Please Help Me...Am I Infected??? Registry Inside...

sandman42 · May 31, 2007

I don't know if I am infected...But Here is my Registry...My Computer has been restarting automatically and the internet freezes up sometimes and I also get the Blue Screen of Death sometimes...Also it seems like my boot time is SO SLOW....

Here is my Registry...
-------------------------

"Gus" - 2007-05-31 6:17:35 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Gus\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))))))

2007-05-30 18:16 <DIR> d-------- C:\Program Files\iTunes
2007-05-30 18:16 <DIR> d-------- C:\Program Files\iPod
2007-05-29 23:09 <DIR> d-------- C:\Program Files\OCTGN
2007-05-25 16:26 <DIR> d-------- C:\DOCUME~1\Gus\APPLIC~1\Wizards of the Coast
2007-05-25 16:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-25 16:23 <DIR> d-------- C:\temp\MTGOInstall
2007-05-25 16:19 <DIR> d-------- C:\DOCUME~1\Gus\APPLIC~1\InstallShield
2007-05-25 14:51 <DIR> d-------- C:\Program Files\Wizards of the Coast
2007-05-25 14:15 <DIR> d-------- C:\Magic
2007-05-24 19:50 <DIR> d-------- C:\Program Files\The Foundry
2007-05-24 07:40 227,856 --a------ C:\WINDOWS\system32\PDBoot.exe
2007-05-24 00:39 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2007-05-24 00:39 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL
2007-05-24 00:39 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-05-24 00:39 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2007-05-24 00:39 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2007-05-24 00:39 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-05-24 00:38 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-05-24 00:38 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-05-24 00:38 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-05-24 00:38 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-05-24 00:35 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2007-05-24 00:35 <DIR> d-------- C:\Program Files\Autodesk
2007-05-23 23:48 <DIR> d-------- C:\Program Files\MagicISO
2007-05-21 11:57 96,328 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-05-19 13:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-14 12:45 <DIR> d-------- C:\MySpace
2007-05-10 10:55 <DIR> d-------- C:\DOCUME~1\Gus\APPLIC~1\AVSEdit
2007-05-02 18:54 <DIR> d-------- C:\Program Files\QuickTime
2007-04-27 12:28 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-04-27 12:28 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-04-27 12:28 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-04-15 23:04 <DIR> d-------- C:\Wrestling Shows
2007-04-11 18:05 <DIR> d-------- C:\Other
2007-04-11 00:53 <DIR> d-------- C:\Program Files\HTTP-Bugger v 2.2
2007-04-09 12:25 <DIR> d-------- C:\Cracking
2007-04-09 12:24 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-04-09 12:24 249,856 --------- C:\WINDOWS\Setup1.exe
2007-04-09 02:16 <DIR> d-------- C:\DOCUME~1\Gus\APPLIC~1\LEAPS
2007-04-09 02:13 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-04-08 12:10 <DIR> d-------- C:\DOCUME~1\Gus\APPLIC~1\Opera
2007-04-07 12:37 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-04-07 12:27 <DIR> d-------- C:\Program Files\Best Buy Rhapsody

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-31 10:36:10 -------- d-----w C:\DOCUME~1\Gus\APPLIC~1\uTorrent
2007-05-31 10:02:33 -------- d-----w C:\Program Files\FlashGet
2007-05-31 06:40:04 -------- d-----w C:\DOCUME~1\Gus\APPLIC~1\Vso
2007-05-31 00:31:07 -------- d-----w C:\Program Files\F-Secure
2007-05-25 23:19:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-25 02:00:51 -------- d-----w C:\Program Files\Common Files\Raxco
2007-05-23 18:40:24 -------- d-----w C:\DOCUME~1\Gus\APPLIC~1\U3
2007-05-13 10:17:27 -------- d-----w C:\DOCUME~1\Gus\APPLIC~1\LimeWire
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-07 19:37:13 -------- d-----w C:\DOCUME~1\Gus\APPLIC~1\Real
2007-04-07 19:33:39 -------- d-----w C:\Program Files\Real
2007-04-03 17:58:26 -------- d-----w C:\Program Files\Accessdiver
2007-03-31 05:09:34 -------- d-----w C:\Program Files\mIRC
2007-03-28 16:58:53 -------- d-----w C:\Program Files\AviDvdBurner
2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 06:47:59 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-03-07 06:47:58 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-02-21 11:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-29 02:46]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-14 20:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-06-01 14:22 C:\WINDOWS\system32\nwiz.exe]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-09-15 01:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-02-03 21:14]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-02-03 21:14]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-03 22:42]
"BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-01-21 17:35]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11]
"@"="" []
"SoundMan"="SOUNDMAN.EXE" []
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 14:22 C:\WINDOWS\system32\nvmctray.dll]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14]
"Aim6"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gus^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Gus\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder
2007-05-31 01:08:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-31 06:21:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-31 6:22:11

--- E O F ---

====================================

I have F-Secure Anti-Virus 2007 and here is the report it gave me...

Scanning Report
31 May 2007 04:15:33 - 05:59:57

Computer name: SANDMAN423
Scanning type: Perform full computer check
Target: C:\ F:\ + system + rootkits
Result: 14 malware found
Trojan.Java.ClassLoader.ao (virus)

* C:\Documents and Settings\Gus\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-318bf3eb-6f22e1a1.zip\BaaaaBaa.class
* C:\Documents and Settings\Gus\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-318bf3eb-6f22e1a1.zip\VaaaaaaaBaa.class
* C:\Documents and Settings\Gus\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-318bf3eb-6f22e1a1.zip\Baaaaa.class

AdWare.Win32.Dudu.f (adware)

* F:\Other\Other\Prog\FreePPV\FLS_AIO_TV_PC_PROGRAMS.exe\AutoPlay\Docs\pcast.zip\pcast.exe
* F:\Other\Other\Prog\FreePPV\FLS_AIO_TV_PC_PROGRAMS.exe\AutoPlay\Docs\pcast.zip

HackTool.Win32.Ares.a (virus)

* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\FACE_Setup\FACE_Setup.exe

HackTool.Win32.WebHack (virus)

* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\formfinal\form.exe

HackTool.Win32.John (virus)

* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\jtr\#COPY THIS FOLDER TO DESKTOP and read tutorial!\JOHN.EXE
* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\jtr\#COPY THIS FOLDER TO DESKTOP and read tutorial!\JOHN-K6.ZIP\john.exe
* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\jtr\#COPY THIS FOLDER TO DESKTOP and read tutorial!\JOHN-K6.ZIP
* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\jtr\#COPY THIS FOLDER TO DESKTOP and read tutorial!\JOHN-MMX.ZIP\john.exe
* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\jtr\#COPY THIS FOLDER TO DESKTOP and read tutorial!\JOHN-MMX.ZIP
* C:\Cracking\NNH\NewbieHack.exe Action: quarantined

AdWare.Win32.Dudu (adware)

* F:\Other\Other\Prog\FreePPV\FLS_AIO_TV_PC_PROGRAMS.exe Action: quarantined

Riskware found
PSWTool.Win32.Brutus (riskware)

* C:\Cracking\NNH\NewbieHack.exe\AutoPlay\Docs\brutus-aet2\BrutusA2.exe

Statistics
Scanned:

* Files: 256020
* Not scanned: 26

Result:

* Viruses: 11
* Spyware: 3
* Suspicious items: 0
* Riskware: 1

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* Quarantined: 2
* Failed: 0

Boot Sectors:

* Scanned: 1
* Infected: 0
* Suspicious items: 0
* Disinfected: 0

Files not scanned:

* Cannot open file C:\PAGEFILE.SYS
* Cannot open file C:\WINDOWS\TEMPFILE
* Cannot open file C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* Cannot open file C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* File C:\Documents and Settings\Gus\Local Settings\Temp\baseurls.rar\baseurls.txt is encrypted
* File C:\Documents and Settings\Gus\Local Settings\Temp\golden hitlist.rar\golden hitlist.txt is encrypted
* File C:\Documents and Settings\Gus\Local Settings\Temp\list.rar\list.txt is encrypted
* File C:\Documents and Settings\Gus\Local Settings\Temp\Wordlist What001.rar\Wordlist What001.txt is encrypted
* Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\GUS\LOCAL SETTINGS\TEMP\~ROMFN_000018C0
* File C:\Cracking\proxy_tools.exe\AutoPlay\autorun.cdd\_detect.dat is encrypted
* File C:\Cracking\NNH\NewbieHack.exe\AutoPlay\autorun.cdd\_detect.dat is encrypted
* Cannot open a file in archive F:\various appz\Windows Tryouts\GoLive_CS2_EnglishTryout.zip\GoLive_CS2_EnglishTryout\Data1.cab\ksc5601.mapumb
* Cannot open a file in archive F:\various appz\Windows Tryouts\GoLive_CS2_EnglishTryout.zip\GoLive_CS2_EnglishTryout\Data1.cab\gb2312.mapumb
* Cannot open a file in archive F:\various appz\Windows Tryouts\GoLive_CS2_EnglishTryout.zip\GoLive_CS2_EnglishTryout\Data1.cab\big5.mapumb
* Cannot open a file in archive F:\various appz\PowerQuest PartitionMagic 8.0\PowerQuest PartitionMagic 8.0.rar\CD-KEY.txt
* File F:\RECYCLER\S-1-5-21-606747145-602609370-725345543-1004\Df438.rar\dummy file name of encryted archive is encrypted
* File F:\RECYCLER\S-1-5-21-606747145-602609370-725345543-1004\Df439.rar\dummy file name of encryted archive is encrypted
* File F:\RECYCLER\S-1-5-21-606747145-602609370-725345543-1004\Df440.rar\dummy file name of encryted archive is encrypted
* File F:\RECYCLER\S-1-5-21-606747145-602609370-725345543-1004\Df441.rar\dummy file name of encryted archive is encrypted
* File F:\RECYCLER\S-1-5-21-606747145-602609370-725345543-1004\Df442.rar\dummy file name of encryted archive is encrypted
* File F:\RECYCLER\S-1-5-21-606747145-602609370-725345543-1004\Df443.rar\dummy file name of encryted archive is encrypted
* File F:\Other\Other\Prog\Cooking-AIO.exe\AutoPlay\autorun.cdd\acrobat.bmp is encrypted
* File F:\Other\Other\Prog\FreePPV\FLS_AIO_TV_PC_PROGRAMS.exe\AutoPlay\autorun.cdd\_detect.dat is encrypted
* File F:\G Drive\Apps\Apps\SHARK__s_Leechlist.rar\SHARK's Leechlist.txt is encrypted
* Cannot open a file in archive F:\BITTORENT\[NDS]JUMP_SUPER_STARS[JPN]-[WWW.ESPALNDS.COM].RAR
* File C:\Cracking\NNH\NewbieHack.exe\AutoPlay\autorun.cdd\_detect.dat is encrypted

Options
Definitions version:

* Viruses: 2007-05-31_03
* Spyware: 2007-05-31_02

Scanning Engines:

* F-Secure AVP: 6.00.171, 2007-05-31
* F-Secure Libra: 2.04.01, 2007-05-30
* F-Secure Orion: 1.02.37, 2007-05-31
* F-Secure Draco: 1.00.35, 2007-05-14
* F-Secure BlackLight: 1.00.53

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Scan inside archives

Excluded:

* Spyware: Client-IRC.Win32.mIRC

Actions:

* Viruses: Ask after scan
* Spyware: Ask after scan

Please Post THe Fixes if ANY...

sandman42 · May 31, 2007

Well here is the HiJack This Registry Log...

Logfile of HijackThis v1.99.1
Scan saved at 6:31:37 AM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\winroute\WinRServ.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Softex\winroute\WinRoute.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC250C47-9B9B-442E-977A-DB416F2C4F9A}: NameServer = 192.168.1.254
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Softex WinRoute Service (WinRServ) - Unknown owner - C:\Program Files\Softex\winroute\WinRServ.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

sandman42 · May 31, 2007

Anyone?

bluecoal · May 31, 2007

Well,

Your fsecure log shows a few things in Java. I don't know anything about those whether they are ok to delete or not.

Most of the other things are in your cracking folder, so I would guess you are going to have to be prepared to give up some crack stuff to fix infection issues.

You can run this online scan, see what it finds, and see if you are willing to let it remove those things:
http://www.ewido.net/en/onlinescan/

Log in or Sign up

Please Help Me...Am I Infected??? Registry Inside...

sandman42 Regular member

sandman42 Regular member

sandman42 Regular member

bluecoal Guest

Share This Page

Log in or Sign up

Please Help Me...Am I Infected??? Registry Inside...

sandman42 Regular member

sandman42 Regular member

sandman42 Regular member

bluecoal Guest

Share This Page

Useful Searches