Sabii

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Sabii

  • Rank
    Newbie
  1. Oh sorry bout that ComboFix 08-05-01.3 - Agent N 2008-05-03 17:57:10.1 - NTFSx86 Running from: C:\Users\Agent N\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))) . 2008-04-29 23:59 . 2008-04-29 23:59 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-04-29 19:21 . 2008-04-29 19:21 <DIR> d-------- C:\VundoFix Backups 2008-04-28 15:49 . 2008-04-28 15:55 <DIR> d-------- C:\Windows\Repair 2008-04-28 15:46 . 2008-04-28 15:46 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Systweak 2008-04-28 15:44 . 2008-04-28 15:45 <DIR> d-------- C:\Program Files\Advanced System Optimizer 2008-04-26 12:51 . 2008-04-26 12:51 <DIR> d-------- C:\Windows\Sun 2008-04-25 08:16 . 2008-04-25 08:16 <DIR> d-------- C:\Program Files\RegCleaner 2008-04-24 18:53 . 2008-04-24 19:26 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Symantec 2008-04-23 20:14 . 2008-04-23 20:14 1,409 --a------ C:\Windows\QTFont.for 2008-04-23 19:50 . 2008-04-30 00:02 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-04-23 19:48 . 2008-04-30 00:12 <DIR> d-------- C:\Program Files\Symantec 2008-04-22 22:17 . 2008-04-22 22:16 691,545 --a------ C:\Windows\unins000.exe 2008-04-22 22:17 . 2008-04-22 22:17 2,543 --a------ C:\Windows\unins000.dat 2008-04-22 02:47 . 2008-04-28 16:43 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Orbit 2008-04-22 02:47 . 2008-04-22 02:47 <DIR> d-------- C:\Downloads 2008-04-22 01:31 . 2008-04-22 01:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\ProgramData\WLInstaller 2008-04-21 13:33 . 2008-04-21 13:46 <DIR> d-------- C:\VueScan 2008-04-21 09:22 . 2008-04-21 09:22 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-09 06:54 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-09 06:54 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-09 06:54 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-09 06:54 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-09 06:54 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 06:54 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 06:54 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 06:54 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-09 06:54 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-09 06:53 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-04-09 06:52 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-04-09 06:48 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-04-09 06:48 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iTunes 2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-03 15:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-05-03 15:14 --------- d---a-w C:\ProgramData\TEMP 2008-04-30 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-30 04:12 --------- d-----w C:\ProgramData\Symantec 2008-04-30 02:39 --------- d-----w C:\Program Files\HP Games 2008-04-30 02:32 --------- d-----w C:\ProgramData\WildTangent 2008-04-29 21:06 --------- d-----w C:\Users\Agent N\AppData\Roaming\BitTorrent 2008-04-28 20:43 --------- d-----w C:\Users\Agent N\AppData\Roaming\GetRightToGo 2008-04-28 20:42 --------- d-----w C:\ProgramData\iWin Games 2008-04-28 20:42 --------- d-----w C:\Program Files\LimeWire 2008-04-28 17:53 --------- d-----w C:\Program Files\Canon 2008-04-28 17:49 --------- d-----w C:\Program Files\Google 2008-04-28 17:44 --------- d-----w C:\Program Files\Real 2008-04-28 17:35 --------- d-----w C:\ProgramData\Skype 2008-04-28 17:31 --------- d-----w C:\Program Files\NCH Swift Sound 2008-04-28 17:28 --------- d-----w C:\Program Files\Trillian 2008-04-28 17:28 --------- d-----w C:\Program Files\Total Video Converter 2008-04-28 17:27 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-28 17:20 --------- d-----w C:\Program Files\The Weather Channel FW 2008-04-25 00:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-25 00:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-24 04:26 --------- d-----w C:\ProgramData\FLEXnet 2008-04-23 06:07 --------- d-----w C:\Users\Agent N\AppData\Roaming\FileZilla 2008-04-23 01:19 --------- d-----w C:\ProgramData\HP 2008-04-23 01:15 --------- d-----w C:\Users\Agent N\AppData\Roaming\Yahoo! 2008-04-23 01:15 --------- d-----w C:\ProgramData\Yahoo! 2008-04-23 01:15 --------- d-----w C:\Program Files\Yahoo! 2008-04-21 17:21 --------- d-----w C:\Users\Agent N\AppData\Roaming\Lasersoft Imaging 2008-04-15 13:11 --------- d-----w C:\Users\Agent N\AppData\Roaming\LimeWire 2008-04-10 07:25 --------- d-----w C:\Program Files\Windows Mail 2008-04-10 07:16 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-08 03:46 --------- d-----w C:\Program Files\QuickTime 2008-04-04 14:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-03 03:43 --------- d-----w C:\ProgramData\ALM 2008-04-03 02:30 --------- d-----w C:\ProgramData\Roxio 2008-03-25 06:27 --------- d-----w C:\Users\Agent N\AppData\Roaming\Apple Computer 2008-03-20 18:39 --------- d-----r C:\Users\Agent N\AppData\Roaming\Brother 2008-03-18 19:59 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-03-18 19:52 --------- d-----w C:\Program Files\Bonjour 2008-03-18 19:31 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-18 04:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-18 04:38 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-03-18 01:50 --------- d-----w C:\ProgramData\Sony 2008-03-18 01:49 --------- d-----w C:\Program Files\Sony 2008-03-18 01:34 --------- d-----w C:\Users\Agent N\AppData\Roaming\dvdcss 2008-03-17 05:41 --------- d-----w C:\Program Files\iWin.com Games 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-14 06:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 06:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 06:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 06:17 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 06:17 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 06:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 06:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 06:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 06:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 06:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-14 06:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 06:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 06:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2007-12-06 08:48 27,525 ----a-w C:\Users\Agent N\AppData\Roaming\nvModes.dat 2007-10-16 16:05 174 --sha-w C:\Program Files\desktop.ini 2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-16 17:57 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-10-15 23:25 22 --sha-w C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728] "Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:55 919280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 05:57 1006264] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-08 22:57 8433664] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 18:38 583048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk backup=C:\Windows\pss\Vongo Tray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Agent N^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Users\Agent N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\Windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Agent N^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=C:\Users\Agent N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=C:\Windows\pss\YouTube Uploader.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\147fba20] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2007-10-15 20:45 286016 C:\Users\Agent N\Program Files\BitTorrent_DNA\dna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM174c89bc] C:\Users\AGENTN~1\AppData\Local\Temp\bvwydkxi.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] --------- 2007-07-31 21:37 815104 C:\Program Files\Brownie\BrstsWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds] C:\Users\AGENTN~1\AppData\Local\Temp\byXRkJbA.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] --a------ 2007-03-12 14:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-05-08 16:24 54840 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] --a------ 2007-03-20 18:23 1773568 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2007-03-01 16:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] --a------ 2007-06-27 10:28 189440 C:\Windows\System32\M-AudioTaskBarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-07-08 22:57 81920 C:\Windows\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-07-08 22:57 86016 C:\Windows\system32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2007-02-13 14:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2007-04-23 21:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup] C:\Users\AGENTN~1\AppData\Local\Temp\NERO13899\Setupx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2007-09-15 06:50 1021224 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] --a------ 2007-09-15 06:29 102400 C:\Program Files\Synaptics\SynTP\SynTPStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-10-30 14:15 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] --a------ 2007-01-10 19:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{C3E6D97D-27D1-442E-90D3-5D8BC0C51B93}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{9ACF4F2C-C73D-493C-AE92-F439822FD373}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{80385244-1421-485C-A348-EAE53E8D8EEF}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{2476A15D-F118-465D-BD25-6F1B688F49FB}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{EBCFE101-7432-4EDF-B0A3-1CAE926F1436}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{57656F89-C756-40AA-9B51-93C259A9E620}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{9FE0A2FE-8BE4-475A-BDA5-B068D2130E28}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{8CAB71B3-6DFE-4C81-8FF3-9F709431CDE5}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{7EA693A6-7109-4531-9A71-5DFBCB63C546}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian "UDP Query User{7A7C58DE-E948-4851-91A4-40232984895A}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian "TCP Query User{AA050432-BD77-43D6-B3C5-8803BB7A9F22}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{9E6B6440-1FED-4DC9-8EE2-A3969B9CD9B7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{4070073F-A3EA-49B6-A836-76D301FEFFAF}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{A185E90A-6CB4-464F-A3A3-CE2B7870F216}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{6558277D-18F6-4BA1-A786-884AD3657731}C:\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\program files\bittorrent_dna\dna.exe:dna "UDP Query User{36F11B42-C206-4E92-8626-3EC5B4CB31E9}C:\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\program files\bittorrent_dna\dna.exe:dna "{BDF33702-AA8F-4C51-BD9E-0C233A42D7F4}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour "{A612F9F5-15A5-495D-9462-6E98786C0C79}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{EA5D8596-091E-4C6B-88E6-8D3A0CEB8428}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{35452F7B-B533-43B2-9DDD-9FECF751E5EB}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{772C35EC-07A9-4125-A671-AF75E6FC7FD8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{BDC09991-B0F8-4C56-9490-D5594F59F02F}"= UDP:3703:Adobe Version Cue CS3 Server "{74214435-130E-4589-B1F8-784DC0176B07}"= UDP:3704:Adobe Version Cue CS3 Server "{C530D21B-9F48-429D-A3BA-BBB30EF9F6F3}"= UDP:50900:Adobe Version Cue CS3 Server "{736F6216-2693-44CA-877E-04EE2DC53912}"= UDP:50901:Adobe Version Cue CS3 Server "{2E86FCCC-C226-42CF-94FE-620296E3F90E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{D90E8BBC-391E-4D78-911D-A3A646177EF7}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{17AA1BA9-1DAE-492B-8B72-1FB93FBC7BBB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{35D53AF4-0C10-4DC7-BEEF-C8085D87B70D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{BC3312EA-CBCB-4604-A6A6-6796630F3916}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 MAudioMobilePreService;M-Audio MobilePre Installer;C:\Program Files\M-Audio\MobilePre\MAUSBMPInst.exe [2007-06-27 15:21] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 10:27] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 19:50] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50] S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);C:\Windows\system32\DRIVERS\mausbmp.sys [2007-06-27 10:35] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 [] S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2006-11-02 05:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42f5fb43-8963-11dc-88af-001b248a4131}] \shell\AutoRun\command - F:\Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-05-03 03:12:11 C:\Windows\Tasks\User_Feed_Synchronization-{C3870F1A-B1B4-4499-9F20-CBA7293938B0}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-03 18:12:37 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\wlanext.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-05-03 18:22:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-03 22:22:39 Pre-Run: 45,758,722,048 bytes free Post-Run: 45,527,625,728 bytes free 321 --- E O F --- 2008-05-01 23:06:32
  2. alllrighty this is what I got... first the combofix log ComboFix 08-05-01.3 - Agent N 2008-05-03 17:57:10.1 - NTFSx86 Running from: C:\Users\Agent N\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))) . 2008-04-29 23:59 . 2008-04-29 23:59 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-04-29 19:21 . 2008-04-29 19:21 <DIR> d-------- C:\VundoFix Backups 2008-04-28 15:49 . 2008-04-28 15:55 <DIR> d-------- C:\Windows\Repair 2008-04-28 15:46 . 2008-04-28 15:46 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Systweak 2008-04-28 15:44 . 2008-04-28 15:45 <DIR> d-------- C:\Program Files\Advanced System Optimizer 2008-04-26 12:51 . 2008-04-26 12:51 <DIR> d-------- C:\Windows\Sun 2008-04-25 08:16 . 2008-04-25 08:16 <DIR> d-------- C:\Program Files\RegCleaner 2008-04-24 18:53 . 2008-04-24 19:26 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Symantec 2008-04-23 20:14 . 2008-04-23 20:14 1,409 --a------ C:\Windows\QTFont.for 2008-04-23 19:50 . 2008-04-30 00:02 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-04-23 19:48 . 2008-04-30 00:12 <DIR> d-------- C:\Program Files\Symantec 2008-04-22 22:17 . 2008-04-22 22:16 691,545 --a------ C:\Windows\unins000.exe 2008-04-22 22:17 . 2008-04-22 22:17 2,543 --a------ C:\Windows\unins000.dat 2008-04-22 02:47 . 2008-04-28 16:43 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Orbit 2008-04-22 02:47 . 2008-04-22 02:47 <DIR> d-------- C:\Downloads 2008-04-22 01:31 . 2008-04-22 01:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\ProgramData\WLInstaller 2008-04-21 13:33 . 2008-04-21 13:46 <DIR> d-------- C:\VueScan 2008-04-21 09:22 . 2008-04-21 09:22 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-09 06:54 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-09 06:54 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-09 06:54 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-09 06:54 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-09 06:54 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 06:54 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 06:54 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 06:54 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-09 06:54 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-09 06:53 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-04-09 06:52 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-04-09 06:48 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-04-09 06:48 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iTunes 2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-03 15:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-05-03 15:14 --------- d---a-w C:\ProgramData\TEMP 2008-04-30 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-30 04:12 --------- d-----w C:\ProgramData\Symantec 2008-04-30 02:39 --------- d-----w C:\Program Files\HP Games 2008-04-30 02:32 --------- d-----w C:\ProgramData\WildTangent 2008-04-29 21:06 --------- d-----w C:\Users\Agent N\AppData\Roaming\BitTorrent 2008-04-28 20:43 --------- d-----w C:\Users\Agent N\AppData\Roaming\GetRightToGo 2008-04-28 20:42 --------- d-----w C:\ProgramData\iWin Games 2008-04-28 20:42 --------- d-----w C:\Program Files\LimeWire 2008-04-28 17:53 --------- d-----w C:\Program Files\Canon 2008-04-28 17:49 --------- d-----w C:\Program Files\Google 2008-04-28 17:44 --------- d-----w C:\Program Files\Real 2008-04-28 17:35 --------- d-----w C:\ProgramData\Skype 2008-04-28 17:31 --------- d-----w C:\Program Files\NCH Swift Sound 2008-04-28 17:28 --------- d-----w C:\Program Files\Trillian 2008-04-28 17:28 --------- d-----w C:\Program Files\Total Video Converter 2008-04-28 17:27 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-28 17:20 --------- d-----w C:\Program Files\The Weather Channel FW 2008-04-25 00:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-25 00:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-24 04:26 --------- d-----w C:\ProgramData\FLEXnet 2008-04-23 06:07 --------- d-----w C:\Users\Agent N\AppData\Roaming\FileZilla 2008-04-23 01:19 --------- d-----w C:\ProgramData\HP 2008-04-23 01:15 --------- d-----w C:\Users\Agent N\AppData\Roaming\Yahoo! 2008-04-23 01:15 --------- d-----w C:\ProgramData\Yahoo! 2008-04-23 01:15 --------- d-----w C:\Program Files\Yahoo! 2008-04-21 17:21 --------- d-----w C:\Users\Agent N\AppData\Roaming\Lasersoft Imaging 2008-04-15 13:11 --------- d-----w C:\Users\Agent N\AppData\Roaming\LimeWire 2008-04-10 07:25 --------- d-----w C:\Program Files\Windows Mail 2008-04-10 07:16 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-08 03:46 --------- d-----w C:\Program Files\QuickTime 2008-04-04 14:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-03 03:43 --------- d-----w C:\ProgramData\ALM 2008-04-03 02:30 --------- d-----w C:\ProgramData\Roxio 2008-03-25 06:27 --------- d-----w C:\Users\Agent N\AppData\Roaming\Apple Computer 2008-03-20 18:39 --------- d-----r C:\Users\Agent N\AppData\Roaming\Brother 2008-03-18 19:59 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-03-18 19:52 --------- d-----w C:\Program Files\Bonjour 2008-03-18 19:31 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-18 04:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-18 04:38 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-03-18 01:50 --------- d-----w C:\ProgramData\Sony 2008-03-18 01:49 --------- d-----w C:\Program Files\Sony 2008-03-18 01:34 --------- d-----w C:\Users\Agent N\AppData\Roaming\dvdcss 2008-03-17 05:41 --------- d-----w C:\Program Files\iWin.com Games 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-14 06:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 06:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 06:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 06:17 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 06:17 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 06:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 06:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 06:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 06:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 06:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-14 06:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 06:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 06:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2007-12-06 08:48 27,525 ----a-w C:\Users\Agent N\AppData\Roaming\nvModes.dat 2007-10-16 16:05 174 --sha-w C:\Program Files\desktop.ini 2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-16 17:57 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-10-15 23:25 22 --sha-w C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728] "Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:55 919280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 05:57 1006264] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-08 22:57 8433664] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 18:38 583048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk backup=C:\Windows\pss\Vongo Tray.lnk.CommonStartup backupExtension=.CommonStartup now the HjT log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:28:25 AM, on 5/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Agent N\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing) O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: M-Audio MobilePre Installer (MAudioMobilePreService) - Avid Technology, Inc. - C:\Program Files\M-Audio\MobilePre\MAUSBMPInst.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8083 bytes
  3. tyvm I shall give this a shot this weekend and reply with what happened again tyvm
  4. Hi, Last week my GF said her laptop started acting weird, IE would spam "pop-unders", Explorer would hang and crash, Yahoo chat wouldn't log in and Firefox would hang and crash on start up. She ran spybot, NAV, and Adaware which fixed if for a little bit then it started again. I had mentioned Vundo and immediately she said that what one of the pop-ups said. So we ran Vundo Fix, which found nothing. at this point if it were my computer I would have wiped the hard drive and reinstalled everything..BUT she doesn't want to do that so we ran Hijack this and got. Scan saved at 7:03:40 PM, on 4/29/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\Explorer.EXE C:\Program Files\WinRAR\WinRAR.exe C:\Users\Agent N\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AGENTN~1\AppData\Local\Temp\byXRkJbA.dll,c O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe" O4 - HKCU\..\Run: [147fba20] rundll32.exe "C:\Users\AGENTN~1\AppData\Local\Temp\gsvxtyym.dll",b O4 - HKCU\..\Run: [bM174c89bc] Rundll32.exe "C:\Users\AGENTN~1\AppData\Local\Temp\ukfprevp.dll",s O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: M-Audio MobilePre Installer (MAudioMobilePreService) - Avid Technology, Inc. - C:\Program Files\M-Audio\MobilePre\MAUSBMPInst.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7503 bytes Thanks in advance