hijackthis

duckinahat · 07-11-2008, 05:52 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:23 PM, on 7/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Razer\Reclusa\razerhid.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Nicola\Desktop\D-Load\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Google Toolbar\toolbar-w-google-r.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Google Toolbar\toolbar-w-google-r.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMap - Unknown owner - C:\Program Files\OPENXTRA\NMapWin\bin\nmapserv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10254 bytes

cohen · 07-11-2008, 06:00 AM

OK,

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

For the other members pls view this thread, it is explaining why...

duckinahat · 07-11-2008, 06:35 AM

ComboFix 08-07-10.1 - Nicola 2008-07-10 21:27:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1230 [GMT -7:00]
Running from: C:\Users\Nicola\Desktop\D-Load\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-11 01:28 --------- d-----w C:\ProgramData\NVIDIA
2008-07-10 05:40 --------- d-----w C:\ProgramData\Google Updater
2008-07-10 05:19 --------- d-----w C:\Program Files\World of Warcraft
2008-07-09 15:42 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 15:35 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 03:52 --------- d-----w C:\Users\Dante\AppData\Roaming\PeerNetworking
2008-07-09 03:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-09 03:34 --------- d-----w C:\Users\Nicola\AppData\Roaming\Azureus
2008-06-30 10:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-29 18:51 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-29 18:51 --------- d-----w C:\Program Files\Windows Live
2008-06-29 18:47 --------- d-----w C:\ProgramData\WLInstaller
2008-06-19 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 21:18 --------- d-----w C:\Program Files\Electronic Arts
2008-06-19 21:17 5,120 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-06-19 21:17 --------- d-----w C:\ProgramData\Electronic Arts
2008-06-18 17:57 --------- d-----w C:\Users\Nicola\AppData\Roaming\OpenOffice.org2
2008-06-15 07:15 --------- d-----w C:\Program Files\Steam
2008-06-15 07:13 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-08 19:06 --------- d-----w C:\Program Files\Veoh Networks
2008-05-30 14:16 --------- d-----w C:\Users\Nicola\AppData\Roaming\mIRC
2008-05-28 14:00 --------- d-----w C:\Users\Nicola\AppData\Roaming\LimeWire
2008-05-27 17:54 --------- d-----w C:\Users\Dante\AppData\Roaming\Realtime Soft
2008-05-26 18:20 --------- d-----w C:\Program Files\Ascentive
2008-05-26 02:43 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-26 02:43 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-16 21:01 768,544 ----a-w C:\Windows\System32\nvcplui.exe
2008-05-16 21:01 313,888 ----a-w C:\Windows\System32\nvexpbar.dll
2008-05-16 21:01 118,784 ----a-w C:\Windows\System32\nvvsvc.exe
2008-05-16 21:01 114,688 ----a-w C:\Windows\System32\nvcodhins.dll
2008-05-16 21:01 114,688 ----a-w C:\Windows\System32\nvcodh.dll
2008-05-16 21:01 114,688 ----a-w C:\Windows\System32\nvcod130.dll
2008-05-16 18:48 446,464 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-05-16 01:35 --------- d-----w C:\Program Files\Red Kawa
2008-05-16 01:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-15 14:48 --------- d-----w C:\Program Files\iTunes
2008-05-15 14:47 --------- d-----w C:\ProgramData\Apple Computer
2008-05-15 14:47 --------- d-----w C:\Program Files\iPod
2008-05-15 14:46 --------- d-----w C:\Program Files\QuickTime
2008-05-15 14:46 --------- d-----w C:\Program Files\Bonjour
2008-05-15 14:43 --------- d-----w C:\Program Files\Apple Software Update
2008-05-15 04:16 --------- d-----w C:\Program Files\CMU
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-29 20:14 208,896 ----a-w C:\Windows\System32\ConTest.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-02 00:29 22,328 ----a-w C:\Users\Nicola\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-10_21.10.34.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 03:46:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-11 04:22:03 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-11 03:46:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-07-11 04:22:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2008-07-11 03:46:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2008-07-11 04:22:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2008-07-11 03:47:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-11 04:23:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-11 03:47:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-07-11 04:23:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2008-07-11 02:45:30 37,192 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-07-11 04:24:08 37,448 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-10-29 16:51 68856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17 50736]
"CollaborationHost"="C:\Windows\system32\p2phost.e xe" [2006-11-02 05:35 191488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Reclusa"="C:\Program Files\Razer\Reclusa\razerhid.exe" [2007-03-07 18:49 167936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" [2008-04-29 13:14 3239936]
"PC SpeedScan Pro"="C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-04-29 13:14 1839104]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-12-11 18:06 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-13 23:00 16050176 C:\Windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\Windows\SkyTel.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 01:14 86016 C:\Windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 01:26 2808832 C:\Windows\alcwzrd.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-29 16:51:36 126136]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{FFA340D4-82BC-4BC6-9EB7-2193E1968923}C:\\program files\\sony online entertainment\\wheel of fortune\\wheel of fortune.exe"= UDP:C:\program files\sony online entertainment\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"UDP Query User{C23F03FB-2B07-4AB3-BF0D-46893B918474}C:\\program files\\sony online entertainment\\wheel of fortune\\wheel of fortune.exe"= TCP:C:\program files\sony online entertainment\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"TCP Query User{9AC45F31-EE89-4243-A573-20A98E43977A}C:\\users\\nicola\\desktop\\1280_star craft2gameplayvideo_englishus.avi-downloader.exe"= UDP:C:\users\nicola\desktop\1280_starcraft2gamepla yvideo_englishus.avi-downloader.exe:1280_starcraft2gameplayvideo_englis hus.avi-downloader.exe
"UDP Query User{03062A7F-CD9A-4D4B-8FF0-3EAE2C416F30}C:\\users\\nicola\\desktop\\1280_star craft2gameplayvideo_englishus.avi-downloader.exe"= TCP:C:\users\nicola\desktop\1280_starcraft2gamepla yvideo_englishus.avi-downloader.exe:1280_starcraft2gameplayvideo_englis hus.avi-downloader.exe
"TCP Query User{1D576D45-CE67-465C-AAD7-D46770CA0577}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{920FC459-5CFC-445C-82B6-E014C1AE6997}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft
"{14F31B29-AF56-4CE2-BCC5-A94B728250DE}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0CC859FD-946C-4577-9E89-1765F18A8C3C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{D265EBB0-5A1D-4C69-BB71-45241B050335}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{7CB4E049-934D-409E-BA6D-D3684B3D2A1E}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"TCP Query User{4E592E12-007E-4E19-AD25-DA2FE9853581}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F7E1A603-3607-436A-95A4-04B845D4C1EF}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{D6FAE2F3-1001-423D-BA98-1C4CAB2011FC}"= UDP:C:\3dsmax7\3dsmax.exe:3ds max 7
"{49C86ED6-7ECD-4A2F-BE70-705E862470D9}"= TCP:C:\3dsmax7\3dsmax.exe:3ds max 7
"{D27D9354-BDC3-494D-AB6C-90792AEA60A7}"= UDP:C:\Program Files\backburner 2\monitor.exe:backburner 2.3 monitor
"{43ACACA3-D641-4233-8327-85C7BC8B6D63}"= TCP:C:\Program Files\backburner 2\monitor.exe:backburner 2.3 monitor
"{BAAB7DBF-173F-42BF-A064-2C55DF2FBA42}"= UDP:C:\Program Files\backburner 2\manager.exe:backburner 2.3 manager
"{8AB25198-4DFA-4817-82C4-CB37406BE025}"= TCP:C:\Program Files\backburner 2\manager.exe:backburner 2.3 manager
"{2A408B3E-4E90-4E76-83B2-6969424FD4E3}"= UDP:C:\Program Files\backburner 2\server.exe:backburner 2.3 server
"{9704A9AC-D057-4E45-A480-DD9B481B6C5B}"= TCP:C:\Program Files\backburner 2\server.exe:backburner 2.3 server
"{95A7EA5E-F951-43AA-843C-F577E490B5E9}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{306D13E6-0E69-4077-AD14-CFBC3795D661}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"TCP Query User{B44585CC-DA39-4DF1-940C-C24751C72638}C:\\program files\\armagetron advanced\\armagetronad.exe"= UDP:C:\program files\armagetron advanced\armagetronad.exe:armagetronad
"UDP Query User{DFA45A4E-075F-4F74-B586-26C86C7BF742}C:\\program files\\armagetron advanced\\armagetronad.exe"= TCP:C:\program files\armagetron advanced\armagetronad.exe:armagetronad
"TCP Query User{A1EE0A0E-FB4A-4F06-A1FD-49C9F1A66F16}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{23FC6061-90A8-4A1B-9CDE-6A0CFE16B15D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{C7D9A5EC-3198-4887-A937-718708603895}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{E8ED4021-C922-4426-B3E7-14CDB31A39A0}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{F9146300-A100-4C67-B5D3-FF57C71154D0}"= UDP:C:\Windows\System32\PnkBstrA.exe

nkBstrA
"{80223882-D9F9-4BC0-8ED0-E5B320E4B5BE}"= TCP:C:\Windows\System32\PnkBstrA.exe

nkBstrA
"{2C0426E9-C1B1-4F7F-BDC5-D6EDD86DF08D}"= UDP:C:\Windows\System32\PnkBstrB.exe

nkBstrB
"{C7A66115-C633-4526-8A79-77042BE00BD4}"= TCP:C:\Windows\System32\PnkBstrB.exe

nkBstrB
"{561CB2C7-FF8C-49B0-B58C-7E065D3DF913}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{8DF10D15-8A79-47C1-B5C9-501F854F3A52}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{F7B84D25-CCA2-4014-9AD6-81243B906AD6}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{0BD6368C-8E3D-41D3-A428-BB0A9B237068}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{ED336981-E669-4A02-984C-A1858C5B5343}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{26EF711B-F660-41C6-8354-AC3A2F38A4D5}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{2877D2DA-597E-4C4F-AC15-77194E780715}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{4E872BE3-5A91-43B5-A7F5-C71C7B6BD880}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{5B386B86-EF65-46A2-997D-8924C8829874}C:\\program files\\america's army\\system\\server.exe"= UDP:C:\program files\america's army\system\server.exe:Server
"UDP Query User{C4FBEB8C-2097-4F48-AA67-F2AC745276A6}C:\\program files\\america's army\\system\\server.exe"= TCP:C:\program files\america's army\system\server.exe:Server
"{595C7D34-BAA6-48DB-A15F-53170FD1AC36}"= TCP:1716:aa1
"{A6C17274-B5D7-409B-9C6E-2173482A4CB7}"= TCP:1717:aa2
"{DBBD742F-9078-414F-BD5F-E5AD4D73968F}"= UDP:20045:aa3
"TCP Query User{8FD02A87-F30F-42F8-B44C-12603A1D923F}C:\\program files\\streammygame\\streamer_server.exe"= UDP:C:\program files\streammygame\streamer_server.exe:Streamer Server
"UDP Query User{E48E1C1A-B67C-487C-900B-5E6EBE7E87AE}C:\\program files\\streammygame\\streamer_server.exe"= TCP:C:\program files\streammygame\streamer_server.exe:Streamer Server
"TCP Query User{60CD07A3-DEE7-4E4A-A078-E5D7DBF59FA9}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloade r
"UDP Query User{723AE648-B88D-491A-B02C-8B3357DC7208}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloade r
"TCP Query User{6B394DF3-47D6-452E-B862-528F0B7A2B4C}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{1D36CA36-8741-47C1-9737-2240C6CC8959}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{8164BF97-DCCF-46E8-BC7D-62842A79137C}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{559E07A6-7295-4279-9C68-94FAF4F1FD5C}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"TCP Query User{4F615153-3A56-4988-AA36-0C79885E8F32}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F3DC87D6-9561-4A67-9B91-A05C5C53F60A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1C9AD5AB-7186-4911-8BCF-8C5A79423E1E}C:\\users\\nicola\\desktop\\wow-burningcrusade-enus-installer-downloader.exe"= UDP:C:\users\nicola\desktop\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe
"UDP Query User{C08FFE9C-FF07-4845-A539-C6E98351856D}C:\\users\\nicola\\desktop\\wow-burningcrusade-enus-installer-downloader.exe"= TCP:C:\users\nicola\desktop\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe
"TCP Query User{5D957545-AA00-4658-86BA-CD73D23C65D1}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\mysql\\bin\\mysq ld-nt.exe"= UDP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt
"UDP Query User{841A1E9C-2714-4694-91AF-4B77564FD189}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\mysql\\bin\\mysq ld-nt.exe"= TCP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt
"TCP Query User{7809C6FE-70DA-4F88-B80A-18E5D2894A56}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\Apache2\\bin\\Ap ache.exe"= UDP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\Apache2\bin\Apache.e xe:Apache HTTP Server
"UDP Query User{0C132C70-990C-43A0-9DA8-B222694BA074}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\Apache2\\bin\\Ap ache.exe"= TCP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\Apache2\bin\Apache.e xe:Apache HTTP Server
"TCP Query User{70BF20FE-A990-4AD0-B88E-21176D728525}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\realmd.exe"= UDP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\realmd.exe:realmd
"UDP Query User{14F5B90C-D3F1-46BE-B937-C773EEE7560F}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\realmd.exe"= TCP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\realmd.exe:realmd
"TCP Query User{36DF806C-38F1-41A5-8344-AA502AF7DFF7}C:\\users\\nicola\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe"= UDP:C:\users\nicola\desktop\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe
"UDP Query User{CF14F1CA-FB20-47F5-89CE-09B70A0D28B0}C:\\users\\nicola\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe"= TCP:C:\users\nicola\desktop\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe
"TCP Query User{7007C605-E392-4D6B-93EC-A0A9D13C0FA9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{5F23F42A-FB90-4841-AA31-EF564EB124CC}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{C04CD603-036A-4C6E-8DDC-5783BD90C70B}C:\\program files\\steam\\steamapps\\duckinahat\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\duckinahat\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{1096BD97-807E-4E93-A5DF-947276A1D533}C:\\program files\\steam\\steamapps\\duckinahat\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\duckinahat\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{40B79C71-B02C-4971-88C6-CB0DF7997237}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\mysql\\bin\\mysqld.exe"= UDP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\mysql\bin\mysqld.exe:mysqld.exe
"UDP Query User{F03727B6-674D-414F-A9C4-7A56DA6D7E6E}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\mysql\\bin\\mysqld.exe"= TCP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\mysql\bin\mysqld.exe:mysqld.exe
"TCP Query User{8BD23CA2-1D1B-48A5-AEF8-B9E96E9BC5A3}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\ascent-voicechat.exe"= UDP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\ascent-voicechat.exe:ascent-voicechat.exe
"UDP Query User{5258BCA9-16CC-4F79-8CBA-15638F81015D}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\ascent-voicechat.exe"= TCP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\ascent-voicechat.exe:ascent-voicechat.exe
"{946004B4-84A1-4DB2-B2D8-656BC1649C11}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DE675357-348B-4384-B75D-E26BA9D73A02}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{03DD70B2-FA98-4F3C-9D3E-5B6433E50891}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{099AF3CA-4CA2-418D-84AD-F8565B33DFDF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{28431230-1821-4CDB-AF72-2ABF2520156C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{169D0042-9736-44CB-84C1-308A34AE5580}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{09CC9A45-2D72-4648-A4F8-7C653B82B8C6}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{B3AC7095-CA42-4DE2-9881-159BA34E5FA4}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{F24EA95C-1C3E-40AD-A50D-597B74BB9073}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{08E8C36E-2E3F-45A5-830A-6E3B03B8E939}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{511D0279-3AC7-4FAF-AAC2-6B9A37C09029}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F019D024-53AC-46BD-9B48-0C0E9C96B305}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{6E2FF109-A7C0-40B3-AB94-86A9210467B0}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 10:59]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin. exe -cfg C:\CFusionMX7\verity\k2\common\verity.cfg []
R3 RecFltr;Reclusa Keyboard;C:\Windows\system32\Drivers\RecFltr.sys [2007-01-18 10:21]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-28 17:01]
S3 sonydcam;Generic 1394 Desktop Camera;C:\Windows\system32\DRIVERS\sonydcam.sys [2006-11-02 01:55]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-28 18:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 01:00:00 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-11 04:30:00 C:\Windows\Tasks\User_Feed_Synchronization-{CA70DCE3-FCF2-45D3-963C-9266B9DC01B0}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 21:29:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-07-10 21:30:57
ComboFix-quarantined-files.txt 2008-07-11 04:30:48
ComboFix2.txt 2008-07-11 04:11:21

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 238,104,690,688 bytes free

236 --- E O F --- 2008-07-11 02:11:27

cohen · 07-11-2008, 06:44 AM

can you pls now post a fresh hijackthis log.

duckinahat · 07-11-2008, 06:47 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:42 PM, on 7/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Razer\Reclusa\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\SHORTK~1\shklite.exe
C:\Users\Nicola\Desktop\D-Load\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMap - Unknown owner - C:\Program Files\OPENXTRA\NMapWin\bin\nmapserv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8292 bytes

cohen · 07-11-2008, 06:58 AM

Well the combo fix log did something, because the size of this hijackthis log compared to the first one, this log is smaller.....

i would like to help you more, but i can't due to not having enough trying, i'm still learning, i leave it for one of the other higher guys to give you some advice, i will still be here and watch, if you have any questions just post them here.

Sorry

duckinahat · 07-11-2008, 07:00 AM

Ok, thanks for trying.

07-11-2008, 05:52 AM	#1 (permalink)
duckinahat New Member Join Date: Jul 2008 Posts: 6	hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:50:23 PM, on 7/10/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\RTHDCPL.exe C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\Razer\Reclusa\razerhid.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\p2phost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Razer\Reclusa\razertra.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Nicola\Desktop\D-Load\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Google Toolbar\toolbar-w-google-r.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Google Toolbar\toolbar-w-google-r.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing) O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKLM\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMap - Unknown owner - C:\Program Files\OPENXTRA\NMapWin\bin\nmapserv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 10254 bytes

07-11-2008, 06:00 AM	#2 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 15 Posts: 8,361	OK, Download and Run ComboFix If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Download this file from one of the three below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. For the other members pls view this thread, it is explaining why... __________________ Cohen

07-11-2008, 06:35 AM	#3 (permalink)
duckinahat New Member Join Date: Jul 2008 Posts: 6	ComboFix 08-07-10.1 - Nicola 2008-07-10 21:27:36.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1230 [GMT -7:00] Running from: C:\Users\Nicola\Desktop\D-Load\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-07-11 01:28 --------- d-----w C:\ProgramData\NVIDIA 2008-07-10 05:40 --------- d-----w C:\ProgramData\Google Updater 2008-07-10 05:19 --------- d-----w C:\Program Files\World of Warcraft 2008-07-09 15:42 174 --sha-w C:\Program Files\desktop.ini 2008-07-09 15:35 --------- d-----w C:\Program Files\Windows Mail 2008-07-09 03:52 --------- d-----w C:\Users\Dante\AppData\Roaming\PeerNetworking 2008-07-09 03:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-09 03:34 --------- d-----w C:\Users\Nicola\AppData\Roaming\Azureus 2008-06-30 10:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-29 18:51 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-29 18:51 --------- d-----w C:\Program Files\Windows Live 2008-06-29 18:47 --------- d-----w C:\ProgramData\WLInstaller 2008-06-19 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-19 21:18 --------- d-----w C:\Program Files\Electronic Arts 2008-06-19 21:17 5,120 ----a-w C:\Windows\System32\ealregsnapshot1.reg 2008-06-19 21:17 --------- d-----w C:\ProgramData\Electronic Arts 2008-06-18 17:57 --------- d-----w C:\Users\Nicola\AppData\Roaming\OpenOffice.org2 2008-06-15 07:15 --------- d-----w C:\Program Files\Steam 2008-06-15 07:13 --------- d-----w C:\Program Files\Common Files\Steam 2008-06-08 19:06 --------- d-----w C:\Program Files\Veoh Networks 2008-05-30 14:16 --------- d-----w C:\Users\Nicola\AppData\Roaming\mIRC 2008-05-28 14:00 --------- d-----w C:\Users\Nicola\AppData\Roaming\LimeWire 2008-05-27 17:54 --------- d-----w C:\Users\Dante\AppData\Roaming\Realtime Soft 2008-05-26 18:20 --------- d-----w C:\Program Files\Ascentive 2008-05-26 02:43 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-05-26 02:43 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-05-16 21:01 768,544 ----a-w C:\Windows\System32\nvcplui.exe 2008-05-16 21:01 313,888 ----a-w C:\Windows\System32\nvexpbar.dll 2008-05-16 21:01 118,784 ----a-w C:\Windows\System32\nvvsvc.exe 2008-05-16 21:01 114,688 ----a-w C:\Windows\System32\nvcodhins.dll 2008-05-16 21:01 114,688 ----a-w C:\Windows\System32\nvcodh.dll 2008-05-16 21:01 114,688 ----a-w C:\Windows\System32\nvcod130.dll 2008-05-16 18:48 446,464 ----a-w C:\Windows\System32\NVUNINST.EXE 2008-05-16 01:35 --------- d-----w C:\Program Files\Red Kawa 2008-05-16 01:35 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-15 14:48 --------- d-----w C:\Program Files\iTunes 2008-05-15 14:47 --------- d-----w C:\ProgramData\Apple Computer 2008-05-15 14:47 --------- d-----w C:\Program Files\iPod 2008-05-15 14:46 --------- d-----w C:\Program Files\QuickTime 2008-05-15 14:46 --------- d-----w C:\Program Files\Bonjour 2008-05-15 14:43 --------- d-----w C:\Program Files\Apple Software Update 2008-05-15 04:16 --------- d-----w C:\Program Files\CMU 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-04-29 20:14 208,896 ----a-w C:\Windows\System32\ConTest.dll 2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-02 00:29 22,328 ----a-w C:\Users\Nicola\AppData\Roaming\PnkBstrK.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-10_21.10.34.62 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-11 03:46:01 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-07-11 04:22:03 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-07-11 03:46:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat + 2008-07-11 04:22:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat - 2008-07-11 03:46:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat + 2008-07-11 04:22:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat - 2008-07-11 03:47:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-07-11 04:23:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-07-11 03:47:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-07-11 04:23:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT - 2008-07-11 02:45:30 37,192 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2008-07-11 04:24:08 37,448 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-10-29 16:51 68856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17 50736] "CollaborationHost"="C:\Windows\system32\p2phost.e xe" [2006-11-02 05:35 191488] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136] "Reclusa"="C:\Program Files\Razer\Reclusa\razerhid.exe" [2007-03-07 18:49 167936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" [2008-04-29 13:14 3239936] "PC SpeedScan Pro"="C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-04-29 13:14 1839104] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-12-11 18:06 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-08-13 23:00 16050176 C:\Windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\Windows\SkyTel.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 01:14 86016 C:\Windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 01:26 2808832 C:\Windows\alcwzrd.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-29 16:51:36 126136] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{FFA340D4-82BC-4BC6-9EB7-2193E1968923}C:\\program files\\sony online entertainment\\wheel of fortune\\wheel of fortune.exe"= UDP:C:\program files\sony online entertainment\wheel of fortune\wheel of fortune.exe:Wheel of Fortune "UDP Query User{C23F03FB-2B07-4AB3-BF0D-46893B918474}C:\\program files\\sony online entertainment\\wheel of fortune\\wheel of fortune.exe"= TCP:C:\program files\sony online entertainment\wheel of fortune\wheel of fortune.exe:Wheel of Fortune "TCP Query User{9AC45F31-EE89-4243-A573-20A98E43977A}C:\\users\\nicola\\desktop\\1280_star craft2gameplayvideo_englishus.avi-downloader.exe"= UDP:C:\users\nicola\desktop\1280_starcraft2gamepla yvideo_englishus.avi-downloader.exe:1280_starcraft2gameplayvideo_englis hus.avi-downloader.exe "UDP Query User{03062A7F-CD9A-4D4B-8FF0-3EAE2C416F30}C:\\users\\nicola\\desktop\\1280_star craft2gameplayvideo_englishus.avi-downloader.exe"= TCP:C:\users\nicola\desktop\1280_starcraft2gamepla yvideo_englishus.avi-downloader.exe:1280_starcraft2gameplayvideo_englis hus.avi-downloader.exe "TCP Query User{1D576D45-CE67-465C-AAD7-D46770CA0577}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft "UDP Query User{920FC459-5CFC-445C-82B6-E014C1AE6997}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft "{14F31B29-AF56-4CE2-BCC5-A94B728250DE}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{0CC859FD-946C-4577-9E89-1765F18A8C3C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{D265EBB0-5A1D-4C69-BB71-45241B050335}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM "UDP Query User{7CB4E049-934D-409E-BA6D-D3684B3D2A1E}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM "TCP Query User{4E592E12-007E-4E19-AD25-DA2FE9853581}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{F7E1A603-3607-436A-95A4-04B845D4C1EF}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{D6FAE2F3-1001-423D-BA98-1C4CAB2011FC}"= UDP:C:\3dsmax7\3dsmax.exe:3ds max 7 "{49C86ED6-7ECD-4A2F-BE70-705E862470D9}"= TCP:C:\3dsmax7\3dsmax.exe:3ds max 7 "{D27D9354-BDC3-494D-AB6C-90792AEA60A7}"= UDP:C:\Program Files\backburner 2\monitor.exe:backburner 2.3 monitor "{43ACACA3-D641-4233-8327-85C7BC8B6D63}"= TCP:C:\Program Files\backburner 2\monitor.exe:backburner 2.3 monitor "{BAAB7DBF-173F-42BF-A064-2C55DF2FBA42}"= UDP:C:\Program Files\backburner 2\manager.exe:backburner 2.3 manager "{8AB25198-4DFA-4817-82C4-CB37406BE025}"= TCP:C:\Program Files\backburner 2\manager.exe:backburner 2.3 manager "{2A408B3E-4E90-4E76-83B2-6969424FD4E3}"= UDP:C:\Program Files\backburner 2\server.exe:backburner 2.3 server "{9704A9AC-D057-4E45-A480-DD9B481B6C5B}"= TCP:C:\Program Files\backburner 2\server.exe:backburner 2.3 server "{95A7EA5E-F951-43AA-843C-F577E490B5E9}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{306D13E6-0E69-4077-AD14-CFBC3795D661}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "TCP Query User{B44585CC-DA39-4DF1-940C-C24751C72638}C:\\program files\\armagetron advanced\\armagetronad.exe"= UDP:C:\program files\armagetron advanced\armagetronad.exe:armagetronad "UDP Query User{DFA45A4E-075F-4F74-B586-26C86C7BF742}C:\\program files\\armagetron advanced\\armagetronad.exe"= TCP:C:\program files\armagetron advanced\armagetronad.exe:armagetronad "TCP Query User{A1EE0A0E-FB4A-4F06-A1FD-49C9F1A66F16}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{23FC6061-90A8-4A1B-9CDE-6A0CFE16B15D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{C7D9A5EC-3198-4887-A937-718708603895}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps "UDP Query User{E8ED4021-C922-4426-B3E7-14CDB31A39A0}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps "{F9146300-A100-4C67-B5D3-FF57C71154D0}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{80223882-D9F9-4BC0-8ED0-E5B320E4B5BE}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{2C0426E9-C1B1-4F7F-BDC5-D6EDD86DF08D}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{C7A66115-C633-4526-8A79-77042BE00BD4}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{561CB2C7-FF8C-49B0-B58C-7E065D3DF913}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "{8DF10D15-8A79-47C1-B5C9-501F854F3A52}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "{F7B84D25-CCA2-4014-9AD6-81243B906AD6}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{0BD6368C-8E3D-41D3-A428-BB0A9B237068}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{ED336981-E669-4A02-984C-A1858C5B5343}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{26EF711B-F660-41C6-8354-AC3A2F38A4D5}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{2877D2DA-597E-4C4F-AC15-77194E780715}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server "{4E872BE3-5A91-43B5-A7F5-C71C7B6BD880}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server "TCP Query User{5B386B86-EF65-46A2-997D-8924C8829874}C:\\program files\\america's army\\system\\server.exe"= UDP:C:\program files\america's army\system\server.exe:Server "UDP Query User{C4FBEB8C-2097-4F48-AA67-F2AC745276A6}C:\\program files\\america's army\\system\\server.exe"= TCP:C:\program files\america's army\system\server.exe:Server "{595C7D34-BAA6-48DB-A15F-53170FD1AC36}"= TCP:1716:aa1 "{A6C17274-B5D7-409B-9C6E-2173482A4CB7}"= TCP:1717:aa2 "{DBBD742F-9078-414F-BD5F-E5AD4D73968F}"= UDP:20045:aa3 "TCP Query User{8FD02A87-F30F-42F8-B44C-12603A1D923F}C:\\program files\\streammygame\\streamer_server.exe"= UDP:C:\program files\streammygame\streamer_server.exe:Streamer Server "UDP Query User{E48E1C1A-B67C-487C-900B-5E6EBE7E87AE}C:\\program files\\streammygame\\streamer_server.exe"= TCP:C:\program files\streammygame\streamer_server.exe:Streamer Server "TCP Query User{60CD07A3-DEE7-4E4A-A078-E5D7DBF59FA9}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloade r "UDP Query User{723AE648-B88D-491A-B02C-8B3357DC7208}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloade r "TCP Query User{6B394DF3-47D6-452E-B862-528F0B7A2B4C}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{1D36CA36-8741-47C1-9737-2240C6CC8959}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader "TCP Query User{8164BF97-DCCF-46E8-BC7D-62842A79137C}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader "UDP Query User{559E07A6-7295-4279-9C68-94FAF4F1FD5C}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader "TCP Query User{4F615153-3A56-4988-AA36-0C79885E8F32}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F3DC87D6-9561-4A67-9B91-A05C5C53F60A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{1C9AD5AB-7186-4911-8BCF-8C5A79423E1E}C:\\users\\nicola\\desktop\\wow-burningcrusade-enus-installer-downloader.exe"= UDP:C:\users\nicola\desktop\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe "UDP Query User{C08FFE9C-FF07-4845-A539-C6E98351856D}C:\\users\\nicola\\desktop\\wow-burningcrusade-enus-installer-downloader.exe"= TCP:C:\users\nicola\desktop\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe "TCP Query User{5D957545-AA00-4658-86BA-CD73D23C65D1}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\mysql\\bin\\mysq ld-nt.exe"= UDP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt "UDP Query User{841A1E9C-2714-4694-91AF-4B77564FD189}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\mysql\\bin\\mysq ld-nt.exe"= TCP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt "TCP Query User{7809C6FE-70DA-4F88-B80A-18E5D2894A56}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\Apache2\\bin\\Ap ache.exe"= UDP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\Apache2\bin\Apache.e xe:Apache HTTP Server "UDP Query User{0C132C70-990C-43A0-9DA8-B222694BA074}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\diskw\\usr\\local\\Apache2\\bin\\Ap ache.exe"= TCP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\diskw\usr\local\Apache2\bin\Apache.e xe:Apache HTTP Server "TCP Query User{70BF20FE-A990-4AD0-B88E-21176D728525}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\realmd.exe"= UDP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\realmd.exe:realmd "UDP Query User{14F5B90C-D3F1-46BE-B937-C773EEE7560F}C:\\program files\\world of warcraft\\wowplanet-forumwow.net-mangos-tbc~24.09.07~\\realmd.exe"= TCP:C:\program files\world of warcraft\wowplanet-forumwow.net-mangos-tbc~24.09.07~\realmd.exe:realmd "TCP Query User{36DF806C-38F1-41A5-8344-AA502AF7DFF7}C:\\users\\nicola\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe"= UDP:C:\users\nicola\desktop\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe "UDP Query User{CF14F1CA-FB20-47F5-89CE-09B70A0D28B0}C:\\users\\nicola\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe"= TCP:C:\users\nicola\desktop\wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-enus-downloader.exe "TCP Query User{7007C605-E392-4D6B-93EC-A0A9D13C0FA9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{5F23F42A-FB90-4841-AA31-EF564EB124CC}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{C04CD603-036A-4C6E-8DDC-5783BD90C70B}C:\\program files\\steam\\steamapps\\duckinahat\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\duckinahat\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{1096BD97-807E-4E93-A5DF-947276A1D533}C:\\program files\\steam\\steamapps\\duckinahat\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\duckinahat\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{40B79C71-B02C-4971-88C6-CB0DF7997237}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\mysql\\bin\\mysqld.exe"= UDP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\mysql\bin\mysqld.exe:mysqld.exe "UDP Query User{F03727B6-674D-414F-A9C4-7A56DA6D7E6E}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\mysql\\bin\\mysqld.exe"= TCP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\mysql\bin\mysqld.exe:mysqld.exe "TCP Query User{8BD23CA2-1D1B-48A5-AEF8-B9E96E9BC5A3}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\ascent-voicechat.exe"= UDP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\ascent-voicechat.exe:ascent-voicechat.exe "UDP Query User{5258BCA9-16CC-4F79-8CBA-15638F81015D}C:\\users\\nicola\\desktop\\aeirs repack 1.5.0\\ascent\\ascent-voicechat.exe"= TCP:C:\users\nicola\desktop\aeirs repack 1.5.0\ascent\ascent-voicechat.exe:ascent-voicechat.exe "{946004B4-84A1-4DB2-B2D8-656BC1649C11}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{DE675357-348B-4384-B75D-E26BA9D73A02}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{03DD70B2-FA98-4F3C-9D3E-5B6433E50891}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{099AF3CA-4CA2-418D-84AD-F8565B33DFDF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{28431230-1821-4CDB-AF72-2ABF2520156C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{169D0042-9736-44CB-84C1-308A34AE5580}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{09CC9A45-2D72-4648-A4F8-7C653B82B8C6}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{B3AC7095-CA42-4DE2-9881-159BA34E5FA4}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{F24EA95C-1C3E-40AD-A50D-597B74BB9073}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{08E8C36E-2E3F-45A5-830A-6E3B03B8E939}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager "{511D0279-3AC7-4FAF-AAC2-6B9A37C09029}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F019D024-53AC-46BD-9B48-0C0E9C96B305}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{6E2FF109-A7C0-40B3-AB94-86A9210467B0}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|S vc=DFSR:Allow inbound TCP traffic\| R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 10:59] R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin. exe -cfg C:\CFusionMX7\verity\k2\common\verity.cfg [] R3 RecFltr;Reclusa Keyboard;C:\Windows\system32\Drivers\RecFltr.sys [2007-01-18 10:21] S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-28 17:01] S3 sonydcam;Generic 1394 Desktop Camera;C:\Windows\system32\DRIVERS\sonydcam.sys [2006-11-02 01:55] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-28 18:54] . Contents of the 'Scheduled Tasks' folder "2008-07-03 01:00:00 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-07-11 04:30:00 C:\Windows\Tasks\User_Feed_Synchronization-{CA70DCE3-FCF2-45D3-963C-9266B9DC01B0}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-10 21:29:46 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-07-10 21:30:57 ComboFix-quarantined-files.txt 2008-07-11 04:30:48 ComboFix2.txt 2008-07-11 04:11:21 The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 238,104,690,688 bytes free 236 --- E O F --- 2008-07-11 02:11:27

07-11-2008, 06:44 AM	#4 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 15 Posts: 8,361	can you pls now post a fresh hijackthis log. __________________ Cohen

07-11-2008, 06:58 AM	#6 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 15 Posts: 8,361	Well the combo fix log did something, because the size of this hijackthis log compared to the first one, this log is smaller..... i would like to help you more, but i can't due to not having enough trying, i'm still learning, i leave it for one of the other higher guys to give you some advice, i will still be here and watch, if you have any questions just post them here. Sorry __________________ Cohen

07-11-2008, 06:47 AM	#5 (permalink)
duckinahat New Member Join Date: Jul 2008 Posts: 6	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:42 PM, on 7/10/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\RTHDCPL.exe C:\Program Files\Razer\Reclusa\razerhid.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Razer\Reclusa\razertra.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\p2phost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\SHORTK~1\shklite.exe C:\Users\Nicola\Desktop\D-Load\HiJackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKLM\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMap - Unknown owner - C:\Program Files\OPENXTRA\NMapWin\bin\nmapserv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 8292 bytes

07-11-2008, 07:00 AM	#7 (permalink)
duckinahat New Member Join Date: Jul 2008 Posts: 6	Ok, thanks for trying.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Scans clean, still saying 1 spyware infection. hijackthis log	Washrag	Computer Security	17	04-14-2008 12:51 PM
I got viruses.........hijackthis log	m0nk3ys1ms	Computer Security	8	07-21-2006 03:25 AM
Help loads of popups and spyware and here is my hijackthis log	age123	Computer Security	0	12-22-2005 11:39 PM
Hijackthis Logs	Buzz1927	Computer Security	0	10-17-2005 06:30 PM
HijackThis Log	Charlie7940	Computer Security	13	08-18-2005 02:10 AM