Hijackthis

Status
Not open for further replies.
Step1

1. Please open Notepad
  • Click Start, then Run
  • Type "notepad.exe" in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code: 
File::
C:\Users\Tyler\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\G405NZK2\Codec[1].exe
C:\Users\Tyler\Desktop\Music\britt nicole christian.wm
C:\Users\Tyler\Desktop\Music\christian new song.wm

Folder::
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25
3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Step2

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step3

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Step4

How is the system functioning lately? Is it going any faster, or is it still slow and 'quirky'?

Logs Required In Next Post
-------------------------------

ComboFix Log
Answer To Step 4
 
ComboFix 08-05-21.3 - Tyler 2008-05-22 21:12:38.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1091 [GMT -5:00]
Running from: C:\Users\Tyler\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tyler\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Tyler\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\G405NZK2\Codec[1].exe
C:\Users\Tyler\Desktop\Music\britt nicole christian.wm
C:\Users\Tyler\Desktop\Music\christian new song.wm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\133a5dd9-3b41978a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\133a5dd9-3b41978a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c9688d9-2483a06f
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c9688d9-2483a06f.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2150bb59-550e72e4
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2150bb59-550e72e4.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\24987ad9-6600b86a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\24987ad9-6600b86a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2512c659-3b531a6a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2512c659-3b531a6a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2937aad9-433cd50b
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2937aad9-433cd50b.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\32a66b99-4398d92a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\32a66b99-4398d92a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4dc99a99-23557120
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4dc99a99-23557120.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\58ec1b19-4b2be965
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\58ec1b19-4b2be965.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\641bf559-2025e443
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\641bf559-2025e443.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6595f3d9-42d56617
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6595f3d9-42d56617.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\66887fd9-6092c65c
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\66887fd9-6092c65c.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\68512d19-6820537d
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\68512d19-6820537d.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6b1ba4d9-5f808e52
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6b1ba4d9-5f808e52.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\75625499-6fc6e55c
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\75625499-6fc6e55c.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7816a459-56c6fd92
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7816a459-56c6fd92.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7d06c359-2917a259
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7d06c359-2917a259.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\9180419-541c9f77
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\9180419-541c9f77.idx
C:\Users\Tyler\Desktop\Music\britt nicole christian.wm
C:\Users\Tyler\Desktop\Music\christian new song.wm

.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-22 19:30 . 2008-05-22 19:30 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-21 13:44 . 2008-05-21 13:44 <DIR> d-------- C:\Deckard
2008-05-21 13:31 . 2008-05-21 13:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-29 20:29 . 2008-04-29 20:29 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-28 20:25 . 2008-04-28 20:25 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-28 20:25 . 2008-04-28 20:25 1,409 --a------ C:\Windows\QTFont.for
2008-04-28 20:24 . 2008-04-28 20:24 <DIR> d-------- C:\Program Files\iTunes
2008-04-28 20:24 . 2008-04-28 20:24 <DIR> d-------- C:\Program Files\iPod
2008-04-28 20:23 . 2008-04-28 20:23 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 22:03 --------- d--h--w C:\Program Files\Xp.dll
2008-05-21 20:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-21 20:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-21 20:35 --------- d-----w C:\Program Files\Steam
2008-05-21 20:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-21 20:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-21 20:35 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-21 02:36 --------- d-----w C:\Users\Tyler\AppData\Roaming\LimeWire
2008-05-15 02:01 --------- d-----w C:\Program Files\Windows Mail
2008-05-09 03:07 --------- d-----w C:\Users\Tyler\AppData\Roaming\Xfire
2008-05-09 00:39 --------- d-----w C:\ProgramData\Roxio
2008-05-03 22:21 --------- d-----w C:\ProgramData\Xfire
2008-05-02 20:20 --------- d-----w C:\Users\Tyler\AppData\Roaming\Netscape
2008-04-29 01:22 --------- d-----w C:\Program Files\Xfire
2008-04-29 01:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 01:10 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-25 01:10 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-24 00:24 --------- d-----w C:\Program Files\LimeWire
2008-04-22 22:29 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-04-04 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-01 20:53 --------- d-----w C:\Program Files\Java
2008-03-25 01:08 --------- d-----w C:\Users\Tyler\AppData\Roaming\Apple Computer
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-15 18:43 22,328 ----a-w C:\Users\Tyler\AppData\Roaming\PnkBstrK.sys
2007-10-18 16:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-18 16:57 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-18 16:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-22_17.45.17.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 22:37:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-23 02:05:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 22:37:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-23 02:05:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 22:37:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-23 02:05:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 17:56 303104 C:\Windows\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 13:39 151552]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 08:01 182744]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 16:19 17920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-04 16:18:22 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B9E139EF-18C8-4BBF-8BD2-BB7BA513B654}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"UDP Query User{CEAF316A-8AE9-47F9-882C-C4B57950C075}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"TCP Query User{DFBE3C95-529D-42EF-86C6-554F5EC39B97}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{C0B9A083-54FA-4B26-B6FA-BE748EB13DB5}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{3E740467-702F-4387-BE5E-3CE2A3DA7F2E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{418A232D-7399-4E3F-A85D-27D8D255D341}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5CD46747-6DB8-4151-B03C-46444049C005}C:\\program files\\steam\\steamapps\\rook1e187\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\rook1e187\day of defeat source\hl2.exe:hl2
"UDP Query User{C72CF9DC-417C-48A4-9075-6AFD0180EE9E}C:\\program files\\steam\\steamapps\\rook1e187\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\rook1e187\day of defeat source\hl2.exe:hl2
"TCP Query User{32358895-52E9-4F75-8E2C-E10DA7234C9B}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{49D29B54-A337-4737-9B06-287C4A1705D0}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"TCP Query User{EE692F81-38A2-4C04-B4C1-F219075D8505}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{CD81DA4F-FE0F-4224-81D6-550EE5C96B3D}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"TCP Query User{0B5E59A2-D33E-48A0-8864-115A34CA72AC}C:\\program files\\limewire\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire\limewire.exe:LimeWire
"UDP Query User{0F58D1A9-6363-406D-9E91-3E44C532FCC6}C:\\program files\\limewire\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire\limewire.exe:LimeWire
"TCP Query User{53F8C1EF-AD60-4CE2-B19E-6087BE86C115}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2F9B4EE4-38D0-41EC-B1C1-F08910DF09BF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{5F034622-E032-4EA0-BD90-610A6DCA08AA}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"UDP Query User{97BA7B17-AD8C-4113-B076-DE32532A34D8}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"TCP Query User{22E1B6D8-BADD-4D89-9493-CE95922BD638}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{AA974D7F-A9EA-4AC2-83B9-035F7A60D351}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{8509752B-818A-4FA7-A0DD-D8934921CAE4}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{2423F475-211E-4F47-8F74-563D96260099}C:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"{48FA4154-F9DC-435D-AEB7-CEB8E48772FA}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{D2C98ED6-00EF-41AF-A4E4-D3C21E3DF57F}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{079AAF2B-E21F-4AE9-B2A7-31A456DABA2D}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
"{3E230DF8-3327-4283-98B9-5F8CA7C664F9}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
"{5298E1D1-CF83-441F-AD3E-E9F155EBA619}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7ADD2367-5AF7-41F8-B9CC-E41FB92B3D7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A3A48124-A60F-4CD3-BC15-E652B6FF4357}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A54DB489-EC65-446F-BEBF-FBCA2D7A6F60}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{1C62CC12-7362-4184-A058-80D7A1FF1F70}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D885F771-F227-4F3A-935F-6042DEB8F854}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{68E37EA9-924B-4B81-8BAD-5C17234B6C56}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4AE4B788-15EA-4ADA-82B8-047C82B9E543}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DEAB5B83-79EF-4E9C-98A4-602E6711E9F8}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{C80AB3F4-6EE7-4F0E-B361-F7109B0CA599}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"{984C377B-9F1C-4263-9BDA-E2C280238953}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{86BFD9EA-587E-4A25-BC09-107156DFC959}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{1E974F1B-8C4D-458F-B22E-A8E1B5C1B41E}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{85A6FEFC-9B3B-43CE-A9F2-C8FBB57AAB85}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"{C7202D9F-220C-4E33-B25D-8448166B52E6}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
"{6626D656-6D35-451F-BF3C-8731C3768257}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
"{EC277F65-0891-4D46-B12C-78FB65E5223E}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
"{40D7C23D-8D45-4D2A-896B-7B0978BF90F1}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
"TCP Query User{FACA8DB4-D9AD-4CFC-9FC2-78A461A6FF78}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5B02CE08-5A43-45FE-A6EF-EA3C1BEBC82E}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{549B1026-B444-4CE0-92C9-40F651F9A89D}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4CCF127F-043F-4081-A150-329F3549542D}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{59939B6C-77F6-4E00-A7DC-42EB3AB2E5DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0CE8094E-6D56-4811-AA37-682745859025}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 10:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-02-27 03:45]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-14 17:37]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 20:25:31 C:\Windows\Tasks\User_Feed_Synchronization-{994D8E60-F973-4E28-9A5B-727AAA16D1B1}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 21:14:00
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 21:15:14
ComboFix-quarantined-files.txt 2008-05-23 02:15:08
ComboFix2.txt 2008-05-23 00:27:00
ComboFix3.txt 2008-05-22 22:46:29

Pre-Run: 135,746,232,320 bytes free
Post-Run: 135,719,915,520 bytes free

232 --- E O F --- 2008-05-21 20:46:34
 
ok i didnt do step 2 bc of vista. did step 3 and the system is running great. thanks for the fast replys and all the help.
 
What happens when you try to run ATF Cleaner? Instead run CleanUp! and see if that works.

Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.
 
ok sorry i just seen that it said for xp and didnt even try it but ATF cleaner worked . so whats next. my bad :)
 
Guess what .. YOUR CLEAN!

After all that hard work you are clean and free to go from my annoying tasks :D

-----------------------

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.
 
techpro5238 thanks so much for all your help and your time. you know i thought i was doing a good job keeping this crap off my computer but i guess not. thanks for your help again!
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
Back
Top Bottom