Sponsored By

keenankern

Members
  • Content Count

    14
  • Joined

  • Last visited

About keenankern

  • Rank
    Member
  1. keenankern

    Burnt Signature Evil

    Not really sure, I'd just use a different render.
  2. keenankern

    Burnt Signature Evil

    6/10 Looks nice but you just kinda' chopped off the picture on the right. It cuts off half the symbol and leaves an orange line in the middle. The left side looks like there's some gigantic pixels on his hair. Last but not least, the font could be different. If you're just glancing at it, it doesn't really catch the eye or appeal to me in anyway. Just experiment with more text effects, and also try to blend things together better. Keenan
  3. keenankern

    Virus Time[INACTIVE]

    ComboFix 09-01-21.02 - Keeno 2009-01-21 17:41:48.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1609 [GMT -6:00] Running from: c:\documents and settings\Keeno\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Keeno\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\abusalel.ini c:\windows\system32\afofamuy.ini c:\windows\system32\afubukun.ini c:\windows\system32\alezikis.ini c:\windows\system32\alusuzar.ini c:\windows\system32\asovojop.ini c:\windows\system32\bizugosi.dll c:\windows\system32\brofdx.dll c:\windows\system32\bubedena.dll c:\windows\system32\bupuyafo.dll c:\windows\system32\cwsmrt.dll c:\windows\system32\dafanole.dll c:\windows\system32\dihusivu.dll c:\windows\system32\divimuvo.dll c:\windows\system32\duvabova.dll c:\windows\system32\ejimeren.ini c:\windows\system32\elonafad.ini c:\windows\system32\fetijonu.dll c:\windows\system32\fijiveni.dll c:\windows\system32\fuehmu.dll c:\windows\system32\geniweji.dll c:\windows\system32\gigiweme.dll c:\windows\system32\gijeluhe.dll c:\windows\system32\gogogahi.dll c:\windows\system32\hefihiru.dll c:\windows\system32\herawuve.dll c:\windows\system32\hezjte.dll c:\windows\system32\hijagolu.dll c:\windows\system32\howefapi.dll c:\windows\system32\hunayeko.dll c:\windows\system32\huvifima.dll c:\windows\system32\ijewineg.ini c:\windows\system32\jakokoba.dll c:\windows\system32\jemjnb.dll c:\windows\system32\kjjeyd.dll c:\windows\system32\koveranu.dll c:\windows\system32\lazimiki.dll c:\windows\system32\lelasuba.dll c:\windows\system32\mileyige.dll c:\windows\system32\nikalute.dll c:\windows\system32\nisawoyi.dll c:\windows\system32\nqtcml.dll c:\windows\system32\nugedoka.dll c:\windows\system32\nukubufa.dll c:\windows\system32\obinihut.ini c:\windows\system32\okonatuv.ini c:\windows\system32\pebigamu.dll c:\windows\system32\pehuraba.dll c:\windows\system32\pogewaso.dll c:\windows\system32\pojovosa.dll c:\windows\system32\pokihuyi.dll c:\windows\system32\ravufuge.dll c:\windows\system32\razusula.dll c:\windows\system32\reziguge.dll c:\windows\system32\rihuhavu.dll c:\windows\system32\rituvuza.dll c:\windows\system32\rudagitu.dll c:\windows\system32\ruyupuno.dll c:\windows\system32\sikizela.dll c:\windows\system32\subirahu.dll c:\windows\system32\sumovena.dll c:\windows\system32\tareniva.dll c:\windows\system32\telowewa.dll c:\windows\system32\tepaduve.dll c:\windows\system32\tpdzbi.dll c:\windows\system32\tuhinibo.dll c:\windows\system32\turenugu.dll c:\windows\system32\unojitef.ini c:\windows\system32\upigihez.ini c:\windows\system32\urihifeh.ini c:\windows\system32\uvahuhir.ini c:\windows\system32\vafubamu.dll c:\windows\system32\viliwesi.dll c:\windows\system32\vosevodi.dll c:\windows\system32\vumeburi.dll c:\windows\system32\vutanoko.dll c:\windows\system32\yivudosu.dll c:\windows\system32\yuzuzunu.dll c:\windows\system32\zehigipu.dll c:\windows\system32\zuqhjh.dll ----- BITS: Possible infected sites ----- hxxp://childhe.com hxxp://77.74.48.105 . ((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))) . 2009-01-17 22:30 . 2009-01-18 01:49 <DIR> d-------- c:\program files\TalismanOnline 2009-01-16 20:02 . 2009-01-16 22:45 <DIR> d-------- c:\program files\DofusArena2 2009-01-15 10:35 . 2009-01-15 10:35 244 --ah----- C:\sqmnoopt18.sqm 2009-01-15 10:35 . 2009-01-15 10:35 232 --ah----- C:\sqmdata18.sqm 2009-01-13 22:23 . 2009-01-13 22:23 268 --ah----- C:\sqmdata17.sqm 2009-01-13 22:23 . 2009-01-13 22:23 244 --ah----- C:\sqmnoopt17.sqm 2009-01-12 16:37 . 2009-01-12 16:37 244 --ah----- C:\sqmnoopt16.sqm 2009-01-12 16:37 . 2009-01-12 16:37 232 --ah----- C:\sqmdata16.sqm 2009-01-07 17:01 . 2009-01-16 21:39 <DIR> d-------- C:\Downloads 2009-01-05 16:20 . 2009-01-05 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Search Settings 2009-01-02 22:06 . 2009-01-02 22:06 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1ODUwMTN8_ 2009-01-02 22:06 . 2009-01-02 22:11 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus 2009-01-02 21:44 . 2009-01-02 21:44 72,192 --a------ c:\windows\system32\hgGwXOFX.dll 2009-01-02 21:44 . 2009-01-02 21:44 40,448 --a------ c:\windows\system32\k9261108.exe 2008-12-30 00:17 . 2008-12-30 00:17 268 --ah----- C:\sqmdata15.sqm 2008-12-30 00:17 . 2008-12-30 00:17 268 --ah----- C:\sqmdata14.sqm 2008-12-30 00:17 . 2008-12-30 00:17 244 --ah----- C:\sqmnoopt15.sqm 2008-12-30 00:17 . 2008-12-30 00:17 244 --ah----- C:\sqmnoopt14.sqm 2008-12-28 17:55 . 2008-12-28 17:55 268 --ah----- C:\sqmdata13.sqm 2008-12-28 17:55 . 2008-12-28 17:55 244 --ah----- C:\sqmnoopt13.sqm 2008-12-24 18:07 . 2005-02-01 14:20 5,760,056 --a------ c:\windows\Darkstar.bmp 2008-12-24 18:06 . 2008-12-24 18:06 5,760,054 --a------ c:\windows\ALX_1600x1200.bmp 2008-12-24 18:04 . 2008-12-24 18:10 3,932,214 --a------ c:\windows\AW_XenoMorph1280.bmp 2008-12-24 18:03 . 2008-12-24 18:03 <DIR> d-------- c:\program files\Common Files\Stardock 2008-12-24 18:03 . 2008-12-24 18:07 <DIR> d-------- c:\program files\AlienGUIse 2008-12-24 18:03 . 2003-02-26 22:27 36,864 --a------ c:\windows\system32\wbsys.dll 2008-12-24 18:03 . 2008-12-24 18:03 56 --a------ c:\windows\wb.ini 2008-12-24 15:45 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-24 15:45 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-08 00:55 --------- d-----w c:\program files\WarRock 2009-01-07 23:57 --------- d-----w c:\program files\Bots 2008-12-27 03:17 --------- d-----w c:\program files\AIM6 2008-12-27 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-12-21 20:34 --------- d-----w c:\program files\Workspace Macro Pro 6.5 2008-12-21 20:33 --------- d-----w c:\program files\Total Video Converter 2008-12-21 20:31 --------- d-----w c:\program files\Cheat Engine 2008-12-21 20:29 --------- d-----w c:\program files\Starcraft 2008-12-21 20:28 --------- d-----w c:\program files\SwiftSwitch 2008-12-21 20:28 --------- d-----w c:\program files\SwiftKit 2008-12-21 01:10 --------- d-----w c:\program files\Dofus 2008-10-27 23:22 121,396 -c--a-w c:\program files\lalalala.exe 2008-07-25 03:19 23 -c--a-w c:\documents and settings\Keeno\jagex_runescape_preferences.dat 2008-03-18 20:43 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-10-12 20:02 121 -c--a-w c:\documents and settings\Keeno\Install_WLMessenger.exe 2007-09-22 05:26 9,870,032 -c--a-w c:\documents and settings\Keeno\fp2006-final-3.00-setup.zip 2007-09-22 04:07 241,664 -c--a-w c:\program files\Uninstall Ask Toolbar.dll 2008-12-21 03:47 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-21 03:47 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-21 03:47 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-21 03:47 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-21 03:47 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-21 15:22 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((( [email protected]_17.13.47.84 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 14:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 14:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2009-01-05 22:22:57 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-18 01:00:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-05 22:22:57 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-18 01:00:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-18 01:00:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011720090118\index.dat + 2009-01-13 00:26:51 78,924 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat + 2009-01-18 01:00:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-16 05:33:57 127,789 --sha-w c:\windows\system32\ligalijo.dll + 2009-01-15 16:33:36 127,743 --sha-w c:\windows\system32\puwukehe.dll + 2009-01-15 17:33:46 127,969 --sha-w c:\windows\system32\zobumava.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 185896] "SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-12-06 1069920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "tozopimema"="c:\windows\system32\dotipiwu.dll" [bU] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Keeno\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-12-24 2074360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-27 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=G G,c:\windows\system32\neganosu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Keeno^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Keeno\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-01-03 10:15 50528 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a--c--- 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] -----c--- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a--c--- 2005-09-20 08:32 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a--c--- 2005-09-20 08:36 114688 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a--c--- 2005-09-20 08:35 94208 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2007-06-26 21:10 317440 c:\windows\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Bots\\bots.dat"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "\\\\Mah-pc\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\nvsvc32.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"= "c:\\Program Files\\Windows Live Toolbar\\msn_sl.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"= "c:\\Program Files\\AlienGUIse\\wbload.exe"= "c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43594:TCP"= 43594:TCP:RSPS "20738:TCP"= 20738:TCP:BitCometLite 20738 TCP "20738:UDP"= 20738:UDP:BitCometLite 20738 UDP R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-30 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d20604e-75f2-11dc-ae36-001676aa3570}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-01-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2009-01-21 c:\windows\Tasks\tujvdgkg.job - c:\windows\system32\hgGwXOFX.dll [2009-01-02 21:44] . - - - - ORPHANS REMOVED - - - - BHO-{0e75ccb8-9cc0-4824-b946-2f9a9d5a9b7b} - c:\windows\system32\fijiveni.dll BHO-{94807b61-05f3-47f5-925c-d459d9ce2f95} - c:\windows\system32\brofdx.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://centurytel.myway.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Keeno\Application Data\Mozilla\Firefox\Profiles\dtjkidwf.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p= FF - component: c:\documents and settings\Keeno\Application Data\Mozilla\Firefox\Profiles\dtjkidwf.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 17:46:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-2025429265-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\rundll32.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2009-01-21 17:56:59 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-21 23:56:39 ComboFix2.txt 2009-01-21 23:37:25 ComboFix3.txt 2009-01-06 03:44:29 ComboFix4.txt 2009-01-05 23:14:19 Pre-Run: 32,297,488,384 bytes free Post-Run: 32,252,395,520 bytes free 342 --- E O F --- 2008-12-18 04:32:44
  4. keenankern

    Virus Time[INACTIVE]

    I can now use my browser, the internet is working. Here's the log: ComboFix 09-01-05.03 - Keeno 2009-01-05 21:39:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1657 [GMT -6:00] Running from: c:\documents and settings\Keeno\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Keeno\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))))) . 2009-01-05 21:28 . 2008-04-13 18:12 82,432 ---h---t- c:\windows\system32\27840fb0.dll 2009-01-05 21:28 . 2008-04-13 18:12 82,432 ---h---t- c:\windows\system32\1ece69a.dll 2009-01-05 16:20 . 2009-01-05 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Search Settings 2009-01-02 22:06 . 2009-01-02 22:06 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1ODUwMTN8_ 2009-01-02 22:06 . 2009-01-02 22:11 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus 2009-01-02 21:44 . 2009-01-02 21:44 72,192 --a------ c:\windows\system32\hgGwXOFX.dll 2009-01-02 21:44 . 2009-01-02 21:44 40,448 --a------ c:\windows\system32\k9261108.exe 2008-12-30 00:17 . 2008-12-30 00:17 268 --ah----- C:\sqmdata15.sqm 2008-12-30 00:17 . 2008-12-30 00:17 268 --ah----- C:\sqmdata14.sqm 2008-12-30 00:17 . 2008-12-30 00:17 244 --ah----- C:\sqmnoopt15.sqm 2008-12-30 00:17 . 2008-12-30 00:17 244 --ah----- C:\sqmnoopt14.sqm 2008-12-28 17:55 . 2008-12-28 17:55 268 --ah----- C:\sqmdata13.sqm 2008-12-28 17:55 . 2008-12-28 17:55 244 --ah----- C:\sqmnoopt13.sqm 2008-12-24 18:07 . 2005-02-01 14:20 5,760,056 --a------ c:\windows\Darkstar.bmp 2008-12-24 18:06 . 2008-12-24 18:06 5,760,054 --a------ c:\windows\ALX_1600x1200.bmp 2008-12-24 18:04 . 2008-12-24 18:10 3,932,214 --a------ c:\windows\AW_XenoMorph1280.bmp 2008-12-24 18:03 . 2008-12-24 18:03 <DIR> d-------- c:\program files\Common Files\Stardock 2008-12-24 18:03 . 2008-12-24 18:07 <DIR> d-------- c:\program files\AlienGUIse 2008-12-24 18:03 . 2003-02-26 22:27 36,864 --a------ c:\windows\system32\wbsys.dll 2008-12-24 18:03 . 2008-12-24 18:03 56 --a------ c:\windows\wb.ini 2008-12-24 15:45 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-24 15:45 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-12-11 22:07 . 2008-12-11 22:07 268 --ah----- C:\sqmdata12.sqm 2008-12-11 22:07 . 2008-12-11 22:07 244 --ah----- C:\sqmnoopt12.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-03 04:44 --------- d-----w c:\program files\Bots 2008-12-27 03:17 --------- d-----w c:\program files\AIM6 2008-12-27 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-12-21 20:34 --------- d-----w c:\program files\Workspace Macro Pro 6.5 2008-12-21 20:33 --------- d-----w c:\program files\Total Video Converter 2008-12-21 20:31 --------- d-----w c:\program files\Cheat Engine 2008-12-21 20:29 --------- d-----w c:\program files\Starcraft 2008-12-21 20:28 --------- d-----w c:\program files\SwiftSwitch 2008-12-21 20:28 --------- d-----w c:\program files\SwiftKit 2008-12-21 01:10 --------- d-----w c:\program files\Dofus 2008-12-19 03:53 --------- d-----w c:\program files\WarRock 2008-11-07 23:37 --------- d-----w c:\program files\Alwil Software 2008-10-27 23:22 121,396 -c--a-w c:\program files\lalalala.exe 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-19 04:31 182,928 -c--a-w c:\windows\system32\PnkBstrB.exe 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-09 00:47 42,320 ----a-w c:\windows\system32\xfcodec.dll 2008-07-25 03:19 23 -c--a-w c:\documents and settings\Keeno\jagex_runescape_preferences.dat 2008-03-18 20:43 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-10-12 20:02 121 -c--a-w c:\documents and settings\Keeno\Install_WLMessenger.exe 2007-09-22 05:26 9,870,032 -c--a-w c:\documents and settings\Keeno\fp2006-final-3.00-setup.zip 2007-09-22 04:07 241,664 -c--a-w c:\program files\Uninstall Ask Toolbar.dll 2008-12-21 03:47 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-21 03:47 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-21 03:47 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-21 03:47 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-21 03:47 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-21 15:22 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 185896] "SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-12-06 1069920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Keeno\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-12-24 2074360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-27 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Keeno^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Keeno\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-01-03 10:15 50528 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a--c--- 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] -----c--- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a--c--- 2005-09-20 08:32 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a--c--- 2005-09-20 08:36 114688 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a--c--- 2005-09-20 08:35 94208 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2007-06-26 21:10 317440 c:\windows\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Bots\\bots.dat"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "\\\\Mah-pc\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43594:TCP"= 43594:TCP:RSPS R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-30 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d20604e-75f2-11dc-ae36-001676aa3570}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-01-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2009-01-06 c:\windows\Tasks\tujvdgkg.job - c:\windows\system32\rundll32.exe [2008-04-13 18:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://centurytel.myway.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab c:\windows\Downloaded Program Files\GoPetsWeb.inf FF - ProfilePath - c:\documents and settings\Keeno\Application Data\Mozilla\Firefox\Profiles\dtjkidwf.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p= FF - component: c:\documents and settings\Keeno\Application Data\Mozilla\Firefox\Profiles\dtjkidwf.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 21:41:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-2025429265-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\program files\AlienGUIse\fastload.dll . Completion time: 2009-01-05 21:44:27 ComboFix-quarantined-files.txt 2009-01-06 03:43:10 ComboFix2.txt 2009-01-05 23:14:19 Pre-Run: 33,931,177,984 bytes free Post-Run: 33,926,680,576 bytes free 221 --- E O F --- 2008-12-18 04:32:44
  5. keenankern

    Virus Time[INACTIVE]

    ComboFix 09-01-05.02 - Keeno 2009-01-05 16:50:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1735 [GMT -6:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\program files\Rapid Antivirus c:\program files\Rapid Antivirus\Uninstall.exe c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\20ae0f0.dll c:\windows\system32\2KPeLX26.exe.a_a c:\windows\system32\config\systemprofile\Desktop\Rapid Antivirus.lnk c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekawswwqjnt.sys c:\windows\system32\ecxbwv.dll c:\windows\system32\ijmTvyay.ini c:\windows\system32\ijmTvyay.ini2 c:\windows\system32\kvlniyhp.ini c:\windows\system32\M0XQnlgP.exe.a_a c:\windows\system32\mdm.exe c:\windows\system32\O6ASpniR.dll c:\windows\system32\prunnet.exe c:\windows\system32\seneka.dat c:\windows\system32\senekadf.dat c:\windows\system32\senekalog.dat c:\windows\system32\senekaplrdlypu.dll c:\windows\system32\senekatfmqhtiv.dll c:\windows\system32\senekayqjhipjo.dll c:\windows\system32\sjrkcqax.dll c:\windows\system32\swcqmcyw.dll c:\windows\system32\vghazx.dll c:\windows\system32\voxrquii.dll c:\windows\system32\wycmqcws.ini c:\windows\system32\xaqckrjs.ini c:\windows\system32\xwdmbbgv.ini c:\windows\system32\xywuaify.dll c:\windows\system32\yayvTmji.dll c:\windows\system32\yvihegve.dll c:\windows\system32\zyuoue.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA -------\Legacy_ONESTEP_SEARCH_SERVICE ((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))))) . 2009-01-05 16:20 . 2009-01-05 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Search Settings 2009-01-02 22:06 . 2009-01-02 22:06 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1ODUwMTN8_ 2009-01-02 22:06 . 2009-01-02 22:11 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus 2009-01-02 21:44 . 2009-01-02 21:44 72,192 --a------ c:\windows\system32\hgGwXOFX.dll 2009-01-02 21:44 . 2009-01-02 21:44 40,448 --a------ c:\windows\system32\k9261108.exe 2008-12-30 00:17 . 2008-12-30 00:17 268 --ah----- C:\sqmdata15.sqm 2008-12-30 00:17 . 2008-12-30 00:17 268 --ah----- C:\sqmdata14.sqm 2008-12-30 00:17 . 2008-12-30 00:17 244 --ah----- C:\sqmnoopt15.sqm 2008-12-30 00:17 . 2008-12-30 00:17 244 --ah----- C:\sqmnoopt14.sqm 2008-12-28 17:55 . 2008-12-28 17:55 268 --ah----- C:\sqmdata13.sqm 2008-12-28 17:55 . 2008-12-28 17:55 244 --ah----- C:\sqmnoopt13.sqm 2008-12-24 18:07 . 2005-02-01 14:20 5,760,056 --a------ c:\windows\Darkstar.bmp 2008-12-24 18:06 . 2008-12-24 18:06 5,760,054 --a------ c:\windows\ALX_1600x1200.bmp 2008-12-24 18:04 . 2008-12-24 18:10 3,932,214 --a------ c:\windows\AW_XenoMorph1280.bmp 2008-12-24 18:03 . 2008-12-24 18:03 <DIR> d-------- c:\program files\Common Files\Stardock 2008-12-24 18:03 . 2008-12-24 18:07 <DIR> d-------- c:\program files\AlienGUIse 2008-12-24 18:03 . 2003-02-26 22:27 36,864 --a------ c:\windows\system32\wbsys.dll 2008-12-24 18:03 . 2008-12-24 18:03 56 --a------ c:\windows\wb.ini 2008-12-24 15:45 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-24 15:45 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-12-11 22:07 . 2008-12-11 22:07 268 --ah----- C:\sqmdata12.sqm 2008-12-11 22:07 . 2008-12-11 22:07 244 --ah----- C:\sqmnoopt12.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-03 04:44 --------- d-----w c:\program files\Bots 2008-12-27 03:17 --------- d-----w c:\program files\AIM6 2008-12-27 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-12-21 20:34 --------- d-----w c:\program files\Workspace Macro Pro 6.5 2008-12-21 20:33 --------- d-----w c:\program files\Total Video Converter 2008-12-21 20:31 --------- d-----w c:\program files\Cheat Engine 2008-12-21 20:29 --------- d-----w c:\program files\Starcraft 2008-12-21 20:28 --------- d-----w c:\program files\SwiftSwitch 2008-12-21 20:28 --------- d-----w c:\program files\SwiftKit 2008-12-21 01:10 --------- d-----w c:\program files\Dofus 2008-12-19 03:53 --------- d-----w c:\program files\WarRock 2008-11-07 23:37 --------- d-----w c:\program files\Alwil Software 2008-10-27 23:22 121,396 -c--a-w c:\program files\lalalala.exe 2008-07-25 03:19 23 -c--a-w c:\documents and settings\Keeno\jagex_runescape_preferences.dat 2008-03-18 20:43 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-10-12 20:02 121 -c--a-w c:\documents and settings\Keeno\Install_WLMessenger.exe 2007-09-22 05:26 9,870,032 -c--a-w c:\documents and settings\Keeno\fp2006-final-3.00-setup.zip 2007-09-22 04:07 241,664 -c--a-w c:\program files\Uninstall Ask Toolbar.dll 2008-12-21 03:47 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-21 03:47 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-21 03:47 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-21 03:47 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-21 03:47 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-21 15:22 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 185896] "SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-12-06 1069920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-27 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll ecxbwv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Keeno^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Keeno\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-01-03 10:15 50528 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a--c--- 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] -----c--- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a--c--- 2005-09-20 08:32 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a--c--- 2005-09-20 08:36 114688 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a--c--- 2005-09-20 08:35 94208 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2007-06-26 21:10 317440 c:\windows\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Bots\\bots.dat"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "\\\\Mah-pc\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43594:TCP"= 43594:TCP:RSPS R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-30 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d20604e-75f2-11dc-ae36-001676aa3570}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-01-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2009-01-05 c:\windows\Tasks\tujvdgkg.job - c:\windows\system32\rundll32.exe [2008-04-13 18:12] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file) BHO-{1C1B8A44-61FE-411E-8F33-813A4E2E2984} - c:\windows\system32\avgsafe.dll BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\ljJDWOiH.dll BHO-{8c3e2c42-3fbb-435d-b10b-840e79462b1b} - c:\windows\system32\ecxbwv.dll BHO-{DFBD8876-9F2E-418C-99A9-9215D3704519} - c:\windows\system32\yayvTmji.dll Toolbar-{2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file) WebBrowser-{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} - (no file) HKCU-Run-prunnet - c:\windows\system32\prunnet.exe HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe HKLM-Run-prunnet - c:\windows\system32\prunnet.exe HKLM-Run-Nnixupadewiyohu - c:\windows\Jtihuwaq.dll ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\ljJDWOiH.dll Notify-ljJDWOiH - ljJDWOiH.dll MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE MSConfigStartUp-NexonPlug - c:\documents and settings\Keeno\Desktop\NexonPlug\NexonPlug.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://centurytel.myway.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm Trusted Zone: *.antimalwareguard.com Trusted Zone: *.gomyhit.com Trusted Zone: *.antimalwareguard.com Trusted Zone: *.gomyhit.com O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab c:\windows\Downloaded Program Files\GoPetsWeb.inf FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w0nnx40o.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 17:07:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe . ************************************************************************** . Completion time: 2009-01-05 17:14:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-05 23:14:15 Pre-Run: 33,827,475,456 bytes free Post-Run: 33,917,235,200 bytes free 267 --- E O F --- 2008-12-18 04:32:44
  6. keenankern

    Virus Time[INACTIVE]

    Can't download anything because if I go to the link, the webpage is unable to connect.
  7. keenankern

    Virus Time[INACTIVE]

    Problem, the virus does something funky to the internet, making every web page undisplayable.
  8. keenankern

    Virus Time[INACTIVE]

    Here's the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:14:17 PM, on 1/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\mdm.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\AIM6\anotify.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file) O3 - Toolbar: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKLM\..\Run: [Nnixupadewiyohu] rundll32.exe "C:\WINDOWS\Jtihuwaq.dll",e O4 - HKLM\..\Run: [10f7a49b] rundll32.exe "C:\WINDOWS\system32\swcqmcyw.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user') O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: wbsys.dll ecxbwv.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8893 bytes
  9. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:02 PM, on 5/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Search Settings\SearchSettings.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZCfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9349 bytes Thanks
  10. keenankern

    Help Please, I Have Some Sort Of Virus![INACTIVE]

    Also, my computer seems to be running better. The flashing icons near the clock disappeared. Thanks
  11. keenankern

    Help Please, I Have Some Sort Of Virus![INACTIVE]

    OK, here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:25:41 PM, on 2/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Search Settings\SearchSettings.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\rsvp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8876 bytes
  12. keenankern

    Help Please, I Have Some Sort Of Virus![INACTIVE]

    Also, the AVG finished scanning, with no errors, deleting the single threat found.
  13. keenankern

    Help Please, I Have Some Sort Of Virus![INACTIVE]

    Okay, thanks for the help, AVG is currently still scanning, hopefully I can get rid of this. Here is the report: Malwarebytes' Anti-Malware 1.03 Database version: 372 Scan type: Quick Scan Objects scanned: 32715 Time elapsed: 20 minute(s), 31 second(s) Memory Processes Infected: 10 Memory Modules Infected: 2 Registry Keys Infected: 71 Registry Values Infected: 13 Registry Data Items Infected: 0 Folders Infected: 14 Files Infected: 36 Memory Processes Infected: c:\program files\netproject\scit.exe (Trojan.Zlob) -> Unloaded process successfully. c:\program files\netproject\sbmntr.exe (Trojan.Zlob) -> Unloaded process successfully. c:\program files\netproject\scm.exe (Trojan.Zlob) -> Unloaded process successfully. c:\program files\netproject\sbsm.exe (Trojan.Zlob) -> Unloaded process successfully. c:\program files\netproject\sbsm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully. C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully. C:\Program Files\NetProject\sbsm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\NetProject\sbsm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\NetProject\sbsm.exe (Trojan.Zlob) -> Unloaded process successfully. Memory Modules Infected: c:\WINDOWS\system32\eeioq.dll (Trojan.Zlob) -> Unloaded module successfully. C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{917f93bf-6714-4e11-8982-59db2e0f88fc} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8bd4438c-2511-4b93-ad34-2bdcd0ff78d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bd4438c-2511-4b93-ad34-2bdcd0ff78d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0979850f-6c3e-4294-b225-b3d3c4a6f2a1} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1bb2da5f-b78f-44ea-bda1-771cbe1dec68} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2a4e73c5-ba3c-4391-b7e5-ffe8d3bd6245} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{44a923ca-f430-4f85-9f84-5153ecdb882e} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e6e21ec-9d72-4164-8a53-74786a467872} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{631e9e48-b066-43da-92ac-6dadf61b173b} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{65c1361c-e696-4af0-9e21-81910193f352} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{77dce805-c8ce-48aa-a47f-bfa6cc7704b3} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d42769f-07d8-494d-aab4-aa1652c541fa} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a1922071-390c-418d-916d-91209e95d286} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a1f8cd95-cfb3-43d1-a956-63441cc058c1} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a63b46ad-96a7-4a2c-bd8f-8cd097e1593a} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a65f98dd-2360-468c-b76e-b1b84c0d547c} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ae2aeed0-be1b-4ba2-826e-20d1991081b8} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d7f73787-6206-4bba-bdc0-7cfa9940dbcb} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e770f739-2968-4ed9-a63c-dc1938dc82a2} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cfafa83c-855b-4e3d-92b9-a587995b675a} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Failed to delete. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{917f93bf-6714-4e11-8982-59db2e0f88fc} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\VirusHeat 3.9 (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\eeioq.dll (Trojan.Zlob) -> Quarantined and deleted successfully. c:\program files\netproject\scit.exe (Trojan.Zlob) -> Quarantined and deleted successfully. c:\program files\netproject\sbmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully. c:\program files\netproject\scm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. c:\program files\netproject\sbsm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Local Settings\Temp\zfe1.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Local Settings\Temp\zfe3.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Program Files\Helper\1203308372.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. C:\Program Files\VirusHeat 3.9\ignored.lst (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\VirusHeat 3.9\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\NetProject\sbmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Keeno\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
  14. Hi, I was playing RuneScape when something downloaded in about 3 seconds and started flashing I have a virus etc. and it keeps trying to make me download different virus protections, and I have no clue what to do. Here is my log: Also, kudos to whoever reads this and understands it, 'cause it is way over my head O_O Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53:42 PM, on 2/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\OneStepSearch\onestep.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\OneStepSearch\onestep.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\NetProject\scit.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NetProject\scm.exe C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203308381.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINDOWS\system32\eeioq.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9646 bytes