Help needeed (possible virus) post - hijackthis log

Status
Not open for further replies.
M

Mali_Mate

Solid State Member
Messages
13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:12, on 13.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\DOCUME~1\Matan\LOCALS~1\Temp\6283.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Codec Guide: K-Lite Codec Pack and other useful stuff
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\DegCs.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Matan\LOCALS~1\Temp\6283.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DegCs Controler - Unknown owner - C:\WINDOWS\system32\drivers\DegCs.exe (file missing)
O23 - Service: DrsCh Controler - Unknown owner - C:\WINDOWS\system32\drivers\DrsCh.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8146 bytes
 
ComboFix 09-06-13.01 - Matan 13.06.2009 20:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1486 [GMT 2:00]
Running from: c:\documents and settings\Matan\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Helper
c:\program files\Video Add-on
c:\recycled\Recycled
c:\restore\k-1-3542-4232123213-7676767-8888886
c:\system\FOLDER
c:\windows\system\_sv_CMD_
c:\documents and settings\Matan\Application Data\wiaserva.log
c:\documents and settings\Matan\Local Settings\Temporary Internet Files\101.gif
c:\documents and settings\Matan\Local Settings\Temporary Internet Files\102.gif
c:\documents and settings\Matan\Local Settings\Temporary Internet Files\103.gif
c:\documents and settings\Matan\Local Settings\Temporary Internet Files\104.gif
c:\documents and settings\Matan\Local Settings\Temporary Internet Files\105.gif
c:\documents and settings\Matan\Local Settings\Temporary Internet Files\106.gif
C:\install.exe
c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini
c:\system\FOLDER\Desktop.ini
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\drivers\ip_fw.sys
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPFW
-------\Legacy_IP_FW
-------\Legacy_WIN32X
-------\Service_glaide32
-------\Service_ip_fw
-------\Service_win32x


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 18:08 . 2009-06-13 18:08 -------- d-----w- c:\program files\Trend Micro
2009-06-13 16:22 . 2009-06-13 16:22 -------- d-----w- C:\bekap
2009-06-13 16:04 . 2008-03-09 05:25 236 ---ha-w- c:\program files\Common Files\dx.reg
2009-06-13 16:04 . 2008-05-04 15:42 789525 ----a-w- c:\windows\system32\rpcrt4new.dll
2009-06-13 16:04 . 2008-04-22 20:20 1584149 ----a-w- c:\windows\system32\setupapinew.dll
2009-06-13 16:04 . 2007-04-18 00:13 25037 ----a-w- c:\windows\system32\Nucleus.dll
2009-06-13 16:04 . 2006-11-02 10:47 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
2009-06-13 16:04 . 2004-12-08 15:57 376832 ----a-w- c:\windows\system32\M2000Twn.dll
2009-06-13 16:04 . 2008-04-12 16:13 1029126 ----a-w- c:\windows\system32\d3d10.dll
2009-06-13 16:04 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2009-06-13 15:16 . 2009-06-13 15:16 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\DOSBox
2009-06-13 15:15 . 2009-06-13 15:34 -------- d-----w- c:\program files\DOSBox-0.73
2009-06-13 14:21 . 2009-06-13 14:21 -------- d-----w- c:\program files\THQ
2009-06-11 12:12 . 2009-06-11 18:48 -------- d-----w- c:\program files\The KMPlayer
2009-06-08 14:44 . 2009-06-08 14:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard
2009-06-08 13:45 . 2009-06-08 14:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-08 13:44 . 2009-06-10 11:34 -------- d-----w- c:\program files\World of Warcraft
2009-06-05 23:49 . 2009-06-05 23:49 -------- d-----w- c:\program files\MSXML 6.0
2009-06-05 23:36 . 2009-06-05 23:37 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\ApplicationHistory
2009-06-05 19:23 . 2009-06-05 19:23 -------- d-----w- c:\program files\MSXML 4.0
2009-06-05 09:46 . 2009-06-05 10:02 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-05 09:44 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-05 09:44 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-05 09:44 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-05 09:44 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-05 09:44 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-04 15:24 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-04 15:24 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-03 22:44 . 2009-06-13 18:29 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-03 22:37 . 2009-06-03 22:37 -------- d-----w- c:\windows\system32\logs
2009-06-03 22:37 . 2009-06-03 22:37 -------- d-----w- c:\documents and settings\Matan\Application Data\BitDefender
2009-06-03 22:37 . 2009-06-03 22:37 -------- d-----w- C:\Binaries
2009-06-03 22:37 . 2009-06-13 16:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2009-06-03 22:37 . 2009-06-03 22:37 -------- d-----w- c:\program files\BitDefender
2009-06-03 22:35 . 2009-06-03 22:35 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-03 22:34 . 2009-06-03 22:37 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-03 22:11 . 2004-09-01 08:00 2944 ----a-w- c:\windows\system32\drivers\null.sys
2009-06-03 22:10 . 2004-09-01 08:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\documents and settings\Matan\Application Data\teamspeak2
2009-06-03 21:56 . 2009-06-03 21:56 -------- d-----w- c:\program files\AVG
2009-06-03 16:50 . 2009-06-03 16:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-06-03 16:50 . 2009-06-04 14:39 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\Adobe
2009-06-03 10:33 . 2009-06-03 10:33 -------- d-----w- c:\windows\Empire Total War
2009-06-02 16:28 . 2009-06-02 16:28 -------- d-----w- c:\program files\DIFX
2009-06-02 16:28 . 2006-07-01 20:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-06-02 16:23 . 2009-06-02 16:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2009-06-02 16:21 . 2009-06-02 16:24 -------- d-----w- c:\program files\ATI
2009-06-02 16:18 . 2006-08-01 13:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-06-02 16:18 . 2008-09-24 08:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2009-06-02 16:18 . 2009-06-02 16:18 -------- d-----w- c:\program files\Realtek AC97
2009-06-02 16:18 . 2006-12-08 13:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-06-02 16:18 . 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
2009-06-02 16:18 . 2006-10-18 00:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-06-02 16:18 . 2006-07-31 09:27 217088 ----a-w- c:\windows\Alcrmv.exe
2009-06-02 16:18 . 2006-07-31 09:19 315392 ----a-w- c:\windows\alcupd.exe
2009-06-02 16:17 . 2004-03-10 11:42 12953 ------w- c:\windows\system32\drivers\itchfltr.sys
2009-06-02 16:09 . 2009-06-02 16:09 -------- d-----w- c:\windows\Drivers
2009-06-02 16:09 . 2005-07-15 13:02 56960 ----a-w- c:\windows\system32\drivers\ousb2hub.sys
2009-06-02 16:09 . 2005-07-15 13:02 45696 ----a-w- c:\windows\system32\drivers\ousbehci.sys
2009-06-02 16:04 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-06-02 16:04 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-02 16:04 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-06-02 16:04 . 2009-06-02 16:05 -------- d-----w- c:\program files\Driver Magician
2009-06-02 15:49 . 2009-06-02 15:49 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-02 15:49 . 2009-06-02 15:49 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\Downloaded Installations
2009-06-02 15:46 . 2009-06-02 15:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2009-06-02 00:56 . 2009-06-02 00:56 -------- d-----w- c:\documents and settings\Matan\Application Data\hott notes 4
2009-06-02 00:56 . 2009-06-02 00:56 -------- d-----w- c:\program files\hott notes 4
2009-06-02 00:55 . 2009-06-02 00:55 -------- d-----w- c:\program files\MoRUN.net
2009-05-28 13:51 . 2009-05-28 13:51 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\Thunderbird
2009-05-28 13:51 . 2009-05-28 13:51 -------- d-----w- c:\documents and settings\Matan\Application Data\Thunderbird
2009-05-28 13:50 . 2009-06-13 17:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-28 13:05 . 2009-05-28 13:05 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\Gas Powered Games
2009-05-28 10:55 . 2009-06-13 15:12 -------- d-----w- C:\Downloads
2009-05-27 15:21 . 2009-05-27 15:21 -------- d-----w- c:\program files\Common Files\NVIDIA Shared
2009-05-27 15:21 . 2004-05-20 08:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-05-26 16:34 . 2009-05-26 16:34 -------- d-----w- c:\documents and settings\Matan\Application Data\Free Photo Converter
2009-05-26 16:34 . 2009-05-26 16:34 -------- d-----w- c:\program files\PixelApp Studio
2009-05-26 15:54 . 2009-06-13 18:26 -------- d-sh--r- C:\SYSTEM
2009-05-25 10:47 . 2009-05-25 10:47 -------- d-----w- c:\documents and settings\Matan\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
2009-05-25 10:46 . 2009-05-25 10:46 38208 ----a-w- c:\documents and settings\Matan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-25 10:46 . 2009-05-25 10:46 -------- d-----w- c:\documents and settings\Matan\Application Data\dota_allstars
2009-05-25 10:46 . 2009-05-25 10:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-25 10:46 . 2009-05-25 10:46 -------- d-----w- C:\Games
2009-05-24 20:53 . 2009-05-24 20:54 1878984 ----a-w- c:\documents and settings\Matan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-24 20:49 . 2009-06-13 18:30 -------- d-----w- c:\program files\FlashGet
2009-05-24 20:43 . 2004-09-01 08:00 25600 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-24 20:38 . 2009-05-24 20:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2009-05-24 20:37 . 2009-05-24 20:37 -------- d-----w- c:\program files\SoulseekNS
2009-05-24 19:47 . 2009-05-24 19:47 -------- d-----w- c:\documents and settings\Matan\Local Settings\Application Data\ESET
2009-05-24 19:46 . 2009-05-24 19:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2009-05-24 19:44 . 2009-05-24 19:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-24 19:44 . 2009-06-13 15:11 -------- d-----w- c:\documents and settings\Matan\Application Data\skypePM
2009-05-24 19:43 . 2009-06-03 22:07 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-05-24 19:42 . 2009-06-13 18:31 -------- d-----w- c:\documents and settings\Matan\Application Data\Skype
2009-05-24 19:42 . 2009-05-24 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-05-24 17:11 . 2009-06-10 21:43 -------- d-----w- c:\program files\Garena
2009-05-24 16:13 . 2009-05-24 16:13 -------- d-----w- c:\temp\MTGOInstall
2009-05-24 16:10 . 2009-05-24 16:15 -------- d-----w- c:\documents and settings\Matan\Application Data\Wizards of the Coast
2009-05-24 16:09 . 2009-05-24 16:09 -------- d-----w- c:\program files\Wizards of the Coast
2009-05-24 16:09 . 2009-05-24 16:09 -------- d-----w- c:\documents and settings\Matan\Application Data\InstallShield
2009-05-15 08:29 . 2009-05-15 08:33 -------- d-----w- C:\HELLRAISER_DEADER
2009-05-15 08:06 . 2009-05-15 08:06 -------- d-----w- C:\EXCALIBUR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 00:19 . 2008-12-19 17:07 -------- d-----w- c:\program files\Warcraft III
2009-06-07 15:22 . 2007-09-10 20:50 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-07 15:19 . 2009-03-10 09:59 -------- d-----w- c:\documents and settings\Matan\Application Data\dvdcss
2009-06-07 15:00 . 2007-06-25 13:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 15:22 . 2008-11-01 13:45 90352 ----a-w- c:\documents and settings\Matan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 14:37 . 2008-02-18 13:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 23:57 . 2008-03-22 20:10 -------- d-----w- c:\program files\DVD-RB PRO
2009-06-03 11:25 . 2009-06-03 11:25 -------- d-----w- c:\documents and settings\Matan\Application Data\The Creative Assembly
2009-06-02 16:21 . 2007-06-25 13:28 -------- d-----w- c:\program files\ATI Technologies
2009-06-02 16:17 . 2009-06-02 16:10 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-02 16:17 . 2009-06-02 16:10 -------- d-----w- c:\program files\Logitech
2009-05-28 11:50 . 2007-07-18 13:08 -------- d-----w- c:\program files\CDisplay
2009-05-27 15:21 . 2008-11-01 12:20 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-27 15:12 . 2007-06-25 13:38 -------- d-----w- c:\program files\AvRack
2009-05-27 11:17 . 2009-05-27 11:10 -------- d-----w- c:\documents and settings\Matan\Application Data\Winamp
2009-05-27 11:11 . 2009-05-27 11:10 -------- d-----w- c:\program files\Winamp
2009-05-25 10:54 . 2008-12-19 17:09 99232 ----a-w- c:\windows\War3Unin.dat
2009-05-24 20:39 . 2007-06-25 21:41 -------- d-----w- c:\program files\eMule
2009-05-24 19:46 . 2008-01-26 15:36 -------- d-----w- c:\program files\ESET
2009-05-24 19:42 . 2007-06-25 22:14 -------- d-----w- c:\program files\Common Files\Skype
2009-05-24 19:42 . 2007-06-25 22:13 -------- d-----r- c:\program files\Skype
2009-03-23 11:48 . 2009-03-23 11:48 0 ----a-w- c:\windows\nsreg.dat
2009-03-05 16:08 . 2009-06-03 22:41 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
 
------- Sigcheck -------

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
[-] 2004-09-01 08:00 215552 A77219A971029DC2FB683E8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-01 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-01 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-01 455168]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Logitech Utility"="LOGI_MWX.EXE" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]

c:\documents and settings\Matan\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-16 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5447:TCP"= 5447:TCP:WWW
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [6.10.2008 18:16 82696]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2.6.2009 18:09 45696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18.9.2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12.2.2009 16:52 104328]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2.6.2009 18:10 14095]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2.6.2009 18:09 56960]
S2 czeocs;czeocs;c:\windows\system32\svchost.exe -k netsvcs [1.9.2004 10:00 14336]
S2 DegCs Controler;DegCs Controler;"c:\windows\system32\drivers\DegCs.exe" --> c:\windows\system32\drivers\DegCs.exe [?]
S2 DrsCh Controler;DrsCh Controler;"c:\windows\system32\drivers\DrsCh.exe" --> c:\windows\system32\drivers\DrsCh.exe [?]
S2 tgqsvcvgq;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [1.9.2004 10:00 14336]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20.1.2009 19:16 172032]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\Matan\LOCALS~1\Temp\SOJ157.tmp [10.6.2009 23:43 18704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
czeocs
tgqsvcvgq

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-24KC2A323342}]
c:\system\FOLDER\AmdSys.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-13 20:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Matan\LOCALS~1\Temp\SOJ157.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tgqsvcvgq]
"ServiceDll"="c:\windows\system32\znourotu.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2096)
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\msi.dll
c:\program files\Logitech\iTouch\kbdhook.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CF14048.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-06-13 20:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 18:34

Pre-Run: 20.071.043.072 bytes free
Post-Run: 20.115.447.808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

324 --- E O F --- 2009-06-07 01:07
 
Malwarebytes' Anti-Malware 1.37
Database version: 2272
Windows 5.1.2600 Service Pack 2

13.6.2009 21:05:19
mbam-log-2009-06-13 (21-05-19).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 182637
Time elapsed: 26 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\VirusProtect 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.

Files Infected:
c:\system volume information\_restore{279b47d1-d1a9-46ea-9ab0-a392d36ed249}\RP186\A0037307.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5bc3a8c-8cab-4803-8a46-33a03a15a88d}\RP21\A0018558.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\program files\virusprotect 3.9\vpp.ini (Rogue.VirusProtect) -> Quarantined and deleted successfully.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:11, on 13.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Codec Guide: K-Lite Codec Pack and other useful stuff
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DegCs Controler - Unknown owner - C:\WINDOWS\system32\drivers\DegCs.exe (file missing)
O23 - Service: DrsCh Controler - Unknown owner - C:\WINDOWS\system32\drivers\DrsCh.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 7932 bytes
 
Remove

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O23 - Service: DegCs Controler - Unknown owner - C:\WINDOWS\system32\drivers\DegCs.exe (file missing)

O23 - Service: DrsCh Controler - Unknown owner - C:\WINDOWS\system32\drivers\DrsCh.exe (file missing)

So are you still having the same issues?
 
Sill have it...

Maybe it's some kind of hardware malfunction though I doubt it. If I set some kind of lower resolution everything works just fine...
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom