2008-06-15 12:13 . 2008-06-15 12:14 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\Aim
2008-06-15 12:13 . 2002-12-18 18:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-06-15 11:52 . 2008-06-18 20:43 2,397 --a------ C:\WINDOWS\mozver.dat
2008-06-15 11:40 . 2008-06-15 11:40 737 --a------ C:\WINDOWS\system32\nbuxtonv.dll
2008-06-12 19:20 . 2008-06-12 19:20 743 --a------ C:\WINDOWS\system32\mtejfprj.dll
2008-06-12 19:20 . 2008-06-12 19:20 741 --a------ C:\WINDOWS\system32\ayhxxrbt.dll
2008-06-12 19:20 . 2008-06-12 19:20 737 --a------ C:\WINDOWS\system32\tplngtmn.dll
2008-06-09 15:03 . 2008-06-09 15:03 0 --a------ C:\WINDOWS\MS.INI
2008-06-08 16:26 . 2008-06-08 16:26 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\CiscoCAA
2008-06-08 16:25 . 2008-06-08 16:25 <DIR> d-------- C:\savinstall
2008-06-08 16:25 . 2008-06-08 16:25 <DIR> d-------- C:\Program Files\Cisco Systems
2008-06-08 16:17 . 2008-06-08 16:17 743 --a------ C:\WINDOWS\system32\qwhffqyr.dll
2008-06-08 16:17 . 2008-06-08 16:17 693 --a------ C:\WINDOWS\system32\wgtpaita.exe
2008-06-08 16:14 . 2008-06-08 16:14 741 --a------ C:\WINDOWS\system32\wqmjebst.dll
2008-06-08 16:12 . 2008-06-08 16:12 737 --a------ C:\WINDOWS\system32\dojttunq.dll
2008-06-05 15:32 . 2008-06-05 15:32 693 --a------ C:\WINDOWS\system32\tjrwkjvw.exe
2008-06-05 15:29 . 2008-06-05 15:29 743 --a------ C:\WINDOWS\system32\smswifys.dll
2008-06-05 15:29 . 2008-06-05 15:29 741 --a------ C:\WINDOWS\system32\qhtpgyck.dll
2008-06-05 15:28 . 2008-06-05 15:28 737 --a------ C:\WINDOWS\system32\yxgabave.dll
2008-06-03 18:50 . 2008-06-03 18:50 743 --a------ C:\WINDOWS\system32\fxjgdkok.dll
2008-06-03 18:47 . 2008-06-03 18:47 693 --a------ C:\WINDOWS\system32\vmmyibyr.exe
2008-06-03 18:44 . 2008-06-03 18:44 741 --a------ C:\WINDOWS\system32\lddwskjf.dll
2008-06-03 18:44 . 2008-06-03 18:44 737 --a------ C:\WINDOWS\system32\qqerciqr.dll
2008-06-02 14:58 . 2008-06-02 15:11 27 --a------ C:\WINDOWS\settings.ini
2008-05-29 15:28 . 2008-05-29 15:28 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\DivX
2008-05-29 15:27 . 2008-05-29 15:27 <DIR> d-------- C:\Program Files\DivX
2008-05-29 15:27 . 2007-07-09 15:07 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-05-29 15:27 . 2007-07-09 15:07 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-05-29 15:23 . 2008-05-29 15:23 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-27 19:57 . 2008-05-27 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-22 13:34 . 2008-05-22 13:34 <DIR> d-------- C:\Program Files\Google
2008-05-22 13:34 . 2008-06-19 07:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 21:54 . 2008-06-18 13:37 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\uTorrent
2008-05-21 21:53 . 2008-06-15 12:31 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 16:18 . 2008-06-19 20:27 476 --a------ C:\WINDOWS\hpbafd.ini
2008-05-21 14:17 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-21 14:16 . 2008-06-16 14:26 <DIR> d-------- C:\Program Files\matlib
2008-05-21 14:15 . 2008-05-21 14:17 <DIR> d-------- C:\MATLIB
2008-05-21 14:15 . 2008-05-21 14:15 78 --a------ C:\WINDOWS\mes.ini
2008-05-21 14:07 . 1996-12-09 13:51 703,984 --a------ C:\WINDOWS\system32\Ss32x25.ocx
2008-05-21 14:07 . 1998-06-24 00:00 260,920 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
2008-05-21 14:07 . 1995-12-04 14:09 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2008-05-21 14:07 . 1998-06-18 00:00 146,944 --a------ C:\WINDOWS\system32\VB6EXT.OLB
2008-05-21 14:01 . 2008-05-21 14:08 <DIR> d-------- C:\Program Files\CAMWorks2008-07
2008-05-21 13:56 . 2008-05-21 13:58 <DIR> d-------- C:\Program Files\CAMWorksFlexLM
2008-05-21 12:38 . 2008-05-21 12:40 <DIR> d-------- C:\Program Files\Winamp
2008-05-21 12:38 . 2008-05-21 12:40 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\Winamp
2008-05-21 09:52 . 2008-05-21 09:52 0 --a------ C:\WINDOWS\system32\history.aaw
2008-05-21 09:51 . 2008-06-15 15:06 153 --a------ C:\WINDOWS\wininit.ini
2008-05-21 09:25 . 2008-05-21 09:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-21 09:25 . 2008-05-21 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-21 09:24 . 2008-05-21 09:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 09:23 . 2008-06-16 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-21 09:23 . 2008-06-16 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 15:39 . 2008-05-21 13:48 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-20 11:15 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-20 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-18 02:08 --------- d-----w C:\Documents and Settings\varhuem\Application Data\U3
2008-06-16 22:28 --------- d-----w C:\Program Files\SolidWorks
2008-06-16 22:27 --------- d-----w C:\Documents and Settings\Default User\Application Data\SolidWorks
2008-06-02 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 18:04 --------- d-----w C:\Program Files\LMC
2008-05-19 18:04 --------- d-----w C:\Program Files\Common Files\LMC
2008-05-16 23:36 --------- d-----w C:\Program Files\Avanquest update
2008-05-16 23:35 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-05-16 23:34 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-05-16 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-16 19:12 --------- d-----w C:\Program Files\Motorola USB Drivers
2008-05-15 19:48 --------- d-----w C:\Program Files\Investintech.com Inc
2008-05-15 00:12 --------- d-----w C:\Documents and Settings\varhuem\Application Data\vlc
2008-05-15 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-05-15 00:11 --------- d-----w C:\Program Files\AIM6
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\varhuem\Application Data\acccore
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-15 00:10 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-06 13:29 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-05-06 12:16 --------- d-----w C:\Program Files\Microsoft Works
2008-05-02 14:04 --------- d-----w C:\Documents and Settings\varhuem\Application Data\SolidWorks
2008-05-01 18:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-01 18:32 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-01 18:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-01 18:17 --------- d-----w C:\Documents and Settings\setup.WIT-B94B9000F37\Application Data\Autodesk
2008-05-01 18:16 --------- d-----w C:\Program Files\Autodesk
2008-04-30 15:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-30 15:48 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-22 19:31 --------- d-----w C:\Program Files\Java
2008-04-22 19:30 --------- d-----w C:\Program Files\Common Files\Java
2008-04-22 19:15 --------- d-----w C:\Program Files\QuickTime
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\varhuem\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\setup.WIT-B94B9000F37\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\admin\Application Data\Apple Computer
2008-04-22 19:14 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 07:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
2004-03-15 21:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 13:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 14:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 133,920 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{853B95C0-607B-4596-97B0-74C4E2C657EF}]
C:\WINDOWS\system32\urqPHAtT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}]
2008-05-16 19:34 32475 --a------ C:\WINDOWS\system32\hgGASMdB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-23 12:53 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-03 20:56 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568]

C:\Documents and Settings\admin\Start Menu\Programs\Startup\
Shortcut to bg.lnk - C:\Documents and Settings\Administrator\BGinfo\bg.bat [2008-04-17 10:19:11 34]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Shortcut to bg.lnk - C:\Documents and Settings\Administrator\BGinfo\bg.bat [2008-04-17 10:19:11 34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}"= C:\WINDOWS\system32\hgGASMdB.dll [2008-05-16 19:34 32475]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGASMdB]
hgGASMdB.dll 2008-05-16 19:34 32475 C:\WINDOWS\system32\hgGASMdB.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayyAsQk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-2746289630-3061505222-2800193894-17919\Scripts\Logon\0\0]
"Script"=\\wit.private\SysVol\wit.private\scripts\ students.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]
--------- 2004-01-12 16:29 102400 C:\PROGRA~1\AIM\AIMWDI~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-07-02 13:29 159744 C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMd76bfe83]
C:\WINDOWS\system32\hturdljm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-10-09 19:17 2183168 C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-03-07 13:02 53408 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d458cd1f]
C:\WINDOWS\system32\flsqeele.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-28 19:05 8429568 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-28 19:05 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperProfessional]
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-02-19 14:26 303104 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-03 20:56 143360 C:\WINDOWS\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2006-03-17 06:34 124656 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.s ys [2007-02-15 22:59]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\WINDOWS\system32\drivers\nipbcfk.sys [2007-02-15 17:23]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvin tdrv.sys [2007-02-21 10:00]
R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe" [2007-03-20 16:19]
R2 NextMove;NextMove;C:\WINDOWS\system32\drivers\NEXT MOVE.SYS [1999-08-27 09:40]
R2 ni488enumsvc;NI-488.2 Enumeration Service;C:\WINDOWS\system32\nipalsm.exe [2007-02-16 10:21]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.d ll [2007-02-02 09:36]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffr k.dll [2007-02-02 09:37]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nida q32k.sys [2007-02-02 10:55]
R2 nidevldu;NI Device Loader;C:\WINDOWS\system32\nipalsm.exe [2007-02-16 10:21]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2007-02-02 10:57]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.d ll [2007-02-02 09:37]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipx irmkl.sys [2007-02-22 11:18]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.d ll [2007-02-02 09:38]
R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe" [2007-02-06 22:47]
R2 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiKl.sys [2007-02-23 10:25]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe" [2007-02-27 17:27]
R3 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimkl. sys [2007-02-21 22:20]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbg kl.sys [2007-02-21 21:46]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2 kl.sys [2007-02-21 22:39]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimsts kl.sys [2007-02-25 20:12]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdf kl.sys [2007-02-21 22:10]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbkl. sys [2007-02-21 21:39]
S3 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lval armk.sys [2007-01-11 10:18]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\WINDOWS\system32\drivers\ni1006k.sys [2007-02-22 11:40]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\WINDOWS\system32\drivers\ni1045kl.sys [2007-02-22 11:43]
S3 ni488lock;NI-488.2 Locking Service;C:\WINDOWS\system32\drivers\ni488lock.sys [2007-02-26 12:40]
S3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrkl. sys [2007-02-22 18:18]
S3 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxf kl.sys [2007-02-25 20:12]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsar kl.sys [2007-02-23 17:43]
S3 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgkl. sys [2007-02-23 22:32]
S3 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrkl. sys [2007-02-25 19:13]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrkl. sys [2007-02-25 19:13]
S3 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslkl. sys [2007-02-22 13:21]
S3 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplkl. sys [2007-02-23 16:20]
S3 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdr kl.sys [2007-02-24 01:10]
S3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdr kl.sys [2007-02-25 20:10]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.d ll [2006-12-18 12:55]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrl k.dll [2006-12-18 12:55]
S3 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpkl. sys [2007-02-22 13:26]
S3 ninshsdk;ninshsdk;C:\WINDOWS\system32\drivers\nins hsdkl.sys [2007-02-23 17:25]
S3 nipalfwedl;nipalfwedl;C:\WINDOWS\system32\drivers\ nipalfwedl.sys [2007-02-15 23:00]
S3 nipalusbedl;nipalusbedl;C:\WINDOWS\system32\driver s\nipalusbedl.sys [2007-02-15 23:00]
S3 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdkl. sys [2007-02-23 22:19]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\WINDOWS\system32\drivers\nipxigpk.sys [2007-02-22 11:45]
S3 nirfsa2k;nirfsa2k;C:\WINDOWS\system32\drivers\nirf sa2kl.sys [2007-02-24 04:19]
S3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdkl. sys [2007-02-26 16:31]
S3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdig kl.sys [2007-02-25 19:11]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftkl. sys [2007-02-24 00:17]
S3 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldkl. sys [2007-02-23 22:05]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nism busk.sys [2007-02-22 11:34]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdkl. sys [2007-02-26 16:31]
S3 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcd kl.sys [2007-02-23 22:28]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrkl. sys [2007-02-25 19:13]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2 kl.sys [2007-02-22 20:17]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcr kl.sys [2007-02-23 03:14]
S3 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdkl. sys [2007-02-23 20:44]
S3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitior kl.sys [2007-02-23 15:54]
S3 nitnr2k;nitnr2k;C:\WINDOWS\system32\drivers\nitnr2 kl.sys [2007-02-24 00:09]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWKl.sys [2007-02-22 10:42]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciKl.sys [2007-02-23 10:25]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrkl. sys [2007-02-25 19:13]
S3 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrkl. sys [2007-02-25 19:13]
S3 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6 xxxk.sys [2007-02-25 19:11]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a034b3c6-2665-11dd-b323-001644bc7fc4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 01:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 16:05:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-06-20 11:31:59 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
camaro1185 is offline   Reply With Quote
Old 06-20-2008, 12:52 PM   #9 (permalink)
Moderator
 
ceewi1's Avatar
 
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 21
Posts: 5,237
Default
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::
C:\WINDOWS\system32\nbuxtonv.dll
C:\WINDOWS\system32\mtejfprj.dll
C:\WINDOWS\system32\ayhxxrbt.dll
C:\WINDOWS\system32\tplngtmn.dll
C:\WINDOWS\system32\qwhffqyr.dll
C:\WINDOWS\system32\wgtpaita.exe
C:\WINDOWS\system32\wqmjebst.dll
C:\WINDOWS\system32\dojttunq.dll
C:\WINDOWS\system32\tjrwkjvw.exe
C:\WINDOWS\system32\smswifys.dll
C:\WINDOWS\system32\qhtpgyck.dll
C:\WINDOWS\system32\yxgabave.dll
C:\WINDOWS\system32\fxjgdkok.dll
C:\WINDOWS\system32\vmmyibyr.exe
C:\WINDOWS\system32\lddwskjf.dll
C:\WINDOWS\system32\qqerciqr.dll
C:\WINDOWS\system32\hgGASMdB.dll
C:\WINDOWS\system32\ihpinktu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{853B95C0-607B-4596-97B0-74C4E2C657EF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGASMdB]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMd76bfe83]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d458cd1f]
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your system running now?
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
__________________

CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870
RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths
As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity.
- The "Warranty void if removed" sticker on numerous CoolerMaster PSUs.
ceewi1 is offline   Reply With Quote
Old 06-20-2008, 12:52 PM   #10 (permalink)
Bronze Member
 
Join Date: Jan 2005
Posts: 92
Default
Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41, on 2008-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vernier.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMd76bfe83] Rundll32.exe "C:\WINDOWS\system32\vrfqmbdx.dll",s
O4 - HKLM\..\Run: [d458cd1f] rundll32.exe "C:\WINDOWS\system32\ihpinktu.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.wit.edu/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\Software\..\Telephony: DomainName = wit.private
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wit.private
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11475 bytes
camaro1185 is offline   Reply With Quote
Reply
Page 1 of 2 1 2 >

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to stop annoying microsoft internet explorer popups! piano0011 Internet Discussion 1 11-13-2006 12:32 PM
random popups palmmann Computer Security 3 08-12-2006 07:43 PM
Still getting IE popups (even when not browsing) after running Xoftspy... tmcksmith Computer Security 7 01-10-2006 09:41 PM
AHHH!!! POPUPS!!! need help bugsy154 Internet Discussion 17 04-03-2005 12:54 AM