TechTalkz.com Logo

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Computer Security
Reload this Page Help also can't access secuity websites
Register Forum Rules Getting Started! - Guide Blog Videos Gallery Members List Mark Forums Read

Notices

also can't access secuity websites

Computer Security


Reply
 
Thread Tools Display Modes
Old 22-08-2009, 04:30 AM   #1
Newbie
 
Join Date: Aug 2009
Posts: 3
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 politeruin is an unknown quantity at this point


OS: Windows XP


also can't access secuity websites
I'm at the end of my tether with this and noticed how many people have had the problem in that mammoth 71 page thread, which i have followed but to no avail.

My internet stopped working a couple of nights ago when i turned the computer on and i noticed the network icons took forever to load, i could connect to my router and ping websites from command but they refused to display in the browser and i could not update my AVG. Eventually uninstalled AVG which meant i could now access websites. So i then installed Avast! from my memory stick and discovered i could not access any antivirus websites and some others redirected me to some 'ezquestion' website. Very worrying. Also could not update spybot when i downloaded it from a mirror website. So i ran ComboFix without Windows Recovery Console as it would not let me download, but it did quarantine the following;

Code:
2009-08-21 18:55:35 . 2009-08-21 18:55:36              602 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AVG Anti-Spyware Guard.reg.dat
2009-08-21 18:55:35 . 2009-08-21 18:55:36              602 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AVG Anti-Spyware Driver.reg.dat
2009-08-21 18:51:39 . 2009-08-21 21:10:36              246 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_SfX.reg.dat
2009-08-21 18:51:39 . 2009-08-21 18:51:40            1,352 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2009-08-21 18:51:39 . 2009-08-21 18:51:40            1,326 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2009-08-21 18:51:34 . 2009-08-21 21:10:30           12,039 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-08-21 18:34:00 . 2009-08-21 21:09:00              621 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2009-08-18 17:12:58 . 2009-08-18 17:13:00                2 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\0101120101464949.xe.vir
2009-08-18 17:12:58 . 2009-08-18 17:13:00                2 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\010112010146120114.xe.vir
2008-10-19 23:53:08 . 2008-10-19 23:53:10           76,646 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\Autorun.ini.vir
2007-07-07 21:05:40 . 2007-07-07 21:05:42        4,669,952 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\Installer\fef88d.msi.vir
2007-03-10 13:52:42 . 2006-03-21 02:23:12           23,040 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
2007-03-10 09:35:17 . 2005-08-03 04:08:10           81,920 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2007-03-10 09:35:17 . 2005-08-03 04:18:46          233,472 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2007-03-10 09:35:17 . 2005-08-03 04:08:08           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir
2007-03-10 09:35:17 . 2006-01-23 11:41:42           53,299 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2007-03-10 09:35:17 . 2006-01-23 11:41:42           49,152 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\WinPCap\daemon_mgm.exe.vir
2007-03-10 09:35:17 . 2006-01-23 11:41:42           86,016 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\WinPCap\rpcapd.exe.vir
2007-03-10 09:35:17 . 2006-01-23 11:41:42           49,152 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\WinPCap\npf_mgm.exe.vir
2007-03-10 09:35:17 . 2005-08-03 04:10:14           32,512 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2000-02-18 10:21:52 . 2000-02-18 10:21:52            2,920 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Wphv07nb.ttf.vir
Rebooted but that did not work so i went into safemode, uninstalled Avast! and ran it again and was able to let it download the recovery console but this time it did not quarantine anything. Here is the log file;

Code:
ComboFix 09-08-20.07 - Rich 21/08/2009 22:09.5.2 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1420 [GMT 1:00]
Running from: c:\documents and settings\Rich\Desktop\Fix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX


(((((((((((((((((((((((((   Files Created from 2009-07-21 to 2009-08-21  )))))))))))))))))))))))))))))))
.

2009-08-21 19:23 . 2009-08-21 19:23    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2009-08-21 19:23 . 2009-08-21 19:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-21 16:36 . 2009-08-21 16:36    --------    d-----w-    c:\program files\Alwil Software
2009-08-20 20:57 . 2009-08-20 20:57    262144    ----a-w-    c:\windows\system32\default_user_class.dat
2009-08-20 16:29 . 2009-08-20 16:29    --------    d-----w-    c:\program files\Trend Micro
2009-08-20 01:08 . 2009-08-20 01:08    --------    d-----w-    c:\documents and settings\Rich\Application Data\Malwarebytes
2009-08-20 01:08 . 2009-08-03 12:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 01:08 . 2009-08-20 01:08    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-20 01:08 . 2009-08-20 01:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 01:08 . 2009-08-03 12:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-19 22:29 . 2009-08-19 22:29    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-08-19 21:12 . 2009-08-19 21:12    38016    ----a-w-    c:\windows\system32\drivers\DnsFilter.sys
2009-08-19 21:12 . 2009-08-19 21:12    --------    d-----w-    c:\program files\DDnsFilter
2009-08-12 00:10 . 2009-07-10 13:27    1315328    ------w-    c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01    204800    ------w-    c:\windows\system32\dllcache\mswebdvd.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 21:11 . 2006-10-12 13:34    12    ----a-w-    c:\windows\bthservsdp.dat
2009-08-05 09:01 . 2004-08-10 19:00    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 19:00    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-10 19:00    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2006-01-09 10:02    666624    ------w-    c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-10 19:00    81920    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 2004-08-10 19:00    730112    ----a-w-    c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 19:00    56832    ----a-w-    c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 19:00    54272    ----a-w-    c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 19:00    301568    ----a-w-    c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 19:00    147456    ----a-w-    c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 19:00    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 19:00    92928    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 19:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 19:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-10 19:00    80896    ----a-w-    c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 19:00    76288    ----a-w-    c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 19:00    84992    ----a-w-    c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 19:00    2066432    ----a-w-    c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 19:00    132096    ----a-w-    c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2005-06-28 17:55    1291264    ----a-w-    c:\windows\system32\quartz.dll
2007-03-10 12:17 . 2007-03-10 12:17    251    ----a-w-    c:\program files\wt3d.ini
2006-05-03 09:06 . 2007-10-09 22:50    163328    --sh--r-    c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-10-09 22:50    31232    --sh--r-    c:\windows\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"voip phone charger"="c:\program files\Acer\VoIP Phone Charger\voip phone charger.exe" [2006-01-10 32768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 14:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ShortKeys Lite.lnk - c:\progra~1\SHORTK~1\shklite.exe [2007-3-14 2041856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [10/08/2004 20:00 14336]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 22:12 38016]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12:20 1097728]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter    REG_MULTI_SZ       ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2008-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aceradvantage.com/stdreg
uInternet Connection Wizard,ShellNext = iexplore
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\pfa68px9.default\
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 22:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-219516526-48236062-3234393374-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,a8,bf,9e,25,e1,7a,9c,06,89,ea,1d,e4,f5,3b,ac,96,74,db,29,c7,2d,0c,
   6c,fb,1d,f6,88,7d,9a,4d,9d,ce,fe,81,45,fa,5e,4f,0b,10,d6,16,c4,9d,81,fe,20,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7020)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\progra~1\SHORTK~1\shkHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\program files\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\windows\SYSTEM32\BGSVCGEN.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\EHOME\EHSCHED.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\program files\UPHCLEAN\UPHCLEAN.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\LAUNCH MANAGER\LMANAGER.EXE
c:\windows\SYSTEM32\LVCOMSX.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\EHOME\EHMSAS.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\Rich\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-21 22:16 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-21 21:16
ComboFix2.txt  2009-08-21 20:42
ComboFix3.txt  2009-08-21 18:56

Pre-Run: 13,375,700,992 bytes free
Post-Run: 13,311,508,480 bytes free

250    --- E O F ---    2009-08-13 22:45
I then updated spybot search and destroy within safe mode and ran it but that did not find anything. I finally ran HijackThis;

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:09, on 21/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\SHORTK~1\shklite.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Rich\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [voip phone charger] "C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ShortKeys Lite.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10329 bytes

What the HELL is happening? In safe mode i can access the restricted websites and update things which i can't when in normal startup so something malicious is most certainly being loaded when windows starts, but what?
Last edited by politeruin; 22-08-2009 at 04:32 AM..
politeruin is offline   Reply With Quote
Old 23-08-2009, 06:55 AM   #2
Newbie
 
Join Date: Aug 2009
Posts: 3
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 politeruin is an unknown quantity at this point


OS: Windows XP


Re: also can't access secuity websites
I seem to have cured my system now, took me until 4.30am though. For anyone who has a similar problem then this thread on geeks to go really helped me out... I can't access any antivirus website and update [Solved]
politeruin is offline   Reply With Quote
Thanked Users:
Strider (23-08-2009)
Old 23-08-2009, 02:16 PM   #3
Founder
 
Strider's Avatar
 
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,539
Thanks: 287
Thanked 345 Times in 298 Posts
Rep Power: 62 Strider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just Great


OS: Windows XP Windows Server 2003 / Windows Server 2008 Windows Vista Windows 7 Linux


Re: also can't access secuity websites
Quote:
I seem to have cured my system now, took me until 4.30am though
Great.. Ensure that your windows is uptodate and a good Antivirus software is installed & updated regularly.
Strider is offline   Reply With Quote
Old 23-08-2009, 04:53 PM   #4
Newbie
 
Join Date: Aug 2009
Posts: 3
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 politeruin is an unknown quantity at this point


OS: Windows XP


Re: also can't access secuity websites
Yeah, i did and that's the most frustrating part. I've switched to avast now.

Anyway, if anyone happens to spot something in my latest hijack scan which should not be there then i would be most appreciative...

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:24, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ShortKeys2\shklite.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\DOCUME~1\Rich\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [voip phone charger] "C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ShortKeys Lite.lnk = C:\Program Files\ShortKeys2\shklite.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11206 bytes
politeruin is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode



< Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT +5.5. The time now is 08:56 PM.

Contact Us - TechTalkz.com Technology & Computer Troubleshooting Forums - Top

vBulletin, Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2009, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional