Command Service - Firewall disabled [Archive]

View Full Version : Command Service - Firewall disabled

pryan80

2006-10-24, 14:35

Here is the Hijack and combofix logs. I have been unable to get an online scan report from any of the links. Sorry.
Please help, this is really causing grief...

Paul - 06-10-19 18:42:27.06 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Paul\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\Paul\Application Data\Dxcdmns.dll
C:\Documents and Settings\Paul\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Paul\Application Data\Dxcuknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\3AGFRT8X\MTE3NDI6ODoxNg[1].exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{30E733EC-0855-3081-0811-06031706003d}
C:\Program Files\Common Files\{40E733EC-0855-3081-0811-06031706003d}
C:\WINDOWS\TWF0cml4

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Paul\Application Data\RACLE~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\RACLE~1\msconfig.exe
C:\QooBox\Purity\WINDOWS\RACLE~1\?racle

((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))

2006-10-18 22:02 131,072 --a------ C:\WINDOWS\system32\regmyx.dll
2006-10-18 07:29 76,288 --a------ C:\hicbuebt.exe
2006-10-18 07:29 7,680 --a------ C:\Documents and Settings\Paul\loadadv642.exe
2006-10-18 07:29 52,161 --a------ C:\Documents and Settings\Paul\mt-uninstaller.exe
2006-10-18 07:29 32,768 --a------ C:\DXC9.exe
2006-10-18 07:29 310,482 --a------ C:\Colo2.exe
2006-10-18 07:29 24,548 --a------ C:\WINDOWS\9129837.exe
2006-10-18 07:29 157,696 --a------ C:\Documents and Settings\Paul\302.exe
2006-10-18 07:29 14,848 --a------ C:\141ts.exe
2006-10-18 07:29 115,947 --a------ C:\Documents and Settings\Paul\301.exe
2006-10-18 07:29 1,465 --a------ C:\soqc.exe
2006-10-18 07:28 109,056 --a------ C:\Documents and Settings\Paul\drsmartload1135a.exe
2006-10-18 07:28 1,886 --a------ C:\Documents and Settings\Paul\ah.exe
2006-10-07 08:55 94,208 --a------ C:\WINDOWS\system32\ikrfind.dll
2006-10-07 08:55 72,704 --a------ C:\WINDOWS\system32\ksrpmje.dll
2006-10-03 07:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-19 18:44 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-19 18:42 -------- d-------- C:\Program Files\Common Files
2006-10-19 18:14 -------- d-------- C:\Documents and Settings\Paul\Application Data\Google
2006-10-18 20:56 -------- d-------- C:\Program Files\Common Files\oior
2006-10-18 19:03 -------- d-------- C:\Program Files\Google
2006-10-11 19:17 -------- d-------- C:\Program Files\WinRAR
2006-10-09 18:29 -------- d-------- C:\Documents and Settings\Paul\Application Data\Real
2006-10-07 17:25 -------- d-------- C:\Documents and Settings\Paul\Application Data\Media Player Classic
2006-10-07 17:23 -------- d-------- C:\Program Files\Media Player Classic
2006-10-05 21:20 -------- d-------- C:\Documents and Settings\Paul\Application Data\Help
2006-10-02 11:05 -------- d-------- C:\Documents and Settings\Paul\Application Data\Ahead
2006-09-30 00:12 -------- d-------- C:\Program Files\THQ
2006-09-28 18:55 -------- d---s---- C:\Documents and Settings\Paul\Application Data\Microsoft
2006-09-13 13:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-01 18:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-01 17:45 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-01 17:42 96256 --a------ C:\WINDOWS\system32\drivers\sptd6957.sys
2006-09-01 17:42 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-31 22:31 -------- d-------- C:\Program Files\Windows Media Player
2006-08-31 22:18 -------- d-------- C:\Program Files\Common Files\Ulead Systems
2006-08-31 22:17 -------- d-------- C:\Program Files\Ulead Systems
2006-08-31 21:32 -------- d-------- C:\Program Files\DivX
2006-08-31 21:11 -------- d-------- C:\Program Files\BitComet
2006-08-31 08:57 -------- d-------- C:\Program Files\Messenger
2006-08-31 08:57 -------- d-------- C:\Program Files\Internet Explorer
2006-08-31 08:55 -------- d-------- C:\Program Files\Outlook Express
2006-08-31 08:55 -------- d-------- C:\Program Files\Common Files\System
2006-08-30 19:39 -------- d-------- C:\Documents and Settings\Paul\Application Data\BitTorrent
2006-08-29 19:33 -------- d-------- C:\Documents and Settings\Paul\Application Data\Macromedia
2006-08-25 23:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 20:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 18:22 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-21 17:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 17:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 17:57 -------- d-------- C:\Program Files\iPod
2006-08-20 17:54 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-20 13:53 -------- d-------- C:\Documents and Settings\Paul\Application Data\AdobeUM
2006-08-20 13:51 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-08-20 13:51 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-20 13:51 -------- d-------- C:\Documents and Settings\Paul\Application Data\Adobe
2006-08-20 13:50 -------- d-------- C:\Program Files\Adobe
2006-08-20 13:49 -------- d-------- C:\Program Files\QuickTime
2006-08-20 13:27 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-08-20 13:26 -------- d-------- C:\Program Files\AC3Filter
2006-08-20 12:55 -------- d-------- C:\Program Files\Symantec
2006-08-20 12:55 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-20 12:50 -------- d-------- C:\Program Files\Nero
2006-08-20 12:50 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-20 12:48 -------- d-------- C:\Program Files\WordWeb
2006-08-20 12:47 -------- d-------- C:\Program Files\Microsoft Office
2006-08-20 12:47 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-20 11:52 -------- d-------- C:\Program Files\Microsoft Works
2006-08-20 11:46 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-20 11:46 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-20 11:46 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-20 11:46 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-20 11:23 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-20 11:22 -------- d-------- C:\Program Files\AGEIA Technologies
2006-08-20 10:52 -------- d-------- C:\Program Files\Ubisoft
2006-08-20 10:45 -------- d-------- C:\Program Files\GIGABYTE
2006-08-20 02:28 62 --ahs---- C:\Documents and Settings\Paul\Application Data\desktop.ini
2006-08-20 02:28 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-20 02:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-19 19:55 -------- d-------- C:\Documents and Settings\Paul\Application Data\Logitech
2006-08-19 19:54 -------- d-------- C:\Program Files\Common Files\Logitech
2006-08-19 19:53 -------- d-------- C:\Program Files\Logitech
2006-08-19 19:41 -------- d-------- C:\Program Files\Windows Media Components
2006-08-19 19:37 -------- d-------- C:\Program Files\VideoMate
2006-08-19 19:37 -------- d-------- C:\Program Files\Common Files\VideoMate
2006-08-19 19:25 -------- d-------- C:\Program Files\Realtek
2006-08-19 19:22 -------- d-------- C:\Program Files\Intel
2006-08-19 18:46 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-19 18:46 -------- d-------- C:\Documents and Settings\Paul\Application Data\Identities
2006-08-19 18:40 0 -rahs---- C:\MSDOS.SYS
2006-08-19 18:40 0 -rahs---- C:\IO.SYS
2006-08-19 18:40 0 --a------ C:\CONFIG.SYS
2006-08-19 18:40 0 --a------ C:\AUTOEXEC.BAT
2006-08-19 18:40 -------- d-------- C:\Program Files\xerox
2006-08-19 18:40 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-19 18:39 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-19 18:39 -------- d-------- C:\Program Files\NetMeeting
2006-08-19 18:39 -------- d-------- C:\Program Files\Common Files\Services
2006-08-19 18:38 -------- d-------- C:\Program Files\Online Services
2006-08-19 18:38 -------- d-------- C:\Program Files\Movie Maker
2006-08-19 18:38 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-19 18:38 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-19 18:37 -------- d-------- C:\Program Files\Windows NT
2006-08-19 18:37 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-16 19:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-11 15:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 15:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 15:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 15:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 15:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 15:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 15:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 15:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 15:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 15:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 15:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 15:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 15:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 15:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 15:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 15:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 15:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 15:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 15:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 15:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 15:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 15:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 15:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 15:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 15:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 15:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 15:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 15:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 15:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 15:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 15:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 15:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 15:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 15:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 15:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 15:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 15:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 15:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 15:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 15:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 15:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 15:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 15:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 15:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 15:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 15:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 15:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 15:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 15:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 15:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 15:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 15:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 15:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 15:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 15:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 15:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 15:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 15:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 15:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 15:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 15:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 15:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 15:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 15:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 15:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 15:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 15:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 15:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 15:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 15:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 15:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 15:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 15:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 15:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 15:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 15:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 15:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 15:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 15:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 15:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 15:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 15:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 15:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 15:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 15:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 15:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 15:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 15:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 15:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 15:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 15:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-04 23:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 23:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 21:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 10:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 10:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-27 10:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 16:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"BitTorrent"="\"D:\\Downloads\\bittorrent.exe\" --force_start_minimized"
"oior"="C:\\PROGRA~1\\COMMON~1\\oior\\oiorm.exe"
"Xlbjqstr"="D:\\Paul's Documents\\??sks\\n?tdde.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"GBB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"EasyTuneV"="C:\\Program Files\\Gigabyte\\ET5\\GUI.exe"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"WinampAgent"="D:\\Winamp\\winampa.exe"
"ikrfind.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ikrfind.dll,buptmcd"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

........

pryan80

2006-10-24, 14:36

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,fc,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Usou"="\"C:\\WINDOWS\\RACLE~1\\msconfig.exe\" -vt ndrv"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"="ALCMTR.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SkyTel"="SkyTel.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-19 18:44:09.00
C:\ComboFix.txt ... 06-10-19 18:44

HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 09:24:52 PM, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\oior\oiorm.exe
C:\PROGRA~1\COMMON~1\oior\oiora.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inthemix.com.au/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E7123B03-F1C5-D811-BD6D-F57AE5960FC5} - C:\WINDOWS\system32\regmyx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [ikrfind.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ikrfind.dll,buptmcd
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "D:\Downloads\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [oior] C:\PROGRA~1\COMMON~1\oior\oiorm.exe
O4 - HKCU\..\Run: [Xlbjqstr] D:\Paul's Documents\??sks\n?tdde.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159757459640
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks for any help you can provide!

LonnyRJones

2006-10-29, 02:15

Welcome to the forum pryan80

Your running Hijackthis from a temp and/Or it still hasnt been unzipped, neither is a good idea.
Create a new folder, for instance C:\AntiSpyware
Download the exe from here to that new folder.
http://www.merijn.org/files/HijackThis.exe
This is necessary to ensure you have backups should anything go wrong
Make and post a new log

tashi

2006-11-03, 19:31

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.