please help (trojan)

SAD_DC · 07-14-2008, 08:45 PM

ok well I dont know who was on this computer but when I get on and try to open a folder I get this critical error message
"Attention, (user)! Some Dangerous viruses detected in your system. Windows Vista (TM) files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now!

Click OK to download the antispyware. (Recommended)"

Please help Ive tried runing ad aware, Spybot, Cclean and spyware doctor and its still here...

I really would appreciate it if someone took the time to help me out...

Thanks alot.

Respital · 07-14-2008, 08:52 PM

Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

dopester-2k8 · 07-15-2008, 12:55 AM

You need to find out if the antivirus program is saying that the vista files are corrupted.
If it isn't then the message is the virus, i've had this problem before and i used system restore to fix the problem.
Go to the date when then message popped up and restore it to that date.

Tell me the progress

seecor · 07-15-2008, 01:34 AM

Whatever You Do, Dont download The anti virus its asking you to
This is Usally another virus.

And To Backup What Dopester Said
Is it the Pop up that says Theres an error Or Your anti virus ? ? ?

cohen · 07-15-2008, 03:32 AM

Quote:

Originally Posted by dopester-2k8

You need to find out if the antivirus program is saying that the vista files are corrupted.
If it isn't then the message is the virus, i've had this problem before and i used system restore to fix the problem.
Go to the date when then message popped up and restore it to that date.

Tell me the progress

Quote:

Originally Posted by seecor

Whatever You Do, Dont download The anti virus its asking you to
This is Usally another virus.

And To Backup What Dopester Said
Is it the Pop up that says Theres an error Or Your anti virus ? ? ?

Guys look, as soon as we get the hijackthis log we can figure these things out, we don't need your help really, leave it to use other guys who know a little more about these sort of things in this area of the forum.

SAD_DC · 07-16-2008, 08:14 AM

ok. sorry it took so long to get back I was away. anyways I did what you said respital and heres the log. Im pretty sure the pop up is the virus but thats my idea. lol It just doesent look like a legit pop up...oh well....

Thanks Alot guys.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:11:07, on 7/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\Windows\system32\nvf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtRkLCR.dll,#1
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\mlJAqnMC.dll, #1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\xxyyxuvU.dll, c
O4 - HKCU\..\Run: [BMf76466eb] Rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ojasynkf.dll ",s
O4 - HKCU\..\Run: [f4575577] rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ihbslpds.dll ",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10145 bytes

cohen · 07-16-2008, 08:35 AM

Thankyou, Pls do the following:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Then post a fresh Hijackthis log.

SAD_DC · 07-16-2008, 10:09 AM

here you go hijackthis comming next

ComboFix 08-07-13.14 - Amin Elmesquine 2008-07-15 2:58:42.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1056 [GMT -5:00]
Running from: C:\Users\Amin Elmesquine\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat
C:\Windows\system32\awtRkLCR.dll
C:\Windows\system32\efcdbcax.dll
C:\Windows\system32\tuvWmlKA.dll
C:\Windows\system32\urQijHaA.dll

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
hxxp://liveupdatesnet.com
.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 01:10 . 2008-07-15 01:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 11:36 . 2008-07-11 11:36 <DIR> d-------- C:\Users\Amin Elmeqsquine\AppData\Roaming\PC Tools
2008-07-11 11:36 . 2008-07-14 21:16 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-11 11:36 . 2008-07-14 21:16 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-11 11:36 . 2008-07-11 10:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-11 11:36 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-07-11 11:36 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-11 11:36 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-11 11:36 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-11 11:36 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2008-07-11 00:56 . 2008-07-11 00:56 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 00:52 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-07-11 00:52 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-07-11 00:52 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-07-11 00:52 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-07-11 00:52 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-07-11 00:52 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-07-11 00:52 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-07-11 00:52 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-07-11 00:52 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-07-11 00:52 . 2008-07-11 00:52 4,802 --a------ C:\Windows\System32\tmp.reg
2008-07-11 00:51 . 2008-07-11 00:52 <DIR> d-------- C:\Windows\SmitfraudFix
2008-07-10 12:25 . 2008-07-10 12:25 19,968 --a------ C:\Windows\System32\nvf.dll
2008-07-10 12:21 . 2008-07-10 12:21 19,968 --a------ C:\Windows\System32\nvgfilter.dll
2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\tuvUNHAS.dll
2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\pmnlljIa.dll
2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\opnmNDvu.dll
2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\jkkHXnOe.dll
2008-06-26 15:10 . 2008-06-26 15:10 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-06-18 23:57 . 2008-06-18 23:57 <DIR> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-15 02:05 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Xfire
2008-07-13 22:14 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\uTorrent
2008-07-13 05:06 --------- d-----w C:\ProgramData\Xfire
2008-07-11 16:35 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Download Manager
2008-07-11 16:34 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Apple Computer
2008-07-11 11:04 --------- d-----w C:\Program Files\QuickTime
2008-07-11 06:17 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\ImgBurn
2008-07-11 05:50 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-10 16:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-09 02:11 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Vso
2008-07-09 01:58 --------- d-----w C:\ProgramData\DVD Shrink
2008-07-03 05:46 --------- d-----w C:\Program Files\Safari
2008-07-01 15:27 --------- d-s---w C:\Program Files\Xfire
2008-06-19 04:57 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Lavasoft
2008-06-12 19:00 --------- d-----w C:\Program Files\DivX
2008-06-02 05:49 --------- d-----w C:\Program Files\Datel
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 16:51 --------- d-----w C:\ProgramData\Viewpoint
2008-05-27 16:51 --------- d-----w C:\ProgramData\AOL
2008-05-27 16:51 --------- d-----w C:\Program Files\AIM6
2008-05-27 16:44 --------- d-----w C:\ProgramData\AOL Downloads
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-11 06:38 22,328 ----a-w C:\Users\Amin Elmesquine\AppData\Roaming\PnkBstrK.sys
2007-02-02 10:36 87,608 ----a-w C:\Users\Amin Elmesquine\AppData\Roaming\ezpinst.exe
2007-02-02 10:36 47,360 ----a-w C:\Users\Amin Elmesquine\AppData\Roaming\pcouffin.sys
2006-11-02 12:49 174 --sha-w C:\Program Files\desktop.ini
2007-02-02 07:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2007-02-02 07:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-02-02 07:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
2007-04-01 18:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
2007-04-01 18:56 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-04-01 18:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-26 22:20 131,145 --sha-r C:\Windows\System32\ope1B30.exe
2007-06-26 22:21 131,145 --sha-r C:\Windows\System32\ope1CA2.exe
2007-06-26 22:21 131,145 --sha-r C:\Windows\System32\ope4F5B.exe
2007-06-26 22:20 131,145 --sha-r C:\Windows\System32\opeAB8E.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:33 1196032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:34 125440]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48 157592]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 02:23 221568]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:33 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:32 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-17 21:24 184320]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 16:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-26 16:17 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-04-26 16:17 81920]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-03 22:04 185632]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-07-11 11:38 1065800]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 05:39 90112 C:\Windows\soundman.exe]

C:\Users\Amin Elmesquine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-26 15:10:40 3031376]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVDIdle Pro\DVDShell.dll" [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{48D95517-0425-43DA-A25B-9EF0BBAF0BF1}C:\\program files\\turbo torrent\\ttorrent.exe"= UDP:C:\program files\turbo torrent\ttorrent.exe:ttorrent
"UDP Query User{3AD0AC96-F62F-4C65-BC92-32DFC3587DAC}C:\\program files\\turbo torrent\\ttorrent.exe"= TCP:C:\program files\turbo torrent\ttorrent.exe:ttorrent
"{C5147B1D-88B1-4BB3-9BC7-F6B9C6888A82}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{C6D36C85-B1EC-48F8-83A1-97D852F6459B}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{D8ED019F-E5AA-4EAD-9AF4-821777AA2588}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C2471414-DBBE-47D8-A966-0AD56DE7873C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{598D366A-934A-460D-AFF7-6706CFF14ADE}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{E80ABABC-1A1D-44EF-A5CC-0605EBCFFC2F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{A677CAA3-A720-4AF0-B7DB-E351B8CF4F27}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{F40E8E36-03AD-4101-9FEF-3E451DF1B39E}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{F20FDA5F-1935-4F44-BF5C-2EF143225D5F}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{B1586CED-5DB8-478E-A1E3-9609E6BFD1DF}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"{CF9B9B36-BE9F-4265-86AD-E4D9847E3375}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{970CBA02-A835-43CB-8198-A541C623F688}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5D88C314-A15E-4BFF-8373-876E9024A483}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B04BFF8F-EA2E-432B-873C-29AA14EB1717}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D36F1F54-4567-40E9-8B58-1D6090D0086C}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{4B9F98F9-ABCE-4AD3-AAD9-F5619AE42AA2}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{85CDCC6B-24D0-41B6-8C91-D5460BF7BCFA}C:\\program files\\warez\\warez.exe"= UDP:C:\program files\warez\warez.exe:Warez
"UDP Query User{412D0444-9B89-46AC-98FC-06744D122150}C:\\program files\\warez\\warez.exe"= TCP:C:\program files\warez\warez.exe:Warez
"{F4BDF477-547C-4865-BAA2-38AAAE94B64F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{968C1F73-CC04-4070-AC09-EF379E469BB6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{CF58555A-8515-4434-9D2C-5F4E9A142A2D}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{6AA9BB07-8B47-4F93-8D38-502518A56690}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{A5C81A6E-41F9-42F0-A23C-FAC197A3C517}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{85351161-C384-4857-BB12-315194228579}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{10443E08-6D1C-4444-AB47-7260AD8D57A1}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{AF30454B-28C3-4F5B-9F5D-6D7B6155CE10}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{E38E1253-F3C6-4BD2-B350-56585E8795D4}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{F2A8C72C-18FE-49CC-BFF1-15AADE4E2C42}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FF65BAC3-6431-4339-A39C-C3B5744B4CCD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6A7BC0FA-9CAF-461B-A346-C6C1249B07F1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E8E356BC-F0E2-410F-B9BA-E5E6F392ABD1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7B87927A-2216-4AD1-B022-BFE30669A531}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAC69C5A-11AF-4C1D-BF43-BFAB5146AB37}"= UDP:C:\Windows\System32\PnkBstrA.exe

nkBstrA
"{8315E1AF-6F9C-4644-A87D-8732ABCF5569}"= TCP:C:\Windows\System32\PnkBstrA.exe

nkBstrA
"{892B8151-FC89-47E1-87FB-2FB36241E391}"= UDP:C:\Windows\System32\PnkBstrB.exe

nkBstrB
"{2BC554DB-EAFB-47D2-91EC-A597844951E1}"= TCP:C:\Windows\System32\PnkBstrB.exe

nkBstrB
"{FC5C6E23-BA87-4AEA-82C0-52CA766C6863}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{191D2C1A-6822-4F54-BB33-29A1F67B4F08}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{E4F7B6A9-1FA7-43B9-8911-3E584384FD37}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{6B1F30D5-909C-42F5-89D3-DBEB70F4B5B3}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{36C0D1B6-1ECF-42ED-91D5-D9B5A626F6A6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{075A2168-7F15-4B82-B43B-CDB3ED21ED63}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C50DE919-E902-468D-907E-9E5717C6B7B2}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3FEC9F80-0C79-4F01-B312-0A6C14CAE258}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{69E745AC-2355-4DF2-AAFB-BAA5A9BAEF12}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{304A7C26-BA16-45A1-A1AB-24EE5F2CF9D3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3AB64A1B-9644-4086-9742-F996DBDE8FCB}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD36198A-AA11-49AC-A26E-EAFF5EBEEEC2}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DF437572-7DBE-458E-A0E4-9C5AE2E59A19}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{82275C33-4A99-4234-889E-3B4BD8CC143B}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PxHelper;PxHelper;C:\Windows\system32\drivers\PxHe lper.sys [2000-02-05 12:01]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-05-04 11:21]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 11:20]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-06-11 02:00]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop. sys [2007-02-02 02:28]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\autorun.exe
\shell\setup\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{824fa05b-012a-11dc-b50f-00508ddba7e3}]
\shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85690c21-b2aa-11db-b04a-00508ddba7e3}]
\shell\AutoRun\command - E:\launcher.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 17:52:14 C:\Windows\Tasks\User_Feed_Synchronization-{05193892-C24F-431E-A236-FCE4F1E9765B}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-MSServer - C:\Windows\system32\awtRkLCR.dll
HKLM-Run-Microsoft Corp Updates - wupdates.exe
HKLM-RunServices-Microsoft Corp Updates - wupdates.exe

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 03:04:18
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Windows\TEMP\TMP0000008490D729C2EF773D7E

scan completed successfully
hidden files: 1

************************************************** ************************
.
Completion time: 2008-07-15 3:06:10
ComboFix-quarantined-files.txt 2008-07-15 08:06:04

Pre-Run: 145,422,884,864 bytes free
Post-Run: 145,476,390,912 bytes free

257

SAD_DC · 07-16-2008, 10:10 AM

And heres Hijack this.
I really appreciate the help by the way.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:11:07, on 7/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\Windows\system32\nvf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtRkLCR.dll,#1
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\mlJAqnMC.dll, #1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\xxyyxuvU.dll, c
O4 - HKCU\..\Run: [BMf76466eb] Rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ojasynkf.dll ",s
O4 - HKCU\..\Run: [f4575577] rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ihbslpds.dll ",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10145 bytes

SAD_DC · 07-16-2008, 10:11 AM

double post sorry

07-14-2008, 08:45 PM	#1 (permalink)
SAD_DC Platinum Member Join Date: Oct 2005 Posts: 661	please help (trojan) ok well I dont know who was on this computer but when I get on and try to open a folder I get this critical error message "Attention, (user)! Some Dangerous viruses detected in your system. Windows Vista (TM) files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download the antispyware. (Recommended)" Please help Ive tried runing ad aware, Spybot, Cclean and spyware doctor and its still here... I really would appreciate it if someone took the time to help me out... Thanks alot. __________________ CPU:Amd Athlon X2 Dual Core 4200+ (939) 2.20GHz CPU Fan: Zalman CNPS9700 LED MoBo: KN8 SLi 939 R.A.M: OCZ 4x 512 PC3200 DDR 400MHz Video Card: 7950 Gt H.D.D: Maxtor 300gig 7200 rpm H.D.D 2: W.D 500gig 7200 rpm Sound Card: Stock Microsoft Wireless Optical Desktop 1000 PsU: Aspire 550-Watt Chameleon

07-15-2008, 01:34 AM	#4 (permalink)
seecor Bronze Member Join Date: Feb 2008 Posts: 39	Whatever You Do, Dont download The anti virus its asking you to This is Usally another virus. And To Backup What Dopester Said Is it the Pop up that says Theres an error Or Your anti virus ? ? ? __________________ Packard Bell Meida Center 2.6 GHZ 512 RAM 130 GB XP pro

07-16-2008, 08:14 AM	#6 (permalink)
SAD_DC Platinum Member Join Date: Oct 2005 Posts: 661	ok. sorry it took so long to get back I was away. anyways I did what you said respital and heres the log. Im pretty sure the pop up is the virus but thats my idea. lol It just doesent look like a legit pop up...oh well.... Thanks Alot guys..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:11:07, on 7/15/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\soundman.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wermgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\Windows\system32\nvf.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtRkLCR.dll,#1 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\mlJAqnMC.dll, #1 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\xxyyxuvU.dll, c O4 - HKCU\..\Run: [BMf76466eb] Rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ojasynkf.dll ",s O4 - HKCU\..\Run: [f4575577] rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ihbslpds.dll ",b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10145 bytes __________________ CPU:Amd Athlon X2 Dual Core 4200+ (939) 2.20GHz CPU Fan: Zalman CNPS9700 LED MoBo: KN8 SLi 939 R.A.M: OCZ 4x 512 PC3200 DDR 400MHz Video Card: 7950 Gt H.D.D: Maxtor 300gig 7200 rpm H.D.D 2: W.D 500gig 7200 rpm Sound Card: Stock Microsoft Wireless Optical Desktop 1000 PsU: Aspire 550-Watt Chameleon

07-16-2008, 08:35 AM	#7 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 14 Posts: 8,181	Thankyou, Pls do the following: Download and Run ComboFix If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Download this file from one of the three below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. Then post a fresh Hijackthis log. __________________ My Website Desktop / Laptop Motherboard: Asus M2N X SE / Unknown CPU: AMD 4000+ 2.1GHZ x 2 / Intel Pentium M 1.60GHZ Ram: 2GB Transcend / 512MB Hard Drive: 320GB / 60GB Video Card: Both Intergrated Monitor: 19" Benq / 15.4" OS: Windows Vista Home Premium Service Pack 1 / Windows XP Professional Service Pack 3

07-16-2008, 10:09 AM	#8 (permalink)
SAD_DC Platinum Member Join Date: Oct 2005 Posts: 661	here you go hijackthis comming next ComboFix 08-07-13.14 - Amin Elmesquine 2008-07-15 2:58:42.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1056 [GMT -5:00] Running from: C:\Users\Amin Elmesquine\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat C:\Windows\system32\awtRkLCR.dll C:\Windows\system32\efcdbcax.dll C:\Windows\system32\tuvWmlKA.dll C:\Windows\system32\urQijHaA.dll ----- BITS: Possible infected sites ----- hxxp://theinstalls.com hxxp://liveupdatesnet.com . ((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))) . 2008-07-15 01:10 . 2008-07-15 01:10 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-11 11:36 . 2008-07-11 11:36 <DIR> d-------- C:\Users\Amin Elmeqsquine\AppData\Roaming\PC Tools 2008-07-11 11:36 . 2008-07-14 21:16 <DIR> d-a------ C:\Users\All Users\TEMP 2008-07-11 11:36 . 2008-07-14 21:16 <DIR> d-a------ C:\ProgramData\TEMP 2008-07-11 11:36 . 2008-07-11 10:16 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-07-11 11:36 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll 2008-07-11 11:36 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-07-11 11:36 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-07-11 11:36 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-07-11 11:36 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys 2008-07-11 00:56 . 2008-07-11 00:56 <DIR> d-------- C:\Program Files\CCleaner 2008-07-11 00:52 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-07-11 00:52 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-07-11 00:52 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-07-11 00:52 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-07-11 00:52 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe 2008-07-11 00:52 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe 2008-07-11 00:52 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe 2008-07-11 00:52 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-07-11 00:52 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-07-11 00:52 . 2008-07-11 00:52 4,802 --a------ C:\Windows\System32\tmp.reg 2008-07-11 00:51 . 2008-07-11 00:52 <DIR> d-------- C:\Windows\SmitfraudFix 2008-07-10 12:25 . 2008-07-10 12:25 19,968 --a------ C:\Windows\System32\nvf.dll 2008-07-10 12:21 . 2008-07-10 12:21 19,968 --a------ C:\Windows\System32\nvgfilter.dll 2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\tuvUNHAS.dll 2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\pmnlljIa.dll 2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\opnmNDvu.dll 2008-07-10 11:27 . 2008-07-10 11:27 33,152 --a------ C:\Windows\System32\jkkHXnOe.dll 2008-06-26 15:10 . 2008-06-26 15:10 42,320 --a------ C:\Windows\System32\xfcodec.dll 2008-06-18 23:57 . 2008-06-18 23:57 <DIR> d-------- C:\Program Files\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-07-15 02:05 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Xfire 2008-07-13 22:14 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\uTorrent 2008-07-13 05:06 --------- d-----w C:\ProgramData\Xfire 2008-07-11 16:35 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Download Manager 2008-07-11 16:34 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Apple Computer 2008-07-11 11:04 --------- d-----w C:\Program Files\QuickTime 2008-07-11 06:17 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\ImgBurn 2008-07-11 05:50 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-07-10 16:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-09 02:11 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Vso 2008-07-09 01:58 --------- d-----w C:\ProgramData\DVD Shrink 2008-07-03 05:46 --------- d-----w C:\Program Files\Safari 2008-07-01 15:27 --------- d-s---w C:\Program Files\Xfire 2008-06-19 04:57 --------- d-----w C:\Users\Amin Elmesquine\AppData\Roaming\Lavasoft 2008-06-12 19:00 --------- d-----w C:\Program Files\DivX 2008-06-02 05:49 --------- d-----w C:\Program Files\Datel 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-05-27 16:51 --------- d-----w C:\ProgramData\Viewpoint 2008-05-27 16:51 --------- d-----w C:\ProgramData\AOL 2008-05-27 16:51 --------- d-----w C:\Program Files\AIM6 2008-05-27 16:44 --------- d-----w C:\ProgramData\AOL Downloads 2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2007-10-11 06:38 22,328 ----a-w C:\Users\Amin Elmesquine\AppData\Roaming\PnkBstrK.sys 2007-02-02 10:36 87,608 ----a-w C:\Users\Amin Elmesquine\AppData\Roaming\ezpinst.exe 2007-02-02 10:36 47,360 ----a-w C:\Users\Amin Elmesquine\AppData\Roaming\pcouffin.sys 2006-11-02 12:49 174 --sha-w C:\Program Files\desktop.ini 2007-02-02 07:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t 2007-02-02 07:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-02-02 07:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat 2007-04-01 18:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat 2007-04-01 18:56 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-04-01 18:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat 2007-06-26 22:20 131,145 --sha-r C:\Windows\System32\ope1B30.exe 2007-06-26 22:21 131,145 --sha-r C:\Windows\System32\ope1CA2.exe 2007-06-26 22:21 131,145 --sha-r C:\Windows\System32\ope4F5B.exe 2007-06-26 22:20 131,145 --sha-r C:\Windows\System32\opeAB8E.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:33 1196032] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:34 125440] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48 157592] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 02:23 221568] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:33 201728] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:32 2159104 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Windows\system32\NeroCheck.e xe" [2001-07-09 11:50 155648] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-17 21:24 184320] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 16:17 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-26 16:17 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-04-26 16:17 81920] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-03 22:04 185632] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50 1603152] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-07-11 11:38 1065800] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 05:39 90112 C:\Windows\soundman.exe] C:\Users\Amin Elmesquine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-26 15:10:40 3031376] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVDIdle Pro\DVDShell.dll" [2004-10-09 16:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{48D95517-0425-43DA-A25B-9EF0BBAF0BF1}C:\\program files\\turbo torrent\\ttorrent.exe"= UDP:C:\program files\turbo torrent\ttorrent.exe:ttorrent "UDP Query User{3AD0AC96-F62F-4C65-BC92-32DFC3587DAC}C:\\program files\\turbo torrent\\ttorrent.exe"= TCP:C:\program files\turbo torrent\ttorrent.exe:ttorrent "{C5147B1D-88B1-4BB3-9BC7-F6B9C6888A82}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{C6D36C85-B1EC-48F8-83A1-97D852F6459B}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{D8ED019F-E5AA-4EAD-9AF4-821777AA2588}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{C2471414-DBBE-47D8-A966-0AD56DE7873C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{598D366A-934A-460D-AFF7-6706CFF14ADE}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{E80ABABC-1A1D-44EF-A5CC-0605EBCFFC2F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{A677CAA3-A720-4AF0-B7DB-E351B8CF4F27}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps "UDP Query User{F40E8E36-03AD-4101-9FEF-3E451DF1B39E}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps "TCP Query User{F20FDA5F-1935-4F44-BF5C-2EF143225D5F}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM "UDP Query User{B1586CED-5DB8-478E-A1E3-9609E6BFD1DF}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM "{CF9B9B36-BE9F-4265-86AD-E4D9847E3375}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{970CBA02-A835-43CB-8198-A541C623F688}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{5D88C314-A15E-4BFF-8373-876E9024A483}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{B04BFF8F-EA2E-432B-873C-29AA14EB1717}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{D36F1F54-4567-40E9-8B58-1D6090D0086C}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{4B9F98F9-ABCE-4AD3-AAD9-F5619AE42AA2}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{85CDCC6B-24D0-41B6-8C91-D5460BF7BCFA}C:\\program files\\warez\\warez.exe"= UDP:C:\program files\warez\warez.exe:Warez "UDP Query User{412D0444-9B89-46AC-98FC-06744D122150}C:\\program files\\warez\\warez.exe"= TCP:C:\program files\warez\warez.exe:Warez "{F4BDF477-547C-4865-BAA2-38AAAE94B64F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{968C1F73-CC04-4070-AC09-EF379E469BB6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{CF58555A-8515-4434-9D2C-5F4E9A142A2D}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs "{6AA9BB07-8B47-4F93-8D38-502518A56690}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs "{A5C81A6E-41F9-42F0-A23C-FAC197A3C517}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{85351161-C384-4857-BB12-315194228579}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas "{10443E08-6D1C-4444-AB47-7260AD8D57A1}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas "{AF30454B-28C3-4F5B-9F5D-6D7B6155CE10}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater "{E38E1253-F3C6-4BD2-B350-56585E8795D4}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater "{F2A8C72C-18FE-49CC-BFF1-15AADE4E2C42}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{FF65BAC3-6431-4339-A39C-C3B5744B4CCD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6A7BC0FA-9CAF-461B-A346-C6C1249B07F1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E8E356BC-F0E2-410F-B9BA-E5E6F392ABD1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7B87927A-2216-4AD1-B022-BFE30669A531}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAC69C5A-11AF-4C1D-BF43-BFAB5146AB37}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{8315E1AF-6F9C-4644-A87D-8732ABCF5569}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{892B8151-FC89-47E1-87FB-2FB36241E391}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{2BC554DB-EAFB-47D2-91EC-A597844951E1}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{FC5C6E23-BA87-4AEA-82C0-52CA766C6863}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe "{191D2C1A-6822-4F54-BB33-29A1F67B4F08}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe "{E4F7B6A9-1FA7-43B9-8911-3E584384FD37}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM) "{6B1F30D5-909C-42F5-89D3-DBEB70F4B5B3}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM) "{36C0D1B6-1ECF-42ED-91D5-D9B5A626F6A6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{075A2168-7F15-4B82-B43B-CDB3ED21ED63}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{C50DE919-E902-468D-907E-9E5717C6B7B2}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{3FEC9F80-0C79-4F01-B312-0A6C14CAE258}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{69E745AC-2355-4DF2-AAFB-BAA5A9BAEF12}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{304A7C26-BA16-45A1-A1AB-24EE5F2CF9D3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{3AB64A1B-9644-4086-9742-F996DBDE8FCB}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{BD36198A-AA11-49AC-A26E-EAFF5EBEEEC2}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{DF437572-7DBE-458E-A0E4-9C5AE2E59A19}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM "{82275C33-4A99-4234-889E-3B4BD8CC143B}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|S vc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 PxHelper;PxHelper;C:\Windows\system32\drivers\PxHe lper.sys [2000-02-05 12:01] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-05-04 11:21] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 11:20] R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38] S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-06-11 02:00] S2 TimerStop;TimerStop;C:\Windows\system32\timerstop. sys [2007-02-02 02:28] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E] \shell\AutoRun\command - E:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\I] \shell\AutoRun\command - I:\autorun.exe \shell\setup\command - I:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{824fa05b-012a-11dc-b50f-00508ddba7e3}] \shell\AutoRun\command - J:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85690c21-b2aa-11db-b04a-00508ddba7e3}] \shell\AutoRun\command - E:\launcher.exe Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-07-14 17:52:14 C:\Windows\Tasks\User_Feed_Synchronization-{05193892-C24F-431E-A236-FCE4F1E9765B}.job" - C:\Windows\system32\msfeedssync.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-MSServer - C:\Windows\system32\awtRkLCR.dll HKLM-Run-Microsoft Corp Updates - wupdates.exe HKLM-RunServices-Microsoft Corp Updates - wupdates.exe ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-15 03:04:18 Windows 6.0.6000 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Windows\TEMP\TMP0000008490D729C2EF773D7E scan completed successfully hidden files: 1 ********************************************** ********************** . Completion time: 2008-07-15 3:06:10 ComboFix-quarantined-files.txt 2008-07-15 08:06:04 Pre-Run: 145,422,884,864 bytes free Post-Run: 145,476,390,912 bytes free 257 __________________ CPU:Amd Athlon X2 Dual Core 4200+ (939) 2.20GHz CPU Fan: Zalman CNPS9700 LED MoBo: KN8 SLi 939 R.A.M: OCZ 4x 512 PC3200 DDR 400MHz Video Card: 7950 Gt H.D.D: Maxtor 300gig 7200 rpm H.D.D 2: W.D 500gig 7200 rpm Sound Card: Stock Microsoft Wireless Optical Desktop 1000 PsU: Aspire 550-Watt Chameleon

07-15-2008, 12:55 AM	#3 (permalink)
dopester-2k8 New Member Join Date: Jul 2008 Posts: 14	You need to find out if the antivirus program is saying that the vista files are corrupted. If it isn't then the message is the virus, i've had this problem before and i used system restore to fix the problem. Go to the date when then message popped up and restore it to that date. Tell me the progress

07-16-2008, 10:10 AM	#9 (permalink)
SAD_DC Platinum Member Join Date: Oct 2005 Posts: 661	And heres Hijack this. I really appreciate the help by the way. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:11:07, on 7/15/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\soundman.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wermgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IESiteBlocker.NavFilter - {1AB6932F-92FE-42E6-870C-544AE458EA78} - C:\Windows\system32\nvf.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtRkLCR.dll,#1 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\mlJAqnMC.dll, #1 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AMINEL~1\AppData\Local\Temp\xxyyxuvU.dll, c O4 - HKCU\..\Run: [BMf76466eb] Rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ojasynkf.dll ",s O4 - HKCU\..\Run: [f4575577] rundll32.exe "C:\Users\AMINEL~1\AppData\Local\Temp\ihbslpds.dll ",b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10145 bytes __________________ CPU:Amd Athlon X2 Dual Core 4200+ (939) 2.20GHz CPU Fan: Zalman CNPS9700 LED MoBo: KN8 SLi 939 R.A.M: OCZ 4x 512 PC3200 DDR 400MHz Video Card: 7950 Gt H.D.D: Maxtor 300gig 7200 rpm H.D.D 2: W.D 500gig 7200 rpm Sound Card: Stock Microsoft Wireless Optical Desktop 1000 PsU: Aspire 550-Watt Chameleon

07-16-2008, 10:11 AM	#10 (permalink)
SAD_DC Platinum Member Join Date: Oct 2005 Posts: 661	double post sorry __________________ CPU:Amd Athlon X2 Dual Core 4200+ (939) 2.20GHz CPU Fan: Zalman CNPS9700 LED MoBo: KN8 SLi 939 R.A.M: OCZ 4x 512 PC3200 DDR 400MHz Video Card: 7950 Gt H.D.D: Maxtor 300gig 7200 rpm H.D.D 2: W.D 500gig 7200 rpm Sound Card: Stock Microsoft Wireless Optical Desktop 1000 PsU: Aspire 550-Watt Chameleon Last edited by SAD_DC; 07-16-2008 at 10:12 AM. Reason: double post

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Trojan Help	cmoney0954	Computer Security	10	04-30-2008 12:26 PM
Virus Identified	alyoob	Computer Security	13	03-17-2008 08:22 PM
trojan wont go away even with trojan remover	wargamedt	Computer Security	5	02-26-2008 08:48 PM
System Alert!! Fake! Re: anti-vermins.com	J_D	Computer Security	5	01-07-2007 01:36 PM
Looking for good trojan remover..	Hobo_man	Computer Security	1	01-01-2006 05:00 AM