Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page

I think a got a virus - Desktopvirii

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register

 Default 

I think a got a virus - Desktopvirii




Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old 23rd Mar 2008, 15:45
Full Member
Posts: 11
 
Ok, here's my problem. I downloaded a file, opened it. Blah Blah. My background changes to a blue colour with a link on it saying: CLICK HERE TO GET RID OF VIRUSES! So I click it and it wants me to buy a program. I changed my background and i keep getting pop-ups saying the same thing as the background. SO... I scanned my computer with 6 different anti-viruses and STILL the problem persists . Oh another thing. I'm the admin but when I first got the virus it said task manager was disabled by the administrator. Help... Please...

  #2  
Old 23rd Mar 2008, 17:52
Donor VIP
Posts: 2,156
 
Try looking for a program call procces patrolon the web, I use it, it's very good for disabling running programs that shouldn't be. It works a but like the task manager, but will shutdown programs that are in your disalowed list, and will notify you if anything new pops up. try looking though that, and using the built in web search to find if the running programs are safe.

Also, try going though the stages in the sticky in this forum, which has several scans to do, which comes up with three logs, which should be posted here for people who what about them, to be able to tell you which are ok programs, and which arn't.

Hope I helped
__________________

My System: First OC

Processor(s):
Intel E2180 @ 2.85
Motherboard:
Gigabyte GA-P35-DS3L
RAM Memory:
2x1GB OCZ PC2-9200 reaper CL5
Graphics Card(s):
Gainward ATI 3850
Sound Card:
on board
Hard Drive(s):
Seagate Barracuda 7200.7 120GB
Optical Drive(s):
HITACHI DVD-ROM GD-2500
Case / PSU:
Corsair VX450
Cooling:
AC freezer7 Pro, 2x80mm, 1x90mm, 1x120mm
Network / Internet:
on board / supposedly 10Meg virgin cable
Monitor(s):
Viewsonic Vx922; Viewsonic VE702m
Operating System(s):
XP Home
  #3  
Old 24th Mar 2008, 08:20
Donor VIP
Posts: 1,799
 
you shouldn't need 6 different anti virus scanners let alone use them, its most likely adware, what anti virus protection do you have?
  #4  
Old 24th Mar 2008, 08:26
Donor VIP
Posts: 1,799
 
http://www.computer-juice.com/forums...n-guide-15254/
  #5  
Old 24th Mar 2008, 13:57
Moderator
Posts: 7,561
 
Post a HJT log from here > http://www.computer-juice.com/forums...-posting-7476/
__________________
  #6  
Old 24th Mar 2008, 15:26
Full Member
Posts: 11
 
---------------
HJT log
---------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:47 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
C:\WINDOWS\cjofklcn.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ANTIVI~1\Avast\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vystal] C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [gsgnOglhP0] C:\WINDOWS\cjofklcn.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ncix.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198446616406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Antivirus_ETC\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Antivirus_ETC\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11983 bytes
  #7  
Old 24th Mar 2008, 22:14
Moderator
Posts: 7,561
 
Uninstall one of the antivirus you have. Running two is never advised and will cause problems. Slow system, crashes and false positives.

After you have uninstalled one of the AVs

Download NoLop to your desktop from one of the links below...
  • Close any programs you have running since a reboot is required
  • Double click NoLop.exe to run it
  • Next, click the button labeled: Search and Destroy
    • Your computer will now be scanned for infected files
  • When the scan finishes, if infected, you are prompted to reboot
  • Click OK
  • Now click: REBOOT
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Post the contents of C:\NoLop.log in the next reply.
Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

----------

Download Vundofix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • When VundoFix opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

----------

Now run a new HJT scan and post that log also.

----------

Next post please add
No Lop log
Vundofix log
New HJT log
__________________
  #8  
Old 25th Mar 2008, 13:14
Full Member
Posts: 11
 
OK. No Lop and Vundofix didn't find any "problems" but I know there are. Here's the new logs and crap:

----------------
HJT Log
----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:57 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cjofklcn.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ANTIVI~1\Avast\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Vystal] C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [gsgnOglhP0] C:\WINDOWS\cjofklcn.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ncix.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198446616406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Antivirus_ETC\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Antivirus_ETC\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11533 bytes




-----------------
Vundo Log
-----------------

VundoFix V7.0.3

Scan started at 3:39:17 PM 3/25/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.3

Scan started at 4:01:44 PM 3/25/2008

Listing files found while scanning....

No infected files were found.


--------------------
No Lop Log
--------------------
NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Program Files\Mozilla Firefox
[3/25/2008]
[3:53:43 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Acoustica
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Firstclass
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Sectaskman
C:\Documents and Settings\All Users\Application Data\Songbirdvlc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Techsmith
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip
C:\Documents and Settings\All Users\Application Data\Yoyogames
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Hackaged\Application Data\Adobe
C:\Documents and Settings\Hackaged\Application Data\Avg7
C:\Documents and Settings\Hackaged\Application Data\Identities
C:\Documents and Settings\Hackaged\Application Data\Macromedia
C:\Documents and Settings\Hackaged\Application Data\Microsoft
C:\Documents and Settings\Hackaged\Application Data\Mozilla
C:\Documents and Settings\Hax\Application Data\Avg7
C:\Documents and Settings\Hax\Application Data\Identities
C:\Documents and Settings\Hax\Application Data\Microsoft
C:\Documents and Settings\Lksljksdjksdf\Application Data\Avg7
C:\Documents and Settings\Lksljksdjksdf\Application Data\Identities
C:\Documents and Settings\Lksljksdjksdf\Application Data\Microsoft
C:\Documents and Settings\Lksljksdjksdf\Application Data\Mozilla
C:\Documents and Settings\Lksljksdjksdf\Application Data\Nero
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Logmeinremoteuser\Application Data\Identities
C:\Documents and Settings\Logmeinremoteuser\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Ace Explorer
C:\Documents and Settings\Owner\Application Data\Acoustica
C:\Documents and Settings\Owner\Application Data\Adobe
C:\Documents and Settings\Owner\Application Data\Apple Computer
C:\Documents and Settings\Owner\Application Data\Avg7
C:\Documents and Settings\Owner\Application Data\Bittorrent
C:\Documents and Settings\Owner\Application Data\Clickteam
C:\Documents and Settings\Owner\Application Data\Dev-cpp
C:\Documents and Settings\Owner\Application Data\Dna
C:\Documents and Settings\Owner\Application Data\Dvdcss
C:\Documents and Settings\Owner\Application Data\Fretsonfire
C:\Documents and Settings\Owner\Application Data\Google
C:\Documents and Settings\Owner\Application Data\Gtk-2.0
C:\Documents and Settings\Owner\Application Data\Hamachi
C:\Documents and Settings\Owner\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\Identities
C:\Documents and Settings\Owner\Application Data\Installshield
C:\Documents and Settings\Owner\Application Data\Leadertech
C:\Documents and Settings\Owner\Application Data\Lego Company
C:\Documents and Settings\Owner\Application Data\Macromedia
C:\Documents and Settings\Owner\Application Data\Malwarebytes
C:\Documents and Settings\Owner\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Move Networks
C:\Documents and Settings\Owner\Application Data\Mozilla
C:\Documents and Settings\Owner\Application Data\Mxboost
C:\Documents and Settings\Owner\Application Data\Nch Swift Sound
C:\Documents and Settings\Owner\Application Data\Nero
C:\Documents and Settings\Owner\Application Data\Netscape
C:\Documents and Settings\Owner\Application Data\Nexon
C:\Documents and Settings\Owner\Application Data\Notepad++
C:\Documents and Settings\Owner\Application Data\Openoffice.org2
C:\Documents and Settings\Owner\Application Data\Opera
C:\Documents and Settings\Owner\Application Data\Qtrax1
C:\Documents and Settings\Owner\Application Data\Realworld
C:\Documents and Settings\Owner\Application Data\Securom
C:\Documents and Settings\Owner\Application Data\Styler
C:\Documents and Settings\Owner\Application Data\Sun
C:\Documents and Settings\Owner\Application Data\Superantispyware.com
C:\Documents and Settings\Owner\Application Data\Thunderbird
C:\Documents and Settings\Owner\Application Data\Utorrent
C:\Documents and Settings\Owner\Application Data\Ventrilo
C:\Documents and Settings\Owner\Application Data\Vistart
C:\Documents and Settings\Owner\Application Data\Vlc
C:\Documents and Settings\Owner\Application Data\Winrar -- EMPTY Directory


OK, please message me back if you find any crappy things that are eating my computer. I really appreciate this!
  #9  
Old 25th Mar 2008, 13:33
Moderator
Posts: 7,561
 
I have it identified, these next few steps will begin to cure it.

----------

Quote:
Uninstall one of the antivirus you have. Running two is never advised and will cause problems. Slow system, crashes and false positives.


----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------

Create An Uninstall List
  • Start HijackThis
  • Click on the Open the Misc Tools section
  • Click on the Open Uninstall Manager button.
  • Click on the Save list button and specify where you would like to save this file and click Save.
    • When you press Save button a notepad will open with the contents of that file.
  • Copy and paste that list in your reply.
----------

Next post
Combofix log
Uninstall list
A NEW Hijackthis log
__________________
  #10  
Old 25th Mar 2008, 16:00
Full Member
Posts: 11
 
Combofix takes a while, Don't it?

Combofix Log

ComboFix 08-03-25.1 - Owner 2008-03-25 18:48:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
-- Script messages for sUBs --
Findstr -MIF:/ sursen
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 17:06 . 2008-03-25 17:06 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-25 15:39 . 2008-03-25 15:39 <DIR> d-------- C:\VundoFix Backups
2008-03-25 08:28 . 2008-03-25 15:53 212 --a------ C:\delete.bat
2008-03-24 18:26 . 2008-03-24 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 18:59 . 2008-03-23 18:59 <DIR> d-------- C:\fsaua.data
2008-03-23 18:54 . 2008-03-23 18:54 3,070 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-23 18:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-23 18:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-23 18:53 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-23 18:53 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-23 18:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-23 18:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-23 18:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Acoustica
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica
2008-03-23 17:56 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-03-23 17:38 . 2008-03-23 17:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RealWorld
2008-03-23 17:37 . 2008-03-23 17:37 <DIR> d-------- C:\Program Files\RealWorld Cursor Editor
2008-03-23 02:52 . 2008-03-23 02:52 94,208 --a------ C:\WINDOWS\system32\wwxzzslu.exe
2008-03-22 20:10 . 2008-03-22 20:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Dev-Cpp
2008-03-22 20:09 . 2008-03-22 20:10 <DIR> d-------- C:\Dev-Cpp
2008-03-22 18:33 . 2008-03-22 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-22 16:01 . 2008-03-22 16:01 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-22 15:15 . 2008-03-22 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-22 15:14 . 2008-03-22 15:15 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-22 14:53 . 2008-03-22 14:53 <DIR> d-------- C:\Documents and Settings\Owner\Desktopvirii
2008-03-22 14:52 . 2008-03-22 14:52 94,208 --a------ C:\WINDOWS\system32\qyxfwuwo.exe
2008-03-22 14:52 . 2008-03-22 14:52 40,448 --a------ C:\WINDOWS\cjofklcn.exe
2008-03-22 14:48 . 2008-03-22 14:48 <DIR> d-------- C:\Program Files\ExeScript
2008-03-22 13:51 . 2008-03-22 13:51 <DIR> d-------- C:\WINDOWS\system32\test
2008-03-22 13:14 . 2008-03-22 13:17 34 --a------ C:\WINDOWS\system32\LOOKING.bat
2008-03-22 09:47 . 2008-03-22 09:52 90 --a------ C:\WINDOWS\system32\connect.bat
2008-03-21 20:44 . 2008-03-21 20:44 <DIR> d-------- C:\WINDOWS\system32\Pwned like a dinosaur
2008-03-21 20:31 . 2008-03-21 20:31 <DIR> d-------- C:\Documents and Settings\Users\Owner
2008-03-21 12:30 . 2008-03-21 12:30 <DIR> d-------- C:\WINDOWS\system32\hi
2008-03-21 07:12 . 1998-04-24 20:55 5 --a------ C:\WINDOWS\VS98ENT.MIF
2008-03-21 07:06 . 2008-03-21 07:06 <DIR> d-------- C:\~MSSETUP.T
2008-03-21 07:06 . 2008-03-21 07:11 143,300 --a------ C:\WINDOWS\vssetup.ttf
2008-03-21 07:06 . 2008-03-21 07:11 1,409 --a------ C:\WINDOWS\vssetup.for
2008-03-19 17:13 . 2008-03-19 17:13 <DIR> d-------- C:\Program Files\GrudgeMU
2008-03-19 08:13 . 2008-03-19 08:21 <DIR> d-------- C:\wget
2008-03-19 07:42 . 2008-03-22 18:24 <DIR> d-------- C:\Program Files\2Moons
2008-03-18 20:21 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-03-18 20:21 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-03-18 20:21 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-03-18 20:20 . 2008-03-25 07:38 <DIR> d-------- C:\Program Files\LogMeIn
2008-03-18 20:20 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-03-18 20:20 . 2008-03-18 20:20 1,024 --a------ C:\.rnd
2008-03-18 15:40 . 2008-03-18 15:42 <DIR> d-------- C:\Program Files\MediaCoder
2008-03-17 19:11 . 2008-03-17 19:12 <DIR> d-------- C:\Program Files\PlaneShift Steel Blue
2008-03-16 17:14 . 2008-03-16 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-16 07:39 . 2008-03-16 07:42 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-16 07:39 . 2008-03-16 07:40 <DIR> d-------- C:\Program Files\Shadowbane - Throne of Oblivion
2008-03-16 07:38 . 2008-03-16 07:38 <DIR> d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2008-03-14 18:40 . 2008-03-14 18:57 <DIR> d-------- C:\Program Files\Knight Online
2008-03-12 12:50 . 2008-03-12 12:50 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-03-11 17:29 . 2008-03-22 06:58 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-10 18:15 . 2008-03-10 18:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-03-10 18:13 . 2008-03-10 18:13 <DIR> d-------- C:\Program Files\Nero
2008-03-10 18:13 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-10 18:13 . 2008-03-10 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-09 09:53 . 2008-03-09 09:53 110,714 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-03-09 09:43 . 2008-03-09 09:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MxBoost
2008-03-09 09:39 . 2008-03-09 09:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-03-09 09:38 . 2008-03-09 09:42 <DIR> d-------- C:\Program Files\MYIE2
2008-03-09 09:35 . 2008-03-09 09:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ace Explorer
2008-03-09 09:34 . 2008-03-09 09:34 <DIR> d-------- C:\Program Files\Netscape
2008-03-09 09:34 . 2008-03-09 09:35 <DIR> d-------- C:\Program Files\Ace Explorer
2008-03-09 09:32 . 2008-03-09 09:43 <DIR> d-------- C:\Program Files\Maxthon2
2008-03-09 09:18 . 2008-03-09 09:18 <DIR> d-------- C:\Program Files\Safari
2008-03-09 09:09 . 2008-03-25 15:49 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-08 15:03 . 2008-03-08 15:03 <DIR> d-------- C:\Program Files\DNA
2008-03-08 15:03 . 2008-03-08 15:03 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-08 15:03 . 2008-03-25 18:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-03-08 15:03 . 2008-03-16 08:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LEGO Company
2008-03-08 14:45 . 2008-03-08 14:45 <DIR> d-------- C:\Program Files\LEGO Company
2008-03-08 10:29 . 2008-03-08 10:30 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-07 21:19 . 2008-03-07 21:19 <DIR> d-------- C:\Program Files\SourceTec
2008-03-07 21:19 . 2008-03-07 21:19 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-05 10:56 . 2008-03-07 21:20 <DIR> d-------- C:\DVDVideoSoft
2008-03-05 10:55 . 2008-03-05 10:55 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-05 10:55 . 2008-03-05 10:55 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-05 10:55 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-03-05 10:22 . 2008-03-05 10:22 <DIR> d-------- C:\Program Files\Veoh Networks
2008-03-04 17:15 . 2008-03-04 17:15 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-04 17:12 . 2008-03-04 17:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-04 17:12 . 2008-03-04 17:12 <DIR> dr-h----- C:\MSOCache
2008-03-03 21:01 . 2008-03-03 21:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\Program Files\TechSmith
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 22:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-03-25 21:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-25 19:49 --------- d-----w C:\Program Files\Steam
2008-03-24 22:15 --------- d-----w C:\Program Files\Java
2008-03-24 22:14 --------- d-----w C:\Program Files\Bonjour
2008-03-23 21:56 --------- d-----w C:\Program Files\VstPlugins
2008-03-22 22:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 19:06 --------- d-----w C:\Program Files\WinFlip
2008-03-22 00:26 --------- d-----w C:\Program Files\World of Warcraft
2008-03-21 14:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-16 20:59 --------- d-----w C:\Program Files\ArtMoney
2008-03-16 11:41 --------- d-----w C:\Program Files\Ubisoft
2008-03-15 00:20 --------- d-----w C:\Program Files\Qtrax_20080125
2008-03-10 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-03-09 13:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-06 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-05 16:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 01:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 01:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 01:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 00:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 00:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 00:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 00:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 00:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 00:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-27 12:58 --------- d-----w C:\Program Files\Tiger Gaming
2008-02-26 01:00 --------- d-----w C:\Program Files\PokerStars
2008-02-25 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-24 15:59 64,866 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-24 15:59 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-24 15:27 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-24 00:20 --------- d-----w C:\Program Files\TGTSoft
2008-02-23 22:18 --------- d-----w C:\Program Files\Image-Line
2008-02-23 22:18 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-02-23 20:58 --------- d-----w C:\Program Files\Styler
2008-02-23 20:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\ViStart
2008-02-23 20:48 --------- d-----w C:\Program Files\TrueTransparency
2008-02-23 20:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Styler
2008-02-21 18:16 --------- d-----w C:\Program Files\ARM Software
2008-02-21 18:00 --------- d-----w C:\Program Files\RK Autocutter
2008-02-21 14:52 --------- d-----w C:\Program Files\MoparScape
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 20:32 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-02-19 14:37 --------- d-----w C:\Program Files\PHP
2008-02-19 14:22 --------- d-----w C:\Program Files\Apache Software Foundation
2008-02-17 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-02-16 13:25 --------- d-----w C:\Program Files\InteractivePhysics2005
2008-02-16 01:25 --------- d-----w C:\Program Files\QuickTime
2008-02-16 01:25 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 21:19 --------- d-----w C:\Program Files\MySQL
2008-02-14 23:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Clickteam
2008-02-14 22:56 --------- d-----w C:\Program Files\Multimedia Fusion 2
2008-02-14 12:50 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-13 23:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-02-13 22:36 --------- d-----w C:\Program Files\Digital Transforms
2008-02-13 21:00 --------- d-----w C:\Program Files\Logitech
2008-02-13 21:00 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-13 13:17 --------- d-----w C:\Program Files\Google Hacks
2008-02-12 23:39 --------- d-----w C:\Program Files\Opera
2008-02-12 21:50 --------- d-----w C:\Program Files\Lavasoft
2008-02-12 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 21:48 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-12 21:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\Notepad++
2008-02-12 20:53 --------- d-----w C:\Program Files\Notepad++
2008-02-12 20:43 --------- d-----w C:\Program Files\Sun
2008-02-11 17:48 --------- d-----w C:\Program Files\uTorrent
2008-02-10 14:28 --------- d-----w C:\Program Files\Big Rigs Racing
2008-02-09 22:36 --------- d-----w C:\Program Files\CamStudio
2008-02-09 19:48 --------- d-----w C:\Program Files\Razer
2008-02-09 19:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 14:19 --------- d-----w C:\Program Files\Warcraft III
2008-02-09 14:17 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-09 01:33 --------- d-----w C:\Program Files\Starcraft
2008-02-08 23:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\fretsonfire
2008-02-08 23:20 --------- d-----w C:\Program Files\Frets on Fire
2008-02-08 22:02 --------- d-----w C:\Program Files\Macromedia
2008-02-08 22:02 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-06 13:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\Qtrax1
2008-02-06 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-02-06 00:09 --------- d-----w C:\Program Files\Player Worlds Support files
2008-02-05 23:20 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-02-05 21:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-05 21:38 --------- d-----w C:\Program Files\Datel
2008-02-05 01:36 --------- d-----w C:\Program Files\GIMP-2.0
2008-02-05 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-04 01:30 --------- d-----w C:\Program Files\iSofter
2008-02-04 00:46 --------- d-----w C:\Program Files\DVD Decrypter
2008-02-04 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc
2008-02-03 23:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-02-03 23:43 --------- d-----w C:\Program Files\VideoLAN
2008-02-02 01:45 --------- d-----w C:\Program Files\FirstClass
2008-02-02 01:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-02-02 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\FirstClass
2008-02-01 20:26 --------- d-----w C:\Program Files\OpenOffice.org 2.3
.

------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-02-28 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2007-12-25 12:42 1266936]
"Vystal"="C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe" [ ]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 22:42 3537968]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-13 09:11 287040]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-20 08:00 51184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 07:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 04:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 04:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 04:43 81920]
"avast!"="C:\ANTIVI~1\Avast\ashDisp.exe" [2007-12-04 09:00 79224]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 18:15 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 19:21 147456]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 18:14 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-01-19 15:09:52 624416]
MacroMaker.lnk - C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_18be6784.exe [2008-02-21 14:16:13 1078]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-05 14:03:47 3450608]
YouTube Uploader.lnk - C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 01:38:50 41041]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-08 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gsgnOglhP0"= C:\WINDOWS\cjofklcn.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-14 08:04 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\liqwids\\counter-strike source\\hl2.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 23:43]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [2008-03-23 19:03]
S3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7425704-a524-11dc-a762-001d60369498}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 12:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 18:53:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-03-25 18:56:10
ComboFix-quarantined-files.txt 2008-03-25 22:56:08
.
2008-03-12 07:01:24 --- E O F ---





ANOTHER HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:05 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cjofklcn.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Vystal] C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [gsgnOglhP0] C:\WINDOWS\cjofklcn.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ncix.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198446616406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Antivirus_ETC\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Antivirus_ETC\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11753 bytes


Is it done? I fricken' hope so. Oh well, I love you. Taking all this time for me :D
Reply
Page 1 of 3 1 23

Register

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus Log Please Help antbann Virus, Spyware & Security 5 3rd Oct 2009 09:04
Virus Question - Can anyone tell me if i may have a virus billozz Virus, Spyware & Security 1 2nd Apr 2009 13:58
My friends MAC has a virus...umm...yeah...a Virus... cheesepuff Virus, Spyware & Security 3 29th Oct 2008 12:58
Virus help jam90 Virus, Spyware & Security 1 28th Jul 2008 07:26
I think I Have a Virus mbonwick Virus, Spyware & Security 9 31st Mar 2008 12:01
Thread Tools



Translations Powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright ©2006 - 2010 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.