Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection > HijackThis Logs (finished) » 2nd HijackThis Log File
 
Page 2 of 4 1 2 34
LinkBack Thread Tools Display Modes
 
Old 03-05-2008, 09:01 AM   #11 (permalink)
 
Banned

Join Date: Feb 2008

Posts: 5

techwiz249 is on a distinguished road
Default Re: 2nd HijackThis Log File
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply
--------------------------------------------

Please visit this webpage for download links, and instructions for running the tool ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we
can continue to do any further cleaning that your system may require.
techwiz249 is offline  
Old 03-05-2008, 09:03 AM   #12 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,098

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: 2nd HijackThis Log File
ok......
__________________
Osiris is offline  
Old 03-05-2008, 10:12 AM   #13 (permalink)
 
True Techie

Join Date: Feb 2008

Posts: 226

xXxexpertxXx is on a distinguished road
Default Re: 2nd HijackThis Log File
Deckard's System Scanner v20071014.68
Run by Expert on 2008-03-05 10:01:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-03-05 08:22:58 UTC - RP176 - Windows Update
6: 2008-03-05 00:32:06 UTC - RP175 - Installed ESET Smart Security
5: 2008-03-05 00:24:28 UTC - RP174 - Installed ESET Smart Security
4: 2008-03-04 23:53:23 UTC - RP173 - Removed ESET Smart Security
3: 2008-03-04 01:22:53 UTC - RP172 - Installed Steam


-- First Restore Point --
1: 2008-03-03 15:11:39 UTC - RP170 - Removed Bonjour


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 4092 MiB (1024 MiB recommended).


-- HijackThis (run as Expert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:20 AM, on 3/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Expert\Desktop\Calvin\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Expert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Internet Explorer: Get It Now
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/wind...?1196994773239
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197031309062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROG RA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5531 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 ndiscm (Motorola SURFboard USB Cable Modem Windows Driver) - c:\windows\system32\drivers\netmotcm.sys <Not Verified; Motorola Inc.; Motorola USB Cable Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 Routing (Routing Service) - c:\windows\system32\routing.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S4 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 LMIMaint (LogMeIn Maintenance Service) -
S4 LogMeIn -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-04 10:46:03 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{262FEB7A-527A-468A-85E1-99B5FA433CF6}.job
2008-02-20 21:47:01 414 --a------ C:\Windows\Tasks\At1.job


Continued Below....
xXxexpertxXx is offline  
Old 03-05-2008, 10:13 AM   #14 (permalink)
 
True Techie

Join Date: Feb 2008

Posts: 226

xXxexpertxXx is on a distinguished road
Default Re: 2nd HijackThis Log File
....Continued from above


-- Files created between 2008-02-05 and 2008-03-05 -----------------------------

2008-03-05 10:06:00 0 d-------- C:\Program Files\Trend Micro
2008-03-04 19:35:27 352 --ah----- C:\Windows\nod32fixtemdono.reg
2008-03-03 20:34:42 0 d-------- C:\Users\Expert\temp
2008-03-03 20:24:16 0 d-------- C:\Program Files\Common Files\Steam
2008-03-03 20:24:12 0 d-------- C:\Program Files\Steam
2008-03-03 14:37:09 0 d-------- C:\Program Files\backups
2008-03-03 12:04:57 0 d-------- C:\Users\All Users\Malwarebytes
2008-02-25 18:52:48 0 d-------- C:\Program Files\Ventrilo
2008-02-24 12:33:57 0 d-------- C:\Program Files\WarRock
2008-02-24 11:27:21 0 d-------- C:\Users\All Users\InstallShield
2008-02-23 12:16:18 0 d-------- C:\Program Files\CCleaner
2008-02-23 11:47:20 135473184 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-02-23 10:42:47 91492 --a------ C:\Windows\system32\drivers\klin.dat
2008-02-23 10:42:47 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-02-22 22:55:32 0 d-------- C:\c46bbcf4673eca1b725ec7b363
2008-02-21 17:09:56 0 d-------- C:\Users\All Users\Apple Computer
2008-02-21 17:09:10 0 d-------- C:\Program Files\Apple Software Update
2008-02-21 17:07:59 0 d-------- C:\Program Files\Common Files\Apple
2008-02-21 17:07:58 0 d-------- C:\Users\All Users\Apple
2008-02-20 23:32:36 0 d-------- C:\Programas
2008-02-20 23:18:21 0 d-------- C:\Users\All Users\ESET
2008-02-20 21:13:38 68096 --a------ C:\Windows\system32\zip.exe
2008-02-20 21:13:38 98816 --a------ C:\Windows\system32\sed.exe
2008-02-20 21:13:38 80412 --a------ C:\Windows\system32\grep.exe
2008-02-20 21:13:38 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-20 00:01:59 0 d-a------ C:\Users\All Users\TEMP
2008-02-19 23:30:24 0 d-------- C:\VundoFix Backups
2008-02-19 23:30:16 696 --a------ C:\Windows\system32\tmp.reg
2008-02-19 23:23:20 0 d-------- C:\Users\All Users\Simply Super Software
2008-02-19 23:02:50 85504 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-19 22:47:13 0 d-------- C:\Program Files\Yahoo!
2008-02-19 22:43:33 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-02-19 22:43:33 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-19 22:43:33 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-19 22:43:33 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-19 22:43:33 77824 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-19 22:43:33 51200 --a------ C:\Windows\system32\dumphive.exe
2008-02-18 17:45:19 0 d-------- C:\GTK
2008-02-18 00:22:29 0 d-------- C:\Program Files\VentSrv
2008-02-17 23:00:41 0 d-------- C:\Users\Expert\.unlimitedftp
2008-02-10 10:29:36 0 d-------- C:\Program Files\GTASAConsole
2008-02-09 18:57:52 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-02-09 17:23:55 0 d-------- C:\Users\All Users\Grisoft
2008-02-08 23:15:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-08 18:22:42 0 d-------- C:\AVG
2008-02-07 23:03:19 40 --a------ C:\Windows\system32\drmgs.sys


-- Find3M Report ---------------------------------------------------------------

2008-03-04 07:22:36 0 d--h----- C:\Users\Expert\AppData\Roaming\drivers4
2008-03-03 20:37:05 0 d-------- C:\Users\Expert\AppData\Roaming\TeamViewer
2008-03-03 20:24:16 0 d-------- C:\Program Files\Common Files
2008-03-03 13:40:45 0 d-------- C:\Users\Expert\AppData\Roaming\Xfire
2008-03-03 12:05:04 0 d-------- C:\Users\Expert\AppData\Roaming\Malwarebytes
2008-02-25 18:52:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 18:35:29 0 d-------- C:\Program Files\Xfire
2008-02-25 14:23:02 127426 --a------ C:\Users\Expert\AppData\Roaming\czr8lry.exe
2008-02-24 12:33:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 00:38:33 0 d-------- C:\Users\Expert\AppData\Roaming\InstallShield
2008-02-23 14:53:38 0 d-------- C:\Program Files\EA GAMES
2008-02-23 01:40:13 0 d-------- C:\Users\Expert\AppData\Roaming\Ventrilo
2008-02-21 19:36:57 0 d-------- C:\Program Files\Winamp
2008-02-21 17:32:42 0 d-------- C:\Users\Expert\AppData\Roaming\Opera
2008-02-21 17:12:12 0 d-------- C:\Users\Expert\AppData\Roaming\Apple Computer
2008-02-20 23:27:03 0 d-------- C:\Users\Expert\AppData\Roaming\ESET
2008-02-19 16:16:57 0 d-------- C:\Users\Expert\AppData\Roaming\SystemRequirements Lab
2008-02-17 16:22:26 0 d-------- C:\Program Files\Microsoft Games
2008-02-16 16:25:03 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-02-16 16:10:23 0 d-------- C:\Program Files\VideoLAN
2008-02-16 15:40:31 0 d-------- C:\Users\Expert\AppData\Roaming\GlobalSCAPE
2008-02-16 15:15:50 0 d-------- C:\Users\Expert\AppData\Roaming\teamspeak2
2008-02-11 16:36:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 23:42:15 0 d-------- C:\Users\Expert\AppData\Roaming\Screaming Bee
2008-02-09 17:37:39 0 d-------- C:\Users\Expert\AppData\Roaming\Adobe
2008-02-07 10:07:48 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-02-04 16:35:23 0 d-------- C:\Program Files\Electronic Arts
2008-02-04 16:09:38 0 d-------- C:\Users\Expert\AppData\Roaming\Atari
2008-02-03 11:18:28 0 d-------- C:\Users\Expert\AppData\Roaming\Winamp
2008-02-02 12:46:12 0 d-------- C:\Program Files\Grand Theft Auto
2008-02-02 12:17:13 0 d-------- C:\Program Files\Asprate
2008-01-27 10:46:51 0 d-------- C:\Program Files\Microsoft Works
2008-01-27 10:46:03 0 d-------- C:\Program Files\MSBuild
2008-01-27 10:36:32 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-26 19:43:16 25575 --a------ C:\Users\Expert\AppData\Roaming\UserTile.png
2008-01-26 19:43:14 0 d-------- C:\Users\Expert\AppData\Roaming\PeerNetworking
2008-01-25 23:14:01 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 23:06:09 0 d-------- C:\Program Files\Windows Live
2008-01-24 23:46:58 174 --ahs---- C:\Program Files\desktop.ini
2008-01-24 23:44:25 0 d-------- C:\Program Files\Windows Calendar
2008-01-24 23:44:24 0 d-------- C:\Program Files\Windows Mail
2008-01-24 23:44:23 0 d-------- C:\Program Files\Windows Defender
2008-01-24 23:41:55 24194 ---h----- C:\Users\Expert\AppData\Roaming\addon.dat
2008-01-24 23:11:39 0 d-------- C:\Program Files\Windows Sidebar
2008-01-24 22:39:33 22668 --a------ C:\Windows\system32\emptyregdb.dat
2008-01-24 22:29:05 0 d-------- C:\Users\Expert\AppData\Roaming\Xfire Plus
2008-01-24 22:29:02 0 d-------- C:\Users\Expert\AppData\Roaming\Sun
2008-01-24 22:29:02 0 d-------- C:\Users\Expert\AppData\Roaming\SmartFTP
2008-01-24 22:29:02 0 dr-h----- C:\Users\Expert\AppData\Roaming\SecuROM
2008-01-24 22:29:02 0 d-------- C:\Users\Expert\AppData\Roaming\NCH Swift Sound
2008-01-24 22:29:01 0 d-------- C:\Users\Expert\AppData\Roaming\Mozilla
2008-01-24 22:28:57 0 d-------- C:\Users\Expert\AppData\Roaming\Macromedia
2008-01-24 22:28:57 0 d-------- C:\Users\Expert\AppData\Roaming\Leadertech
2008-01-24 22:28:57 0 d-------- C:\Users\Expert\AppData\Roaming\Identities
2008-01-24 22:28:57 0 d-------- C:\Users\Expert\AppData\Roaming\Google
2008-01-24 22:28:53 0 d-------- C:\Users\Expert\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-01-24 22:28:24 0 d-------- C:\Users\Expert\AppData\Roaming\ATI
2008-01-24 22:22:00 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-24 22:21:58 0 d-------- C:\Program Files\Winamp Remote
2008-01-24 22:21:37 0 d-------- C:\Program Files\VIAudioi
2008-01-24 22:21:36 0 d-------- C:\Program Files\VIA
2008-01-24 22:21:33 0 d-------- C:\Program Files\TheWeatherNetwork
2008-01-24 22:21:29 0 d-------- C:\Program Files\Silkroad
2008-01-24 22:21:26 0 d-------- C:\Program Files\PowerISO
2008-01-24 22:21:25 0 d-------- C:\Program Files\MSXML 6.0
2008-01-24 22:21:25 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-24 22:21:21 0 d-------- C:\Program Files\Microsoft.NET
2008-01-24 22:10:36 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-24 22:10:35 0 d-------- C:\Program Files\Logitech
2008-01-24 22:10:26 0 d-------- C:\Program Files\Java
2008-01-24 22:10:09 0 d-------- C:\Program Files\Google
2008-01-24 22:10:08 0 d-------- C:\Program Files\FinalAlert 2 Yuri's Revenge
2008-01-24 22:08:21 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-24 22:08:21 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-24 22:08:16 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-24 22:08:16 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-24 22:08:16 0 d-------- C:\Program Files\Common Files\Java
2008-01-24 22:08:15 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-24 22:00:51 0 d-------- C:\Program Files\ATI Technologies
2008-01-24 21:55:30 0 d-------- C:\Program Files\Ares
2008-01-24 21:55:29 0 d-------- C:\Program Files\AGEIA Technologies
2008-01-22 19:50:34 4096 --a------ C:\Windows\system32\crash
2008-01-03 03:35:09 3314 --a------ C:\Windows\system32\adobeupdate
2007-12-30 13:21:01 1324 --a------ C:\Windows\system32\d3d9caps.dat
2007-12-30 13:20:59 1100 --a------ C:\Windows\system32\d3d8caps.dat
2007-12-20 22:12:50 1749 --a------ C:\Windows\mozver.dat
2007-12-08 11:29:28 0 --a------ C:\Windows\nsreg.dat
2007-12-06 21:15:45 0 -rahs---- C:\MSDOS.SYS
2007-12-06 21:15:45 0 -rahs---- C:\IO.SYS
2007-12-05 14:17:00 593920 --a------ C:\Windows\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WxEx"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 04:45 AM]
"RegistryMechanic"="" []
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:34 AM]
"Steam"="c:\program files\steam\steam.exe" [03/03/2008 08:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3h ook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dl l,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"ATI Smart"=2 (0x2)
"idsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
WudfServiceGroup WUDFSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-05 10:08:36 ------------
xXxexpertxXx is offline  
Old 03-05-2008, 10:18 AM   #15 (permalink)
 
True Techie

Join Date: Feb 2008

Posts: 226

xXxexpertxXx is on a distinguished road
Default Re: 2nd HijackThis Log File
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM) 2 Extreme QX6700 3.66GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 4092.94 MiB / 3454.8 MiB
Pagefile Memory (total/avail): 2297.46 MiB / 1517.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 911.78 GiB total, 837.79 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00REA0 ATA Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ESET Personal firewall v3.0.621.0 (ESET, spol. s r. o.) Disabled
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled
AS: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Expert\\Local Settings\\Temp\\nsj48.tmp\\utorrent.exe"="C:\\User s\\Expert\\Local Settings\\Temp\\nsj48.tmp\\utorrent.exe:*:Enabled: µTorrent"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Expert\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CALVIN
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GTKMM_BASEPATH=C:\GTK
GTK_BASEPATH=C:\GTK
HOMEDRIVE=C:
HOMEPATH=\Users\Expert
LOCALAPPDATA=C:\Users\Expert\AppData\Local
LOGONSERVER=\\CALVIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\sys tem32\wbem;C:\GTK\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Expert\AppData\Local\Temp
TMP=C:\Users\Expert\AppData\Local\Temp
USERDOMAIN=CALVIN
USERNAME=Expert
USERPROFILE=C:\Users\Expert
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Expert
Mom & Dad


-- Add/Remove Programs ---------------------------------------------------------

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
AGEIA PhysX v2.5.0 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Birth Of America --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2930
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Commandos 3: Destination Berlin --> "C:\Program Files\Steam\steam.exe" steam://uninstall/6840
Dark Messiah Might and Magic Single Player --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2100
Dawn of War Gold: Winter Assault --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9310
Disciples II Rise of the Elves --> "C:\Program Files\Steam\steam.exe" steam://uninstall/1630
ESET Smart Security --> MsiExec.exe /I{A1350B64-1AF8-497B-AC07-307DF67FB8D4}
FinalAlert 2 Yuri's Revenge --> C:\Program Files\FinalAlert 2 Yuri's Revenge\SMUninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA San Andreas Admin Console Release 1.8.2 --> C:\PROGRA~1\GTASAC~1\UNWISE.EXE C:\PROGRA~1\GTASAC~1\INSTALL.LOG
Gtk+ Runtime Environment 2.10.11-1 --> C:\GTK\uninst.exe
gtkmm Runtime Environment 2.10 --> C:\GTK\gtkmm-uninst.exe
Hotfix for Microsoft .NET Framework 3.0 (KB932471) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kane and Lynch: Dead Men --> "C:\Program Files\Steam\steam.exe" steam://uninstall/8080
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Max Payne 2: The Fall of Max Payne --> "C:\Program Files\Steam\steam.exe" steam://uninstall/12150
Messaging API and Collaboration Data Objects 1.2.1 --> MsiExec.exe /X{5A8751A2-684E-4D42-846C-3A58CE36C1F9}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upda tes\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upda tes\M929729\M929729Uninstall.msp"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 1 --> c:\WINDOWS\system32\msiexec.exe /qb /l*vx "C:\Users\Expert\LOCALS~1\Temp\FlightSimPatchUnins tall.log" /uninstall {A868297C-C0ED-4B97-8D88-B582D7F6EA04} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 2 --> MsiExec.exe /X{4847BBB9-EADD-4C92-90BF-4223B0892FF6}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
Quake --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2310
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Silkroad --> C:\Program Files\Silkroad\Remove.Exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009
Weather Exchange --> MsiExec.exe /X{B955D26E-5E9F-43D4-BCAC-EC0E6223E8C4}
WeatherEye --> "C:\Program Files\TheWeatherNetwork\WeatherEye\MMTWNLiveUpdate .exe" /language ENGLISH /uninstall HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\WeatherEye,HKEY_CURRENT_USER\Softwar e\MMTWN\WeatherEye
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log
xXxexpertxXx is offline  
Old 03-05-2008, 10:18 AM   #16 (permalink)
 
True Techie

Join Date: Feb 2008

Posts: 226

xXxexpertxXx is on a distinguished road
Default Re: 2nd HijackThis Log File
-------------------------------------------------------

Event Record #/Type12111 / Success
Event Submitted/Written: 03/04/2008 11:20:23 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12100 / Success
Event Submitted/Written: 03/04/2008 10:43:18 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully

Event Record #/Type12099 / Success
Event Submitted/Written: 03/04/2008 10:43:16 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Windows Management Instrumentation Service started sucessfully

Event Record #/Type12095 / Success
Event Submitted/Written: 03/04/2008 10:42:37 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type12072 / Success
Event Submitted/Written: 03/04/2008 07:39:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32337 / Error
Event Submitted/Written: 03/05/2008 09:33:07 AM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type

Event Record #/Type32336 / Error
Event Submitted/Written: 03/05/2008 09:30:55 AM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type

Event Record #/Type32335 / Error
Event Submitted/Written: 03/05/2008 09:18:36 AM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type

Event Record #/Type32334 / Error
Event Submitted/Written: 03/05/2008 09:15:08 AM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type

Event Record #/Type32333 / Error
Event Submitted/Written: 03/05/2008 09:00:48 AM
Event ID/Source: 12294 / atikmdag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-03-05 10:08:36 ------------
xXxexpertxXx is offline  
Old 03-05-2008, 10:20 AM   #17 (permalink)
 
True Techie

Join Date: Feb 2008

Posts: 226

xXxexpertxXx is on a distinguished road
Default Re: 2nd HijackThis Log File
FW: ESET Personal firewall v3.0.621.0 (ESET, spol. s r. o.) Disabled
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled
AS: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled


I removed Kaspersky like days ago! i even deleted the folder and stuff! same with AVG why is this crap still showing?
xXxexpertxXx is offline  
Old 03-05-2008, 08:34 PM   #18 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,098

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: 2nd HijackThis Log File
can you remove this entry

O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe (file missing)
__________________
Osiris is offline  
Old 03-07-2008, 08:08 AM   #19 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,098

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: 2nd HijackThis Log File
?????????
__________________
Osiris is offline  
Old 03-07-2008, 08:02 PM   #20 (permalink)
 
True Techie

Join Date: Feb 2008

Posts: 226

xXxexpertxXx is on a distinguished road
Default Re: 2nd HijackThis Log File
Nope, still there.
xXxexpertxXx is offline  
 
 
Page 2 of 4 1 2 34

« my Hijackthis log, a virus keeps closing programs | HJT log »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
WTF is a Bad Block? MikesCreation Hardware Troubleshooting 18 02-24-2008 09:31 PM
Hijackthis log jtemple HijackThis Logs (finished) 1 09-20-2007 08:49 AM
Another Hijack Log boo HijackThis Logs (finished) 17 06-26-2007 12:30 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 12:39 AM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered