 |  |  |  |  |  |  |  |
Another - VIRUS ALERT! in Task Bar
 |
New here and glad you guys exist!!!
I have ran several anti this and that software including AVG, Avast,True Sword4,Spy ware Doc etc etc ...last 3days
Currently after reading a few threads on the same or similar spyware probs I am running Malwarebytes Anti-Malware for a full scan on both my drives C-Drive-master and D-Drive.
A few reports say that PC is clean but as Malwarebytes is scanning it has already found at least one infected item ...still running as i write this...
Since I am pretty PC illiterate I need some noob proof way to get back access to my TASK MANAGER / ALL PROGRAMS and C and D Drives if possible but I will do my best !!!
Thanks !!!
Alex
I have ran several anti this and that software including AVG, Avast,True Sword4,Spy ware Doc etc etc ...last 3days
Currently after reading a few threads on the same or similar spyware probs I am running Malwarebytes Anti-Malware for a full scan on both my drives C-Drive-master and D-Drive.
A few reports say that PC is clean but as Malwarebytes is scanning it has already found at least one infected item ...still running as i write this...
Since I am pretty PC illiterate I need some noob proof way to get back access to my TASK MANAGER / ALL PROGRAMS and C and D Drives if possible but I will do my best !!!
Thanks !!!
Alex
This place is magic....just registering alone has got my Task Manager and Drives Back ...Hallelujah !!! (actually following a similar thread did it!!!)
Except for one last thing my Desk Top Properties is still missing ...
Only menu option is General and "FILE PROTOCOL" is written below
Except for one last thing my Desk Top Properties is still missing ...
Only menu option is General and "FILE PROTOCOL" is written below
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation: 
Solved Threads: 761
Hi and welcome to the Daniweb forums 
.
==========
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
.==========
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Last edited by crunchie; Oct 12th, 2008 at 5:50 pm.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
•
•
Originally Posted by crunchie 
Hi and welcome to the Daniweb forums
==========
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Should I just copy and paste in the next reply or ???
ComboFix 08-10-11.02 - Administrator 2008-10-11 22:58:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.696 [GMT 9:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\Adobe\crc.dat
C:\Documents and Settings\Administrator\Favorites\Download programs.url
C:\Documents and Settings\Administrator\Favorites\Games.url
C:\Documents and Settings\Administrator\Favorites\Translator.url
C:\Documents and Settings\Administrator\Favorites\Videos.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Download programs.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Games.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Translator.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Videos.url
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\setup.exe
----- BITS: Possible infected sites -----
hxxp://78.157.143.163
hxxp://78.157.142.26
.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.
2008-10-11 15:28 . 2008-10-11 15:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 15:28 . 2008-10-11 15:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-11 15:28 . 2008-10-11 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-11 15:28 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 15:28 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 15:55 . 2008-10-09 15:55 <DIR> d-------- C:\WINDOWS\logs
2008-10-09 15:55 . 2008-10-09 16:05 <DIR> d-------- C:\Program Files\AppRanger
2008-10-09 15:55 . 2008-10-09 16:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AppRanger
2008-10-09 15:50 . 2008-10-09 15:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 07:51 . 2008-10-09 07:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sunbelt
2008-10-09 07:51 . 2008-10-09 07:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt
2008-10-09 07:48 . 2008-10-09 07:48 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-09 06:28 . 2008-10-09 06:28 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-10-09 06:28 . 2008-10-09 06:28 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-10-09 06:10 . 2008-10-09 06:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\True Sword
2008-10-09 06:09 . 2008-10-09 15:45 <DIR> d-------- C:\Program Files\True Sword 5
2008-10-09 02:56 . 2008-10-09 02:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LogoMaker
2008-10-09 02:54 . 2008-10-09 02:54 <DIR> d-------- C:\Program Files\Studio V5
2008-10-09 01:01 . 2008-10-09 01:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-08 04:16 . 2008-10-09 00:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-08 04:11 . 2008-10-09 00:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-21 04:45 . 2008-09-21 04:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-21 04:27 . 2008-09-21 04:27 <DIR> d-------- C:\Program Files\Softwin
2008-09-14 05:22 . 2008-09-14 13:09 121 --a------ C:\WINDOWS\bdagent.INI
2008-09-14 05:02 . 2008-10-09 04:46 <DIR> d-------- C:\Program Files\BitDefender
2008-09-14 05:01 . 2008-10-09 07:59 <DIR> d-------- C:\Program Files\Common Files\BitDefender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 13:47 --------- d-----w C:\Program Files\Steam
2008-10-08 16:24 --------- d-----w C:\Program Files\Off Road Arena
2008-10-07 18:56 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-20 19:27 --------- d-----w C:\Program Files\Common Files\Softwin
2008-09-18 14:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-14 18:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-12 13:47 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-12 13:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 10:10 --------- d-----w C:\Program Files\Java
2008-08-11 15:06 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-04-23 14:35 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
2006-12-03 08:11 1,557 ----a-w C:\Documents and Settings\Administrator\bpk.dat
2006-12-02 05:30 1,258 ----a-w C:\Documents and Settings\Administrator\web.dat
2001-09-28 08:00 164,864 ------w C:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2004-08-04 21:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 21:00 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-10-08 1410296]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 7323648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\DeltaIITray.exe" [2007-12-03 236040]
"DeltaIITaskbarApp"="C:\WINDOWS\system32\DeltaIITray.exe" [2007-12-03 236040]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2005-12-14 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2007-04-12 10640]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\WINDOWS\system32\DRIVERS\deltaII.sys [2007-12-03 297992]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RASOA - C:\WINDOWS\msn64.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gz1o1pf2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 23:01:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-11 23:04:10
ComboFix-quarantined-files.txt 2008-10-11 14:03:32
Pre-Run: 5,255,548,928 bytes free
Post-Run: 5,226,393,600 bytes free
158 --- E O F --- 2007-08-17 06:36:54
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.696 [GMT 9:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\Adobe\crc.dat
C:\Documents and Settings\Administrator\Favorites\Download programs.url
C:\Documents and Settings\Administrator\Favorites\Games.url
C:\Documents and Settings\Administrator\Favorites\Translator.url
C:\Documents and Settings\Administrator\Favorites\Videos.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Download programs.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Games.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Translator.url
C:\Documents and Settings\Administrator\Start Menu\Programs\Videos.url
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\setup.exe
----- BITS: Possible infected sites -----
hxxp://78.157.143.163
hxxp://78.157.142.26
.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.
2008-10-11 15:28 . 2008-10-11 15:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 15:28 . 2008-10-11 15:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-11 15:28 . 2008-10-11 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-11 15:28 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 15:28 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 15:55 . 2008-10-09 15:55 <DIR> d-------- C:\WINDOWS\logs
2008-10-09 15:55 . 2008-10-09 16:05 <DIR> d-------- C:\Program Files\AppRanger
2008-10-09 15:55 . 2008-10-09 16:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AppRanger
2008-10-09 15:50 . 2008-10-09 15:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 07:51 . 2008-10-09 07:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sunbelt
2008-10-09 07:51 . 2008-10-09 07:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt
2008-10-09 07:48 . 2008-10-09 07:48 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-09 06:28 . 2008-10-09 06:28 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-10-09 06:28 . 2008-10-09 06:28 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-10-09 06:10 . 2008-10-09 06:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\True Sword
2008-10-09 06:09 . 2008-10-09 15:45 <DIR> d-------- C:\Program Files\True Sword 5
2008-10-09 02:56 . 2008-10-09 02:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LogoMaker
2008-10-09 02:54 . 2008-10-09 02:54 <DIR> d-------- C:\Program Files\Studio V5
2008-10-09 01:01 . 2008-10-09 01:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-08 04:16 . 2008-10-09 00:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-08 04:11 . 2008-10-09 00:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-21 04:45 . 2008-09-21 04:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-21 04:27 . 2008-09-21 04:27 <DIR> d-------- C:\Program Files\Softwin
2008-09-14 05:22 . 2008-09-14 13:09 121 --a------ C:\WINDOWS\bdagent.INI
2008-09-14 05:02 . 2008-10-09 04:46 <DIR> d-------- C:\Program Files\BitDefender
2008-09-14 05:01 . 2008-10-09 07:59 <DIR> d-------- C:\Program Files\Common Files\BitDefender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 13:47 --------- d-----w C:\Program Files\Steam
2008-10-08 16:24 --------- d-----w C:\Program Files\Off Road Arena
2008-10-07 18:56 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-20 19:27 --------- d-----w C:\Program Files\Common Files\Softwin
2008-09-18 14:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-14 18:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-12 13:47 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-12 13:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 10:10 --------- d-----w C:\Program Files\Java
2008-08-11 15:06 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-04-23 14:35 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
2006-12-03 08:11 1,557 ----a-w C:\Documents and Settings\Administrator\bpk.dat
2006-12-02 05:30 1,258 ----a-w C:\Documents and Settings\Administrator\web.dat
2001-09-28 08:00 164,864 ------w C:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2004-08-04 21:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 21:00 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-10-08 1410296]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 7323648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\DeltaIITray.exe" [2007-12-03 236040]
"DeltaIITaskbarApp"="C:\WINDOWS\system32\DeltaIITray.exe" [2007-12-03 236040]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2005-12-14 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2007-04-12 10640]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\WINDOWS\system32\DRIVERS\deltaII.sys [2007-12-03 297992]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RASOA - C:\WINDOWS\msn64.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gz1o1pf2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 23:01:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-11 23:04:10
ComboFix-quarantined-files.txt 2008-10-11 14:03:32
Pre-Run: 5,255,548,928 bytes free
Post-Run: 5,226,393,600 bytes free
158 --- E O F --- 2007-08-17 06:36:54
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation:
Solved Threads: 761
Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:40 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = ? (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.mindspring.com/%7Ejayk6/r.../fishmouth.jpg
--
End of file - 6095 bytes
Did it ...thank you !!!
Scan saved at 7:02:40 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = ? (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.mindspring.com/%7Ejayk6/r.../fishmouth.jpg
--
End of file - 6095 bytes
Did it ...thank you !!!
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation:
Solved Threads: 761
Can you please do the following.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = ? (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = ? (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Virus Alert! icon in the Notification Bar <<HELP>> (Viruses, Spyware and other Nasties)
- Virus alert in task bar and IE page problems (Viruses, Spyware and other Nasties)
- Virus Alert In Task Bar....PLZ HELP (Viruses, Spyware and other Nasties)
- Virus Alert (Task bar) (Viruses, Spyware and other Nasties)
- Virus Alert Icon in System Tray HELP! (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Need help with my wife's laptop
- Next Thread: WinDefender 2008 How to Get rid of it
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
