Chatbox
Where is the best place we can all link up to have a reunion? A facebook group? Only platform I think we all look at daily hahah but who knows if anyone wants to show their actual face. :P Made one just now -[link]-
2 years ago
Oh I'm so down. I still play zombie escape sometimes on CS:S. Never gets old. So down for Office.
Also 15 years for me. Fuck man we are getting old as shit.
Also, loving Back 4 Blood. Highly recommend to everyone who enjoys coop zombie action. I play on steam. gLiTch handle was retired with FT. You can find me as theRemedy on Steam friends.
Also 15 years for me. Fuck man we are getting old as shit.
Also, loving Back 4 Blood. Highly recommend to everyone who enjoys coop zombie action. I play on steam. gLiTch handle was retired with FT. You can find me as theRemedy on Steam friends.
3 years ago
Super down for a rerun. I think we all have some old connections to plan something ahead of time, on an updated game, or even outdated, for all of us to do an event on. I would look forward to that very much
3 years ago
View all posts (680)
Forums
Fish Tank Clan :: Forums :: General Forums :: Tech Support |
|
« Previous topic | Next topic » |
ComboFix Log |
Author | Post | ||
Zero |
|
||
I want to fuck your hand.
Registered Member #571
Joined: Thu Feb 15 2007, 09:59PM
Posts: 2809 |
Cha asked to get a log from this program a while ago, but was unable to download it from the internetz. Here is the log, any help(hopefully Cha checks this daily ) Fixing my computer is PERTINENT to helping reviving FTC for me. I can't do shit, let alone play a god damn game. I feel that after I reformat I should be okay, but I want to play NOW and I can't do that with Spybot blocking all my programs(basically in safe mode right now) Please help me fix this hunk of shit I'm gonna go virtumonde fix again and see if that helps ComboFix 08-09-20.05 - Justin 2008-09-22 20:03:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478 [GMT -4:00] Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C: \Documents and Settings\Justin\Application Data\inst.exe C:\WINDOWS\BMa7c417fb.txt C: \WINDOWS\BMa7c417fb.xml C:\WINDOWS\cookies.ini C: \WINDOWS\system32\akttzn.exe C: \WINDOWS\system32\anticipator.dll C: \WINDOWS\system32\awtoolb.dll C: \WINDOWS\system32\awtqrpqO.dll C: \WINDOWS\system32\bdn.com C: \WINDOWS\system32\blphcjcjj0eefj.scr C: \WINDOWS\system32\borlavmt.dll C:\WINDOWS\system32\bsva- egihsg52.exe C:\WINDOWS\system32\cbXQiGxx.dll C: \WINDOWS\system32\cfvlhbmk.dll C: \WINDOWS\system32\ddmssfkp.ini C: \WINDOWS\system32\dkqnvfou.dll C: \WINDOWS\system32\dpcproxy.exe C: \WINDOWS\system32\eddrampo.ini C: \WINDOWS\system32\ejsumokm.dll C: \WINDOWS\system32\fqspvfsm.ini C: \WINDOWS\system32\gfkeuhmw.ini C: \WINDOWS\system32\hixuoadv.dll C: \WINDOWS\system32\hoproxy.dll C: [!loop count exceeded: \WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\kafwmfni.ini C:\WINDOWS\system32\kkjinrby.ini C:\WINDOWS\system32\lphcjcjj0eefj.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mixwqvvy.ini C:\WINDOWS\system32\mrwqyuhn.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\ntbtunfw.dll C:\WINDOWS\system32\ocehsjwg.dll C:\WINDOWS\system32\Oqprqtwa.ini C:\WINDOWS\system32\Oqprqtwa.ini2 C:\WINDOWS\system32\pecwkpod.ini C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\pweqohjn.ini C:\WINDOWS\system32\pygirrtw.ini C:\WINDOWS\system32\qhrncmtx.dll C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\sysrest.sys C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\tnfovsgk.ini C:\WINDOWS\system32\tuoljjar.ini C:\WINDOWS\system32\uarqrxvh.ini C:\WINDOWS\system32\upnemswh.ini C:\WINDOWS\system32\upvkcoae.ini C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\system32\wlcuwsjg.ini C:\WINDOWS\system32\wruvctme.dll C:\WINDOWS\system32\xlbcwime.ini . (((((((((((((((((((((((((!]\WINDOWS\system32\hxiwlgpm.dat C: Files Created from 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))) . 2008-09-22 20:27 . 2008-09-22 20:27 102,400 --a------ C: \WINDOWS\system32\rmxenajy.exe 2008-09-22 20:26 . 2008-09-22 20:27 879,510 ---hs---- C: \WINDOWS\system32\kkjinrby.ini 2008-09-22 18:48 . 2008-09-22 18:48 90,624 --a------ C: \WINDOWS\system32\ybrnijkk.dll 2008-09-22 18:45 . 2008-09-22 18:45 113,152 --a------ C: \WINDOWS\system32\hlwnjyrg.dll 2008-09-22 18:45 . 2008-09-22 18:45 113,152 --a------ C:<WINDOWS\system32\eyhexz.dll 2008-09-22 17:24 . 2008-09-22 18:30 \DIR> d-------- C:\Documents and Settings\Justin\Application Data\U3 2008-09-22 07:13 . 2008-09-22 07:13 98,304 --a------ C: \WINDOWS\system32\tmtivafk.exe 2008-09-21 18:48 . 2008-09-21 18:48 113,152 --a------ C: \WINDOWS\system32\ihcskwrc.dll 2008-09-21 18:48 . 2008-09-21 18:48 113,152 --a------ C:\WINDOWS\system32\dkjrmw.dll 2008-09-21 18:42 . 2008-09-21 18:42 97,792 --a------ C: \WINDOWS\system32\yuwamcjw.dll 2008-09-20 15:17 . 2008-09-20 15:17 114,688 --a------ C:\WINDOWS\system32\nqghud.dll 2008-09-20 15:17 . 2008-09-20 15:17 114,688 --a------ C: \WINDOWS\system32\kkdbkmvp.dll 2008-09-20 15:14 . 2008-09-20 15:14 97,280 --a------ C: \WINDOWS\system32\mnnwhbel.dll 2008-09-19 15:23 . 2008-09-19 15:23 112,640 --a------ C:\WINDOWS\system32\ncanyl.dll 2008-09-19 15:23 . 2008-09-19 15:23 112,640 --a------ C: \WINDOWS\system32\gfxyuhvv.dll 2008-09-18 15:18 . 2008-09-18 15:18 112,640 --a------ C:\WINDOWS\system32\gqpgsy.dll 2008-09-18 15:18 . 2008-09-18 15:18 112,640 --a------ C: \WINDOWS\system32\eagjewvl.dll 2008-09-18 15:15 . 2008-09-18 15:15 99,328 --a------ C: \WINDOWS\system32\joayxpud.dll 2008-09-17 15:17 . 2008-09-17 15:17 113,152 --a------ C: \WINDOWS\system32\kkqdftwa.dll 2008-09-17 15:17 . 2008-09-17 15:17 113,152 --a------ C:\WINDOWS\system32\ahbnxi.dll 2008-09-17 15:13 . 2008-09-17 15:13 99,328 --a------ C: \WINDOWS\system32\imkuwkhe.dll 2008-09-17 06:45 . 2008-09-17 06:45 98,304 --a------ C: \WINDOWS\system32\vebotehu.exe 2008-09-16 18:45 . 2008-09-16 18:45 98,304 --a------ C: \WINDOWS\system32\ryrunwfq.exe 2008-09-16 15:17 . 2008-09-16 15:17 112,128 --a------ C: \WINDOWS\system32\ymbryykt.dll 2008-09-16 15:17 . 2008-09-16 15:17 112,128 --a------ C:\WINDOWS\system32\oxxihg.dll 2008-09-16 15:14 . 2008-09-16 15:14 86,016 --a------ C: \WINDOWS\system32\eaockvpu.dll 2008-09-15 15:18 . 2008-09-15 15:18 112,128 --a------ C:\WINDOWS\system32\torcnw.dll 2008-09-15 15:18 . 2008-09-15 15:18 112,128 --a------ C: \WINDOWS\system32\iyikqjum.dll 2008-09-14 21:44 . 2008-09-14 21:44 90,112 --a------ C: \WINDOWS\system32\dqditori.exe 2008-09-14 15:16 . 2008-09-14 15:16 111,616 --a------ C:\WINDOWS\system32\uzwpqe.dll 2008-09-14 15:16 . 2008-09-14 15:16 111,616 --a------ C: \WINDOWS\system32\ioyvloyj.dll 2008-09-14 15:13 . 2008-09-14 15:13 88,576 --a------ C: \WINDOWS\system32\kgsvofnt.dll 2008-09-14 11:00 . 2008-09-14 11:00 1,568 --a------ C:\WINDOWS\system32\tmp.reg 2008-09-14 10:57 . 2007-09-06 00:22 289,144 --a------ C: \WINDOWS\system32\VCCLSID.exe 2008-09-14 10:57 . 2006-04-27 17:49 288,417 --a------ C: \WINDOWS\system32\SrchSTS.exe 2008-09-14 10:57 . 2008-09-08 23:38 88,576 --a------ C: \WINDOWS\system32\AntiXPVSTFix.exe 2008-09-14 10:57 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008- 09-14 10:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008- 09-14 10:57 . 2008-09-13 18:10 82,432 --a------ C: \WINDOWS\system32\IEDFix.C.exe 2008-09-14 10:57 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008- 09-14 10:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-09-14 10:57 . 2004-07-31 18:50 51,200 --a------ C: \WINDOWS\system32\dumphive.exe 2008-09-14 10:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008- 09-13 17:37 . 2008-09-13 17:37 106,496 --a------ C: <WINDOWS\system32\tmtclefw.exe 2008-09-13 15:58 . 2008-09-13 15:58 \DIR> d-------- C:\Documents and Settings\All Users\Application Data\xefwjsvi 2008-09-13 15:58 . 2008-09-05 19:32 165,888 --a------ C:\WINDOWS\system32\sav.cpl 2008-09- 13 15:58 . 2008-09-13 15:58 81,920 --a------ C: \WINDOWS\system32\tslyjoho.exe 2008-09-13 15:57 . 2008-09-13 15:57 113,668 --a------ C: <WINDOWS\system32\msxml71.dll 2008-09-13 15:50 . 2008-09-13 15:50 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-13 15:50 . 2008-09-13 15:53 \DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-13 15:13 . 2008-09-13 15:13 90,112 --a------ C: \WINDOWS\system32\hwsmenpu.dll 2008-09-13 15:11 . 2008-09-13 15:11 112,128 --a------ C:\WINDOWS\system32\igtpho.dll 2008-09-13 15:11 . 2008-09-13 15:11 112,128 --a------ C: <WINDOWS\system32\grcpaapk.dll 2008-09-13 13:53 . 2008-09-13 14:09 \DIR> d-------- C:\VundoFix Backups 2008-09-12 15:17 . 2008-09-12 15:17 112,640 --a------ C: \WINDOWS\system32\dkclamse.dll 2008-09-12 15:17 . 2008-09-12 15:17 112,640 --a------ C:\WINDOWS\system32\cdkvap.dll 2008-09-12 15:11 . 2008-09-12 15:11 89,600 --a------ C: \WINDOWS\system32\njhoqewp.dll 2008-09-12 15:03 . 2006-10-26 19:56 32,592 --a------ C: <WINDOWS\system32\msonpmon.dll 2008-09-12 14:55 . 2008-09-12 14:55 <DIR> d-------- C:\Program Files\Microsoft Works 2008-09-12 14:54 . 2008-09-12 14:54 <DIR> d-------- C:\Program Files\MSBuild 2008-09-12 14:49 . 2008-09-12 14:49 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-09-12 14:46 . 2008-09-12 14:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-09-12 14:45 . 2008-09-12 14:52 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-09-12 14:42 . 2008-09-12 15:04 \DIR> d-------- C:\Documents and Settings<All Users\Application Data\Microsoft Help 2008-09-12 14:41 . 2008-09-12 14:41 \DIR> dr-h----- C:\MSOCache 2008-09-10 00:20 . 2008-09-10 00:20 95,744 --a------ C:\WINDOWS\system32\sqffom.dll 2008- 09-10 00:20 . 2008-09-10 00:20 95,744 --a------ C: \WINDOWS\system32\myoagmwv.dll 2008-09-10 00:14 . 2008-09-10 00:14 81,408 --a------ C: \WINDOWS\system32\wdpiodne.dll 2008-09-09 00:23 . 2008-09-09 00:23 71,680 --a------ C: \WINDOWS\system32\gjswuclw.dll 2008-09-09 00:17 . 2008-09-09 00:17 94,720 --a------ C: \WINDOWS\system32\xaykxdat.dll 2008-09-09 00:17 . 2008-09-09 00:17 94,720 --a------ C:\WINDOWS\system32\ahkhgw.dll 2008- 09-09 00:14 . 2008-09-09 00:14 81,408 --a------ C: <WINDOWS\system32\yuimcsxj.dll 2008-09-08 03:06 . 2008-09-13 13:35 \DIR> d-------- C:\Program Files\CCleaner 2008-09-08 00:16 . 2008-09-08 00:16 95,232 --a------ C: \WINDOWS\system32\pelaamhe.dll 2008-09-08 00:16 . 2008-09-08 00:16 95,232 --a------ C:\WINDOWS\system32\kldqpw.dll 2008- 09-08 00:13 . 2008-09-08 00:13 81,408 --a------ C: \WINDOWS\system32\plbdeykl.dll 2008-09-07 00:20 . 2008-09-07 00:20 96,256 --a------ C: \WINDOWS\system32\xcevsywx.dll 2008-09-07 00:20 . 2008-09-07 00:20 96,256 --a------ C:\WINDOWS\system32\fzaboa.dll 2008- 09-07 00:14 . 2008-09-07 00:14 81,408 --a------ C: \WINDOWS\system32\mnvfdhdf.dll 2008-09-06 00:20 . 2008-09-06 00:20 95,744 --a------ C:\WINDOWS\system32\mgispo.dll 2008- 09-06 00:20 . 2008-09-06 00:20 95,744 --a------ C: \WINDOWS\system32\mciyejak.dll 2008-09-06 00:14 . 2008-09-06 00:14 81,920 --a------ C: <WINDOWS\system32\xhyrqyjy.dll 2008-09-05 19:14 . 2008-09-05 19:14 &DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search \ Destroy) 2008-09-05 18:31 . 2008-09-05 18:31 95,744 --a------ C:\WINDOWS\system32\qqbmll.dll 2008- 09-05 18:31 . 2008-09-05 18:31 95,744 --a------ C: \WINDOWS\system32\mjwtckix.dll 2008-09-05 18:11 . 2008-09-05 18:11 81,920 --a------ C: \WINDOWS\system32\wwnsyjnj.dll 2008-09-05 18:04 . 2008-09-05 18:04 39,424 --a------ C: \WINDOWS\system32\ssqPjkLb.dll.vir 2008-08-27 17:03 . 2008-08-27 17:03 42,320 --a------ C: \WINDOWS\system32\xfcodec.dll . ((((((((((((((((((((((((((( ((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 00:26 --------- d-----w C:\Program Files\Steam 2008-09-22 22:53 --------- d-----w C:\Documents and Settings&All Users\Application Data\Spybot - Search \ Destroy 2008-09-17 04:52 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype 2008-09-16 22:42 --------- d-----w C:\Documents and Settings\Justin\Application Data\Azureus 2008-09-16 03:33 --------- d-----w C:\Program Files\LimeWire 2008-09-16 01:46 --------- d-----w C:\Program Files\Azureus 2008-09-13 19:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-13 16:41 --------- d-----w C:\Program Files\Diablo II New 2008-09-12 19:07 --------- d-s---w C:\Program Files\Xfire 2008-09-11 23:21 --------- d-----w C:\Program Files\Opera 2008-09-11 23:18 --------- d-----w C:\Documents and Settings\Justin\Application Data&Xfire 2008-09-05 23:21 --------- d-----w C:\Program Files\Spybot - Search \ Destroy 2008-09-02 16:26 --------- d-----w C:\Program Files\MSDOS 2008-08-20 06:18 --------- d-----w C:\Program Files\AIM 2008-08-07 03:34 --------- d-----w C:\Documents and Settings\Justin\Application Data\Vso 2008-08-07 03:33 47,360 ----a-w C: \WINDOWS\system32\drivers\pcouffin.sys 2008-08-07 03:33 47,360 ----a-w C:\Documents and Settings\Justin\Application Data\pcouffin.sys 2008-08-07 03:32 --------- d-----w C:\Program Files\VSO 2008-07-24 07:25 --------- d-----w C:\Documents and Settings\Justin\Application Data\AdobeUM 2006-05-02 03:01 104 -csh--r C:\WINDOWS\system32\CC4891AF8A.sys 2006- 05-02 03:01 4,184 -csha-w C: &WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((( ((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries \ legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e15ef710-d55a-4703-b24c-90d1861afdf2}] 2008-09-22 18:45 113152 --a------ C: \WINDOWS\system32\eyhexz.dll [HKEY_CURRENT_USER\SOFTWARE\Mi crosoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-03-27 1271032] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player&WMPNSCFG.exe" [2006-10-18 204288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search \ Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersi on\RunOnce] "SpybotDeletingB4626"="command" [X] "SpybotDeletingD8404"="del" [X] "SpybotDeletingB1921"="command" [X] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers ion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 C:\WINDOWS\stsystra.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft&Windows\CurrentVers ion\RunOnce] "SpybotDeletingA7349"="command" [X] "SpybotDeletingC8014"="del" [X] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search \ Destroy\SpybotSD.exe" [2008-07-30 4891984] "wextract_cleanup0"="C: \WINDOWS\system32\advpack.dll" [2004-08-10 99840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentvers ion\policies\explorer\Run] "H7ckpPKKJN"="C:\Documents and Settings\All Users\Application Data\xefwjsvi\vafutgte.exe" [2008-09-13 65536] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-20 24576] dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-02-14 315392] Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18432] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentvers ion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles " InstallTheme"= C: \WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\ software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Justin\Start Menu\Programs\Startup\Xfire.lnk backup=C: \WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\ microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C: \WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingA7349] command [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB1921] command [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB4626] command [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingC8014] del [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD8404] del [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\m icrosoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 03:05 127035 C: \WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\soft ware\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\softwar e\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHIN E\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 12:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MA CHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MAC HINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\ microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor] --a------ 2002-03-08 17:57 53248 C:\Program Files\LexmarkX73\ACMonitor_X73.exe [HKEY_LOCAL_MACHINE\soft ware\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\mic rosoft\shared tools\msconfig\startupreg\PrinTray] --a------ 2002-03-08 17:57 36864 C: \WINDOWS\system32\spool\drivers\w32x86\3\printray.exe [HKEY _LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\mic rosoft\shared tools\msconfig\startupreg\wextract_cleanup0] --a------ 2004-08-10 07:00 99840 C: \WINDOWS\system32\advpack.dll [HKEY_LOCAL_MACHINE\software\ microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\ shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a- ----- 2004-08-10 07:00 110592 C: \WINDOWS\system32\bthprops.cpl [HKLM\~\services\sharedacces s\parameters\firewallpolicy\standardprofile\AuthorizedApplic ations\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\bomurray\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Xfire\\Xfire.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\counter- strike\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\condition zero\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\condition zero deleted scenes\\hl.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\novaman350\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Steam\\SteamApps\\justin82954\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Steam\\SteamApps\\justin82954\\team fortress 2\\hl2.exe"= "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"= "C:\\Program Files\\iMesh Applications\\iMesh6\\iMesh6.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe" = [HKLM\~\services\sharedaccess\parameters\firewallpolicy\s tandardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:Blizzard Downloader "6881:TCP"= 6881:TCP:blizzard downloader "6999:TCP"= 6999:TCP:blizzard downloader "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Remote Media Center Experience R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2006-08-03 2208] R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160] S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE [HKEY_CURRENT_USER\software\microsoft\windows\curren tversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9- 806d6172696f}] \Shell\AutoRun\command - E: \setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\cu rrentversion\explorer\mountpoints2\{536c6517-882e-11dd-871c-00123fb85ebf}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{0381F51C-D5E6-42CF-8255-E6FD036A0FB7} - (no file) BHO-{065D3DF9-38FC-4D96-852C-1830840220B4} - C:\WINDOWS\system32\awtqrpqO.dll BHO-{0D867600-DC3C-4CEA-91C0-48C8787DE8BF} - (no file) BHO-{142B7795-53CD-48EE-B6E1-969094F7F3EC} - (no file) BHO-{2bba2f87-87f6-437a-9f6d-ca9aad999ca4} - (no file) BHO-{381F58D8-1DF8-4252-B2F4-7B222B32D897} - (no file) BHO-{39B15A4A-8C87-43B7-9859-E98F429DDEBB} - (no file) BHO-{55DA6D69-D06A-445F-9540-448C332142C4} - (no file) BHO-{855BB504-CBBE-40AD-BD30-C7D5047537C5} - (no file) BHO-{968E542C-7799-4040-879A-78EE9546EB3C} - (no file) BHO-{A644FC9B-7BD4-47E1-A30A-F04E14F27315} - (no file) BHO-{BC63CD84-A2F6-4A57-B7CA-C2128E6B3CCC} - (no file) BHO-{C80B0458-81E5-4671-AFB8-D5B52F665D61} - (no file) BHO-{E62D30A4-D0E6-4A34-980C-197B931E7D55} - (no file) HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKLM-Run-a4f72467 - C:\WINDOWS\system32\wtrrigyp.dll HKLM-Run-BMa7c417fb - C:\WINDOWS\system32\rguydesl.dll HKLM-Run-Antivirus - C:\Program Files\SAV\sav.exe ShellExecuteHooks-{39B15A4A-8C87-43B7- 9859-E98F429DDEBB} - (no file) Notify-ssqPjkLb - (no file) MSConfigStartUp-a4f72467 - C:\WINDOWS\system32\msfvpsqf.dll MSConfigStartUp-Antivirus - C:\Program Files\SAV\sav.exe MSConfigStartUp-BMa7c417fb - C:\WINDOWS\system32\ychdupcn.dll MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Justin\Application Data\Mozilla\FirefoxProfiles3pv20iyg.default FireFox -: prefs.js - STARTUP.HOMEPAGE - -[link]- FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL . ***************** ********************************************************* c atchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, -[link]- Rootkit scan 2008-09-22 20:26:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\rmxenajy.exe 102400 bytes executable scan completed successfully hidden files: 1 ********************************************************* ***************** . ------------------------ Other Running Processes ------------------------ . C: \WINDOWS\system32\ati2evxx.exe C: \WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C: \WINDOWS\system32\LEXBCES.EXE C: \WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\ehome\ehrecvr.exe C: \WINDOWS\ehome\ehSched.exe C:\WINDOWS\ehome\McrdSvc.exe C: \Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\dllhost.exe C: \WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C: \Program Files\ATI Technologies\ATI.ACE\CLI.exe C: \WINDOWS\system32\rundll32.exe C: \WINDOWS\system32\tmtivafk.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe . ***************************** ********************************************* . Completion time: 2008-09-22 20:30:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-23 00:30:22 Pre-Run: 21,238,591,488 bytes free Post-Run: 21,310,644,224 bytes free 403 --- E O F --- 2008-08-14 07:03:02 |
||
Back to top |
|
||
b4ndito |
|
||
b4ndito
Registered Member #958
Joined: Fri Jan 04 2008, 06:59AM
Posts: 3385 |
tl;dr | ||
Back to top |
|
||
Zero |
|
||
I want to fuck your hand.
Registered Member #571
Joined: Thu Feb 15 2007, 09:59PM
Posts: 2809 |
b4ndito wrote ... tl;dr Yeah well it's supposed to be, and you should read because somewhere in there in small print it says "Bandito, WHERE THE FUCK ARE MY WINDOWS CD'S?!?!?!" Really fine print, you must have missed it |
||
Back to top |
|
||
The Caller of Ktulu |
|
||
Registered Member #310
Joined: Fri Jun 23 2006, 07:01AM
Posts: 564 |
Now I can use your credit cards to go buy things online! | ||
Back to top |
|
||
Cha Siew Bao |
|
||
Registered Member #133
Joined: Sat Jan 21 2006, 09:03PM
Posts: 198 |
0) run atfcleaner just to get rid of all temps in one shot found [here] 1) run SmitFraudFix in safe mode found [here] 2) run SDfix also in safe mode found [here] 3) run CWShredder found [here] do those while i look at the log. Do me a fav and post a HiJackThis log alongside too if you can |
||
Back to top |
|
||
Noname|Boom |
|
||
That one guy...
Registered Member #250
Joined: Tue May 09 2006, 11:59PM
Posts: 2603 |
*Buys haxing computers for Dummies* | ||
Back to top |
|
||
Zero |
|
||
I want to fuck your hand.
Registered Member #571
Joined: Thu Feb 15 2007, 09:59PM
Posts: 2809 |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:33, on 9/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C: \WINDOWS\system32\winlogon.exe C: \WINDOWS\system32\services.exe C: \WINDOWS\system32\lsass.exe C: \WINDOWS\system32\Ati2evxx.exe C: \WINDOWS\system32\svchost.exe C: \WINDOWS\System32\svchost.exe C: \WINDOWS\system32\svchost.exe C: \WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C: \WINDOWS\system32\LEXBCES.EXE C: \WINDOWS\system32\spoolsv.exe C: \WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C: \WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C: \WINDOWS\System32\svchost.exe C:\WINDOWS\ehome\RMSvc.exe C: \WINDOWS\system32\svchost.exe C: \WINDOWS\system32\dllhost.exe C: \WINDOWS\system32\wscntfy.exe C:\Documents and Settings\All Users\Application Data\xefwjsvi\vafutgte.exe C:\WINDOWS\ehome\ehtray.exe C: \Program Files\Java\jre1.6.0_07\bin\jusched.exe C: \WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C: \WINDOWS\system32\rundll32.exe C:\program files\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C: \Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell Photo Printer 720\dlbcserv.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\ehome\RMSysTry.exe C: \WINDOWS\system32\dofyfmhg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C: \WINDOWS\system32\dofyfmhg.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -[link]- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = -[link]- O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: {2fdfa168-1d09-c42b-3074-a55d017fe51e} - {e15ef710-d55a-4703-b24c-90d1861afdf2} - C:\WINDOWS\system32\eyhexz.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKLM\..\Run: [BMa7c417fb] Rundll32.exe "C:\WINDOWS\system32\rguydesl.dll",s O4 - HKLM\..\Run: [a4f72467] rundll32.exe "C:\WINDOWS\system32\wtrrigyp.dll",b O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [infoappapl] C:\WINDOWS\system32\dofyfmhg.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB4626] command /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8404] cmd /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB1921] command /c del "C:\Documents and Settings\Justin\Local Settings\Temp\x.ico" O4 - HKLM\..\Policies\Explorer\Run: [h] C:\Documents and Settings\All Users\Application Data\xefwjsvi\vafutgte.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xport to Microsoft Excel - -[link]- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: ssqPjkLb - C:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7123 bytes running the programs you gave me in safe mode, bb in 10 mins |
||
Back to top |
|
||
Cha Siew Bao |
|
||
Registered Member #133
Joined: Sat Jan 21 2006, 09:03PM
Posts: 198 |
hmm, do another with hijackthis. If you see this in the log still 4 - HKCU\..\RunOnce: [SpybotDeletingB4626] command /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8404] cmd /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB1921] command /c del "C:\Documents and Settings\Justin\Local Settings\Temp\x.ico" unplug internets, disable spybot, reboot, re-run hijackthis, if still there, reboot, re-run combofix in safemode. If its not there then just post the log again and lets see whats left to clean. Trojan is already identified btw To disable Spybot's Teatimer: Run Spybot-S&D Go to the Mode menu, and make sure "Advanced Mode" is selected On the left hand side, choose Tools -> Resident Uncheck "Resident TeaTimer" and OK any prompts Edited Tue Sep 23 2008, 03:01AM |
||
Back to top |
|
||
Zero |
|
||
I want to fuck your hand.
Registered Member #571
Joined: Thu Feb 15 2007, 09:59PM
Posts: 2809 |
I did a SDfix and it seems to have fix whatever SDFix: Version 1.228 Run by Justin on Mon 09/22/2008 at 23:05 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\RYRUNWFQ.exe - Deleted C:\DOCUME~1\Justin\LOCALS~1\Temp\TMP17.tmp - Deleted C:\WINDOWS\system32\msxml71.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, -[link]- Rootkit scan 2008-09-22 23:12:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\B THPORT\Parameters\Keys\000272c474c6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\P arameters\Keys\000272c474c6] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shar edaccess\parameters\firewallpolicy\standardprofile\authorize dapplications\list] "%windir%\\system32\\sessmgr.exe"="% windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,- 22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C: \\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Valve\\Steam\\SteamApps\\bomurray\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\bomurray\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire" "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\counter- strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\counter- strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\justin82954\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*: Enabled:LimeWire swarmed installer" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Valve\\Steam\\SteamApps\\novaman350\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\novaman350\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Steam\\SteamApps\\justin82954\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\justin82954\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Program Files\\Steam\\SteamApps\\justin82954\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\justin82954\\team fortress 2\\hl2.exe:*:Disabled:hl2" "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv" "C: \\Program Files\\iMesh Applications\\iMesh6\\iMesh6.exe"="C:\\Program Files\\iMesh Applications\\iMesh6\\iMesh6.exe:*:Disabled:iMesh" "C: \\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player" "C:\\WINDOWS\\ehome\\ehshell.exe"="C: \\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shar edaccess\parameters\firewallpolicy\domainprofile\authorizeda pplications\list] "%windir%\\system32\\sessmgr.exe"="% windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,- 22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe" Mon 1 May 2006 104 ..SHR --- "C:\WINDOWS\system32\CC4891AF8A.sys" Mon 1 May 2006 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sun 15 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 21 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Justin\Application Data\U3\temp\Launchpad Removal.exe" Sat 24 Dec 2005 9,506 A.SH. --- "C:\Documents and Settings\Justin\My Documents\My Music\License Backup\drmv2key.bak" Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Justin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp" Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Justin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp" Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Justin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp" Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Justin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp" Finished! I'll unplug internets and do the hijack this again. Read that log while I do it, brb P.S. I don't know how to boot in safe mode. the only way I can get to the menu is if I restart my computer 3 times in a row, hahahahah. fucking dell piece of shit |
||
Back to top |
|
||
Cha Siew Bao |
|
||
Registered Member #133
Joined: Sat Jan 21 2006, 09:03PM
Posts: 198 |
should be keep tapping F8 while you're booting... before the windows with the progression bar icon comes up. then you can pick w/e (safe mode, safe with networking etc) Waitin on the HJT log |
||
Back to top |
|
||
Powered by e107 Forum System
|
|
Chatbox
Where is the best place we can all link up to have a reunion? A facebook group? Only platform I think we all look at daily hahah but who knows if anyone wants to show their actual face. :P Made one just now -[link]-
2 years ago
Oh I'm so down. I still play zombie escape sometimes on CS:S. Never gets old. So down for Office.
Also 15 years for me. Fuck man we are getting old as shit.
Also, loving Back 4 Blood. Highly recommend to everyone who enjoys coop zombie action. I play on steam. gLiTch handle was retired with FT. You can find me as theRemedy on Steam friends.
Also 15 years for me. Fuck man we are getting old as shit.
Also, loving Back 4 Blood. Highly recommend to everyone who enjoys coop zombie action. I play on steam. gLiTch handle was retired with FT. You can find me as theRemedy on Steam friends.
3 years ago
Super down for a rerun. I think we all have some old connections to plan something ahead of time, on an updated game, or even outdated, for all of us to do an event on. I would look forward to that very much
3 years ago
View all posts (680)
Online
- Guests: 139
- Members: 0
- Newest Member: kremtest
-
Most ever online: 329
Guests: 329, Members: 0 on Tuesday 21 January 2020 - 22:22:19