BIG boo boo, Hijackthis log included for your pleasure

Vizy · 07-17-2008, 03:25 AM

Hey guys, yea its me. I recently had my uxtheme.dll file patched, which opened up a new world of underground themes and all. I was trying out a few different websites, then i came across one, which had a really cool theme. i downloaded it:
Then what do you know?? A virus warning came up with avg 2008 free edition. I deleted the file, and deleted the recyclebin, then what? I was bombarded with avg notifications. so then i went online to to go download hijackthis, but my internet was slowing down...fast.

I then did a search in google, 'hijackthis', and then i clicked a link...nothing. i tried everysingle link on the page, didn't work. I then clicked my bookmark for CF, that didn't work either. So i just typed in the address. That didn't work either. After that, i just disabled my wifi adapter, and i did a AVG scan. It came up with 1367 threats. It took out about a 1000 of them. then it asked for a restart.

I said, sure, then it restarted and then something wierd happened, it went to windows login screen. it never does that. just goes straight to my one and only account. so then i click my name and picture, or icon. Then it logs in, and logs out. I kept doing it and nothing happened. So i restarted the comp again, and again to no avail, i just hit safemode with networking.

That is where i am typing this right now, and here is my hijackthis log.

btw, idk if this is ismportant or not, but i ran hijackthis through safemode. the only way i could. if i'm skrewd, please tell me, i can just reformatt it. \

Vizy · 07-17-2008, 03:29 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:43 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin
F:\Program Files\Mozilla Firefox\firefox.exe
J:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - F:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - F:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D981FB76-12FD-4033-A60D-2C445FEB19BB}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6387 bytes

Vizy · 07-17-2008, 03:29 AM

sorry about the spelling and stuff. Also, i just wanna say thanks to whoever reads this thread and offers a wee bit of advice.

cohen · 07-17-2008, 03:32 AM

Hey,

Pls download and run Combo Fix, i would post my code, but i don't have my document here, at school

Vizy · 07-17-2008, 03:40 AM

is it even possible to see anything wrong with this log?

Vizy · 07-17-2008, 03:42 AM

i downloaded it from the bleeping computer website. I saved it. Ran it. And an error came up. apparently i'm missing the regedit.exe file from my windows dir....

Thanks alot cohen anyways. I really appreciate. i hope you're enjoying school. I'm gonna try to see if i can reformatt.

Vizy · 07-17-2008, 03:59 AM

Ok i got back into my regular account. i was greeted with another pop up from avg. Here is another hijack this log, ran from the infected account:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:29 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
F:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.ex e
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Vishal\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - F:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - F:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] F:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [TrueTransparency] "C:\Firefox Downloads\truetransparency-crystalxp.net-en-5139\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [Taskbar Shuffle] F:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (User '?')
O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui (User '?')
O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [TrueTransparency] "C:\Firefox Downloads\truetransparency-crystalxp.net-en-5139\TrueTransparency\TrueTransparency.exe" (User '?')
O4 - S-1-5-21-1123561945-854245398-839522115-1004 Startup: Fuzzy Friend.lnk = C:\Documents and Settings\Vishal\Local Settings\Temp\Temporary Directory 1 for fuzzy.zip\fuzzy.exe (User '?')
O4 - S-1-5-21-1123561945-854245398-839522115-1004 Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - Startup: Fuzzy Friend.lnk = C:\Documents and Settings\Vishal\Local Settings\Temp\Temporary Directory 1 for fuzzy.zip\fuzzy.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://F:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://F:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D981FB76-12FD-4033-A60D-2C445FEB19BB}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 10297 bytes

G25r8cer · 07-17-2008, 04:32 AM

Wow that pc is junked majorly. If it says you are missing "regedit" then the only way to get that back is a Repair Installation or a reformat.

cohen · 07-17-2008, 05:21 AM

Quote:

Originally Posted by Vizy93

i downloaded it from the bleeping computer website. I saved it. Ran it. And an error came up. apparently i'm missing the regedit.exe file from my windows dir....

Thanks alot cohen anyways. I really appreciate. i hope you're enjoying school. I'm gonna try to see if i can reformatt.

Yeah, i'm really loving school

, not!

yeah, no problems,

well i'm not sure about the regedit file, can you do a repair installation and then try and run the combo fix log

GameMaster · 07-17-2008, 09:37 AM

That is just untrue. Regedit, Control Panel and Task Manager can get disabled by some Trojans. If you let me make a fix, I'll post it in the next reply.

07-17-2008, 03:25 AM	#1 (permalink)
Vizy banned Join Date: Dec 2007 Location: Los Angeles Posts: 3,896	BIG boo boo, Hijackthis log included for your pleasure Hey guys, yea its me. I recently had my uxtheme.dll file patched, which opened up a new world of underground themes and all. I was trying out a few different websites, then i came across one, which had a really cool theme. i downloaded it: Then what do you know?? A virus warning came up with avg 2008 free edition. I deleted the file, and deleted the recyclebin, then what? I was bombarded with avg notifications. so then i went online to to go download hijackthis, but my internet was slowing down...fast. I then did a search in google, 'hijackthis', and then i clicked a link...nothing. i tried everysingle link on the page, didn't work. I then clicked my bookmark for CF, that didn't work either. So i just typed in the address. That didn't work either. After that, i just disabled my wifi adapter, and i did a AVG scan. It came up with 1367 threats. It took out about a 1000 of them. then it asked for a restart. I said, sure, then it restarted and then something wierd happened, it went to windows login screen. it never does that. just goes straight to my one and only account. so then i click my name and picture, or icon. Then it logs in, and logs out. I kept doing it and nothing happened. So i restarted the comp again, and again to no avail, i just hit safemode with networking. That is where i am typing this right now, and here is my hijackthis log. btw, idk if this is ismportant or not, but i ran hijackthis through safemode. the only way i could. if i'm skrewd, please tell me, i can just reformatt it. \

07-17-2008, 03:32 AM	#4 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 15 Posts: 8,361	Hey, Pls download and run Combo Fix, i would post my code, but i don't have my document here, at school __________________ Cohen

07-17-2008, 04:32 AM	#8 (permalink)
G25r8cer Diamond Member Join Date: Feb 2008 Location: Zeeland, MI Posts: 4,799	Wow that pc is junked majorly. If it says you are missing "regedit" then the only way to get that back is a Repair Installation or a reformat. __________________ My Rig Antec 300 w/Scyth Kaze Master Asus M4A785TD-V EVO Phenom II 955BE w/ CoolerMaster V8 2 x 2gb Gskill DDR3 1600mhz Ultra X-Finity 600watt psu Samsung F3 500gb and F1 750gb XFX 8600gt XXX will be 5850 soon Logitech G25, Illuminated, and MX Revo Team Stats FOLDING FOR THE GOOD OF MANKIND F@H Team 44358

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
claims to not have activated windows? (w/ hijackthis log)	wiwazevedo	Computer Security	9	06-02-2008 11:18 AM
Hijackthis log - Werid Program?	Respital	Computer Security	3	05-19-2008 09:51 AM
Slightly Sluggish - see anything? (HijackThis Log Included)	voyagerfan99	Computer Security	0	04-27-2008 08:44 PM
Suspected Trojan (HijackThis Log Included)	GarmonXD	Computer Security	2	02-15-2008 08:27 PM
HijackThis Log	mpic92	Computer Security	2	10-30-2005 03:37 PM

07-17-2008, 03:29 AM	#2 (permalink)
Vizy banned Join Date: Dec 2007 Location: Los Angeles Posts: 3,896	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:15:43 PM, on 7/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE F:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin F:\Program Files\Mozilla Firefox\firefox.exe J:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - F:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - F:\Program Files\NetZero\Toolbar.dll O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D981FB76-12FD-4033-A60D-2C445FEB19BB}: NameServer = 192.168.1.1,4.2.2.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6387 bytes

07-17-2008, 03:29 AM	#3 (permalink)
Vizy banned Join Date: Dec 2007 Location: Los Angeles Posts: 3,896	sorry about the spelling and stuff. Also, i just wanna say thanks to whoever reads this thread and offers a wee bit of advice.

07-17-2008, 03:40 AM	#5 (permalink)
Vizy banned Join Date: Dec 2007 Location: Los Angeles Posts: 3,896	is it even possible to see anything wrong with this log?

07-17-2008, 03:42 AM	#6 (permalink)
Vizy banned Join Date: Dec 2007 Location: Los Angeles Posts: 3,896	i downloaded it from the bleeping computer website. I saved it. Ran it. And an error came up. apparently i'm missing the regedit.exe file from my windows dir.... Thanks alot cohen anyways. I really appreciate. i hope you're enjoying school. I'm gonna try to see if i can reformatt.

07-17-2008, 03:59 AM	#7 (permalink)
Vizy banned Join Date: Dec 2007 Location: Los Angeles Posts: 3,896	Ok i got back into my regular account. i was greeted with another pop up from avg. Here is another hijack this log, ran from the infected account: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:57:29 PM, on 7/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\RTHDCPL.EXE F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe F:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe F:\Program Files\Taskbar Shuffle\taskbarshuffle.exe F:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Stardock\ObjectDock\ObjectDock.exe F:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.ex e F:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Vishal\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\PeoplePC\Toolbar\ScamGrd.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - F:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - F:\Program Files\NetZero\Toolbar.dll O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - F:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - F:\Program Files\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Taskbar Shuffle] F:\Program Files\Taskbar Shuffle\taskbarshuffle.exe O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [TrueTransparency] "C:\Firefox Downloads\truetransparency-crystalxp.net-en-5139\TrueTransparency\TrueTransparency.exe" O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?') O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [Taskbar Shuffle] F:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (User '?') O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?') O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui (User '?') O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?') O4 - HKUS\S-1-5-21-1123561945-854245398-839522115-1004\..\Run: [TrueTransparency] "C:\Firefox Downloads\truetransparency-crystalxp.net-en-5139\TrueTransparency\TrueTransparency.exe" (User '?') O4 - S-1-5-21-1123561945-854245398-839522115-1004 Startup: Fuzzy Friend.lnk = C:\Documents and Settings\Vishal\Local Settings\Temp\Temporary Directory 1 for fuzzy.zip\fuzzy.exe (User '?') O4 - S-1-5-21-1123561945-854245398-839522115-1004 Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?') O4 - Startup: Fuzzy Friend.lnk = C:\Documents and Settings\Vishal\Local Settings\Temp\Temporary Directory 1 for fuzzy.zip\fuzzy.exe O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Display All Images with Full Quality - "res://F:\Program Files\NetZero\qsacc\appres.dll/228" O8 - Extra context menu item: Display Image with Full Quality - "res://F:\Program Files\NetZero\qsacc\appres.dll/227" O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D981FB76-12FD-4033-A60D-2C445FEB19BB}: NameServer = 192.168.1.1,4.2.2.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 10297 bytes