Help Me With This?

therjw
therjw
in Logs analysis

hi


lately my computer been uploading for no reason. I used zonealarm and put the protection rating up to high and it suddenly started to say winlogon.exe is trying to access quite a few different programs. When I denied it my upload rate went to 0 but I couldn't access the Internet anymore. I did a deep scan with Bitdefender but it couldn't find anything. Here the HJ log


Logfile of HijackThis v1.99.1


Scan saved at 19:19:20, on 26/04/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16640)


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\WINDOWS\system32\ZoneLabs\vsmon.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Wave Systems Corp\Common\DataServer.exe


C:\Program Files\Kontiki\KService.exe


C:\Program Files\Intel\AMT\LMS.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe


C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


C:\WINDOWS\system32\SearchIndexer.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe


C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE


C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe


C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe


C:\Documents and Settings\Richard\My Documents\g15 programs\lcdsirreal\LCDSirReal.exe


C:\Documents and Settings\Richard\My Documents\g15 programs\weatherg15\WeatherG15.exe


C:\Program Files\Kontiki\KHost.exe


C:\Program Files\Stardock\CursorXP\CursorXP.exe


C:\Program Files\Logitech\SetPoint\SetPoint.exe


C:\Program Files\Windows Desktop Search\WindowsSearch.exe


C:\Program Files\ScreenThemes\scthemes.exe


C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE


C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE


C:\Documents and Settings\Richard\My Documents\Utilities\VundoFix.exe


C:\WINDOWS\system32\SearchProtocolHost.exe


C:\Documents and Settings\Richard\My Documents\Utilities\hijackthis_199\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myaccount.bitdefender.com/?email=therjw@ntlworld.com


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll


O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe


O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY


O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE


O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"


O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"


O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE


O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe


O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe


O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe


O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html


O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html


O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html


O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll


O11 - Options group: [iNTERNATIONAL] International*


O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185142134046


O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab


O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab


O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll


O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL


O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll


O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL


O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL


O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll


O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll


O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll


O21 - SSODL: EnhancedDialog - {6D972050-A934-44D7-AC67-7C9E0B264220} - C:\Program Files\Stardock\Object Desktop\EnhancedDialog\enhdlginit.dll


O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe


O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)


O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe


O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)


O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe


O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe


O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe


O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)


O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


also I find it weird it saying some of Bitdefenders service files are missing. :blink:


I'll be thankful for any help

Comments

  • Chesda
    Chesda

    You have the old version of Hijackthis, please download the latest one here and preform a system scan.

  • therjw
    therjw

    k here the new version


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 12:59:46, on 27/04/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16640)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\Program Files\Wave Systems Corp\Common\DataServer.exe


    C:\Program Files\Kontiki\KService.exe


    C:\Program Files\Intel\AMT\LMS.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe


    C:\WINDOWS\system32\SearchIndexer.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe


    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE


    C:\WINDOWS\system32\SearchProtocolHost.exe


    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe


    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe


    C:\Program Files\Kontiki\KHost.exe


    C:\Program Files\Stardock\CursorXP\CursorXP.exe


    C:\Program Files\Logitech\SetPoint\SetPoint.exe


    C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    C:\Program Files\ScreenThemes\scthemes.exe


    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE


    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


    C:\Program Files\Mozilla Firefox\firefox.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myaccount.bitdefender.com/?email=therjw@ntlworld.com


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


    O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll


    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


    O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe


    O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY


    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE


    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"


    O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"


    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE


    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe


    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')


    O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe


    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe


    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html


    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html


    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html


    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab


    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185142134046


    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab


    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab


    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab


    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab


    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll


    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


    O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe


    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe


    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe


    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe


    O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe


    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    --


    End of file - 11032 bytes

  • therjw
    therjw

    I be really grateful of any help as my comp starting to now be a pain to turn on as sometimes it wont even load the bios now.


    also here a log file made with combofix


    ComboFix 08-04-27.3 - Richard 2008-04-29 0:46:54.1 - NTFSx86


    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1364 [GMT 1:00]


    Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe


    * Created a new restore point


    * Resident AV is active


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    C:\WINDOWS\system32\_000005_.tmp.dll


    C:\WINDOWS\system32\18680E05A6.dll


    .


    ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))


    .


    2008-04-29 00:46 . 2008-04-29 00:46 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG


    2008-04-27 01:24 . 2008-04-27 01:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn


    2008-04-27 01:24 . 2008-04-27 01:34 1,409 --a------ C:\WINDOWS\QTFont.for


    2008-04-26 23:13 . 2008-04-26 23:14 <DIR> d-------- C:\Program Files\Spybot


    2008-04-26 19:42 . 2008-04-26 19:42 <DIR> d-------- C:\Program Files\Trend Micro


    2008-04-26 19:15 . 2008-04-26 19:15 <DIR> d-------- C:\VundoFix Backups


    2008-04-25 19:36 . 2008-04-25 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet


    2008-04-25 18:39 . 2008-04-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM


    2008-04-25 17:19 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll


    2008-04-25 17:19 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe


    2008-04-25 17:04 . 2008-04-25 17:04 <DIR> d-------- C:\Program Files\Bonjour


    2008-04-25 16:55 . 2008-04-25 16:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared


    2008-04-25 08:58 . 2008-04-25 08:58 50 --a------ C:\WINDOWS\MegaManager.INI


    2008-04-25 08:38 . 2008-04-25 08:38 <DIR> d-------- C:\Program Files\tamasoftware


    2008-04-24 22:39 . 2008-04-24 22:39 <DIR> d-------- C:\temp\SetupTest


    2008-04-24 22:39 . 2008-04-24 22:39 <DIR> d-------- C:\temp


    2008-04-24 19:31 . 2008-04-24 19:34 882 --a------ C:\WINDOWS\DC.ini


    2008-04-23 03:23 . 2008-04-23 03:23 <DIR> d-------- C:\Program Files\Channel4


    2008-04-23 03:23 . 2008-04-23 03:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4


    2008-04-16 05:38 . 2008-04-16 05:38 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Sahmon Games


    2008-04-15 22:10 . 2008-04-15 22:14 <DIR> d-------- C:\WINDOWS\Airport Mania


    2008-04-09 20:31 . 2008-04-09 20:34 1,355 --a------ C:\WINDOWS\imsins.BAK


    2008-04-07 21:24 . 2008-04-07 21:25 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\DJJava


    2008-04-07 21:23 . 2008-04-07 21:23 <DIR> d-------- C:\Program Files\decomp


    2008-04-07 21:23 . 2008-04-07 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis


    2008-04-07 19:09 . 2008-04-07 23:39 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\FileZilla


    2008-04-07 19:00 . 2008-04-07 19:00 <DIR> d-------- C:\Program Files\Filezilla


    2008-04-04 14:28 . 2008-04-27 22:15 <DIR> d-------- C:\Downloads


    2008-04-03 17:01 . 2008-04-03 20:13 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Command & Conquer 3 Kane's Wrath


    2008-04-03 16:56 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll


    2008-04-03 16:56 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll


    2008-04-03 16:56 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll


    2008-04-03 16:56 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll


    2008-04-01 12:15 . 2008-04-01 12:15 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf


    2008-04-01 08:21 . 2008-04-01 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!


    2008-03-31 05:29 . 2008-03-31 05:36 94,208 --a------ C:\WINDOWS\ScUnin.exe


    2008-03-31 05:29 . 2008-03-31 05:36 35,382 --a------ C:\WINDOWS\scunin.dat


    2008-03-31 05:29 . 2008-03-31 05:36 967 --a------ C:\WINDOWS\ScUnin.pif


    2008-03-31 04:57 . 2008-03-31 04:57 <DIR> d-------- C:\Program Files\CCleaner


    2008-03-31 02:41 . 2008-03-31 02:41 <DIR> d-------- C:\Program Files\IObit


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-04-28 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki


    2008-04-28 13:03 8,042,182 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip


    2008-04-27 21:33 5,225,472 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp


    2008-04-27 21:33 3,144,704 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp


    2008-04-27 00:13 --------- d-----w C:\Program Files\Mozilla Thunderbird


    2008-04-26 23:22 5,219,328 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp


    2008-04-26 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


    2008-04-26 22:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy


    2008-04-25 19:36 --------- d-----w C:\Program Files\Common Files\Adobe


    2008-04-25 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help


    2008-04-25 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information


    2008-04-23 15:39 --------- d-----w C:\Program Files\SpeedFan


    2008-04-23 02:24 --------- d-----w C:\Program Files\Kontiki


    2008-04-12 01:22 1,122,304 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp


    2008-04-09 13:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP


    2008-04-06 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech


    2008-04-04 01:49 106,496 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp


    2008-04-03 16:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll


    2008-04-03 02:59 402,432 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp


    2008-04-03 02:59 4,931,584 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp


    2008-04-01 10:25 --------- d-----w C:\Program Files\Programmer's Notepad


    2008-03-31 02:13 4,900,352 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp


    2008-03-31 02:13 336,384 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp


    2008-03-31 01:41 4,897,280 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp


    2008-03-28 11:37 --------- d-----w C:\Program Files\iTunes


    2008-03-27 15:36 --------- d-----w C:\Program Files\Echovoice


    2008-03-27 13:35 --------- d-----w C:\Program Files\Windows Live


    2008-03-27 13:35 --------- d-----w C:\Program Files\MSN Messenger


    2008-03-27 13:35 --------- d-----w C:\Program Files\Messenger Plus! Live


    2008-03-27 12:30 114,176 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp


    2008-03-27 12:00 --------- d-----w C:\Program Files\Logitech


    2008-03-26 01:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft


    2008-03-26 01:33 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe


    2008-03-21 20:57 76,800 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp


    2008-03-21 20:55 --------- d-----w C:\Documents and Settings\Richard\Application Data\U3


    2008-03-21 03:02 88,576 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp


    2008-03-20 02:28 179,712 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp


    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys


    2008-03-19 03:55 --------- d-----w C:\Program Files\WinCustomize


    2008-03-16 20:07 --------- d-----w C:\Program Files\Real Alternative


    2008-03-16 06:25 610,304 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp


    2008-03-15 19:54 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4


    2008-03-13 05:46 --------- d-----w C:\Program Files\Microsoft Visual Studio 8


    2008-03-13 05:42 --------- d-----w C:\Program Files\Common Files\Merge Modules


    2008-03-13 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions


    2008-03-12 20:02 4,746,240 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp


    2008-03-11 19:08 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp


    2008-03-11 04:16 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp


    2008-03-10 07:17 175,616 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp


    2008-03-10 07:13 --------- d-----w C:\Program Files\DOSBox-0.71


    2008-03-10 06:45 --------- d-----w C:\Program Files\VDMSound


    2008-03-06 10:46 340,992 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp


    2008-03-06 03:05 --------- d-----w C:\Program Files\iPod


    2008-03-06 03:02 --------- d-----w C:\Program Files\QuickTime


    2008-03-04 05:27 --------- d-----w C:\Documents and Settings\Richard\Application Data\Pi Eye Games


    2008-03-04 03:55 --------- d-----w C:\Program Files\Sam And Max Season One Collection Pack


    2008-03-04 00:40 --------- d-----w C:\Program Files\ReflexiveArcade


    2008-03-03 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson


    2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll


    2008-02-27 03:08 1,234,944 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp


    2008-02-25 09:08 4,572,672 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp


    2008-02-24 07:22 4,545,024 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp


    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll


    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll


    2008-02-20 02:27 4,350,464 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp


    2008-02-14 15:14 65,536 ----a-w C:\WINDOWS\DUMP8193.tmp


    2008-02-14 15:13 4,285,952 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp


    2008-02-14 15:13 371,200 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp


    2008-02-14 02:29 4,277,248 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp


    2008-02-09 00:07 498,176 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp


    2008-02-09 00:07 4,226,048 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp


    2008-02-07 03:12 328,704 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp


    2008-02-06 18:21 691,545 ----a-w C:\WINDOWS\unins000.exe


    2008-02-06 04:41 4,196,864 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp


    2008-02-06 04:40 943,104 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp


    2008-01-29 04:41 1,922,048 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp


    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll


    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]


    "CursorXP"="C:\Program Files\Stardock\CursorXP\CursorXP.exe" [2004-12-03 16:48 140288]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "SigmatelSysTrayApp"="sttray.exe" []


    "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 17:17 9134080]


    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]


    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]


    "BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 16:21 270336]


    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]


    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-24 02:20 360448]


    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]


    "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 00:30 1687824]


    "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 01:08 2094352]


    "4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]


    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]


    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]


    C:\Documents and Settings\Rebecca\Start Menu\Programs\Startup\


    ScreenThemes.lnk - C:\Program Files\ScreenThemes\scthemes.exe [2007-07-30 19:01:59 135168]


    C:\Documents and Settings\Whyle\Start Menu\Programs\Startup\


    ScreenThemes.lnk - C:\Program Files\ScreenThemes\scthemes.exe [2007-07-30 19:01:59 135168]


    C:\Documents and Settings\Richard\Start Menu\Programs\Startup\


    ScreenThemes.lnk - C:\Program Files\ScreenThemes\scthemes.exe [2007-07-30 19:01:59 135168]


    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\


    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-22 07:55:56 692224]


    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]


    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]


    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]


    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]


    C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2007-09-06 17:42 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]


    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2008-02-13 17:15 229376 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]


    "AppInit_DLLs"=wbsys.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]


    "msacm.l3acm"= C:\WINDOWS\system32\l3codecx.acm


    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll


    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll


    "vidc.yv12"= yv12vfw.dll


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]


    @=""


    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]


    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk


    backup=C:\WINDOWS\pss\AVerQuick.lnkCommon Startup


    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]


    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk


    backup=C:\WINDOWS\pss\Run Registration Tool.lnkCommon Startup


    [HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^Adobe Gamma.lnk]


    path=C:\Documents and Settings\Richard\Start Menu\Programs\Startup\Adobe Gamma.lnk


    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


    [HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]


    path=C:\Documents and Settings\Richard\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk


    backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]


    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]


    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]


    --a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]


    --a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]


    C:\Program Files\iolo\System Mechanic 6\delay.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]


    --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Joystick 2 Mouse]


    --a------ 2006-09-27 19:06 176128 C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]


    --a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]


    --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]


    --a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]


    --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]


    --------- 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]


    -ra------ 2003-09-30 00:14 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


    --a------ 2008-03-28 00:20 1271032 e:\program files\steam\steam.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]


    --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]


    --a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]


    "DisableMonitoring"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=


    "c:\\program files\\texthelp systems\\read and write 8\\mind mapper\\Property Controller.exe"= C:\\Program Files\\Texthelp Systems\\Read And Write 8\\Mind Mapper\\Property Controller.exe


    "c:\\program files\\texthelp systems\\read and write 8\\mind mapper\\MindMapLauncher.exe"= C:\\Program Files\\Texthelp Systems\\Read And Write 8\\Mind Mapper\\MindMapLauncher.exe


    "c:\\program files\\texthelp systems\\read and write 8\\RW8.exe"= C:\\Program Files\\Texthelp Systems\\Read And Write 8\\RW8.exe


    "E:\\Program Files\\Steam\\Steam.exe"=


    "C:\\Program Files\\uTorrent\\uTorrent.exe"=


    "C:\\Program Files\\Messenger\\msmsgs.exe"=


    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=


    "C:\\Program Files\\MSN Messenger\\livecall.exe"=


    "E:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=


    "E:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=


    "E:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=


    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=


    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=


    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


    "C:\\Program Files\\Kontiki\\KService.exe"=


    "E:\\Program Files\\BlueSoleil\\BlueSoleil.exe"=


    "C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=


    "E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=


    "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=


    "E:\\Program Files\\Sega\\Universe At War Earth Assault\\UAWEA.exe"=


    "C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=


    "C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=


    "C:\\Program Files\\iTunes\\iTunes.exe"=


    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=


    R0 stmtpm;STM TPM Service;C:\WINDOWS\system32\DRIVERS\stm_tpm.sys [2006-05-19 11:14]


    R2 LMS;Intel® Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 16:35]


    R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]


    S3 aver7700;AVerMedia aver7700 DVB-T;C:\WINDOWS\system32\Drivers\aver7700.sys [2007-03-07 09:28]


    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-16 04:48]


    S3 o1394bul;o1394bul;C:\DOCUME~1\Richard\LOCALS~1\Temp\o1394bul.sys []


    S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []


    S4 msvsmon90;Visual Studio 2008 Remote Debugger;"E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7636fafc-88a9-11dc-bd22-001676cb9065}]


    \Shell\AutoRun\command - M:\Backup.bat


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9985dfa0-893e-11dc-bd23-001676cb9065}]


    \Shell\AutoRun\command - K:\Backup.bat


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d09ecc34-9599-11dc-bd38-001676cb9065}]


    \Shell\AutoRun\command - K:\setup\rsrc\Autorun.exe


    \Shell\dinstall\command - K:\Directx\dxsetup.exe


    *Newly Created Service* - CATCHME


    .


    Contents of the 'Scheduled Tasks' folder


    "2007-10-12 22:04:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"


    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe


    "2008-04-27 00:56:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"


    - C:\Program Files\Windows Defender\MpCmdRun.exe


    .


    **************************************************************************


    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-04-29 00:54:21


    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    **************************************************************************


    .


    Completion time: 2008-04-29 0:56:51


    ComboFix-quarantined-files.txt 2008-04-28 23:55:48


    Pre-Run: 2,702,274,560 bytes free


    Post-Run: 2,964,033,536 bytes free


    296 --- E O F --- 2008-04-23 00:43:16

  • alexcrist
    alexcrist
    edited April 2008

    Hello therjw,


    As far as I can see, both logs are clean. ComboFix found two files and removed them, but the rest looks clean.


    However, I'd like to know what is stored in this folder: C:\temp. It might very well be clean, but this folder doesn't exist on a normal installation of Windows, so it's a little suspect.


    Also, this folder: C:\WINDOWS\Internet Logs\ doesn't exist (at least, not on my computer), and it seems to be full of TMP files. To be sure that it's not actually a virus colony in there, I'd suggest to move all those file somewhere safe (maybe in an archive). If the files are clean, then nothing should go wrong since they are TMP files. In a few days, if nothing goes wrong, delete them for good.


    If your problems stop only after you move these files somewhere else, please submit them for analysis.


    Cris.


    P.S.: Sorry for the late reply.

  • therjw
    therjw

    k thanks for the help. I just reinstalled ZA and it found and removed the following trojan/worm


    P2P-Worm.Win32.Logpole.c


    in C:\temp was a patch for one of my games I deleted it now and i deleted the files in C:\WINDOWS\Internet Logs\ but I think they belong to ZA as it remade some of them and there were ZA logfiles in there

All Time Leaders

Categories

Defenders of the month