crushthegame
2009-07-09, 23:48
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:15 PM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\lsass.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\win.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\services.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\login.exe
C:\WINDOWS\System32\DeltTray.exe
C:\WINDOWS\System32\DeltTray .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\debug.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\system.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AdvancedVirusRemover\PAVRM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aportals.net/pubac/ac.php?aid=158&sid=clean12
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - C:\WINDOWS\system32\gsf83iujid.dll
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet2\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 4974 bytes
Scan saved at 4:41:15 PM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\lsass.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\win.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\services.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\login.exe
C:\WINDOWS\System32\DeltTray.exe
C:\WINDOWS\System32\DeltTray .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\debug.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\system.exe
C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AdvancedVirusRemover\PAVRM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aportals.net/pubac/ac.php?aid=158&sid=clean12
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - C:\WINDOWS\system32\gsf83iujid.dll
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet2\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 4974 bytes