CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 934
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[READY]can only start computer in safe mode

 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
slingingshot15

Cadet
Cadet


Joined: Apr 19, 2008
Posts: 3
Location: Trinidad_and_Tobago
PostPosted: Sat Jul 19, 2008 8:15 pm    Post subject: can only start computer in safe mode
Reply with quote

hi there i am running xp and when i try to start my computer i get this error message that has a big red X similar to the combo fix sign and they give me the option of either yes or no. it doesnt have anything to read. when i click on my uname it doesnt boot the computer but it says logging off...here are my combo fix and hijack this logs

ComboFix 08-07-18.5 - Administrator 2008-07-19 9:55:05.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.298 [GMT -4:00]
Running from: F:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-19 08:14 . 2008-07-08 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-19 08:14 . 2008-07-19 08:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-12 13:12 . 2008-07-12 13:12 <DIR> d-------- C:\Program Files\alot
2008-07-12 13:12 . 2008-07-12 13:14 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\alot
2008-07-12 13:11 . 2008-07-12 13:12 144 --a------ C:\domains.dat
2008-07-11 06:28 . 2008-07-11 06:28 <DIR> d---s---- C:\Documents and Settings\Bachan Ramdhan\UserData
2008-07-10 22:55 . 2008-07-10 22:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-10 20:26 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-10 20:26 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-10 18:28 . 2008-07-10 18:28 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\Motive
2008-07-10 18:21 . 2008-07-10 18:21 <DIR> d-------- C:\WINDOWS\Motive
2008-07-10 18:21 . 2008-07-10 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-07-10 18:20 . 2008-07-10 18:28 <DIR> d-------- C:\Program Files\TSTT Quick Assist
2008-07-10 18:20 . 2008-07-10 18:20 <DIR> d-------- C:\Program Files\Motive
2008-07-10 18:13 . 2008-07-10 18:38 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-10 18:13 . 2008-07-10 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-07-10 18:13 . 2005-04-05 18:20 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2008-07-10 18:13 . 2005-03-25 19:27 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-07-09 22:07 . 2008-07-09 22:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-09 22:07 . 2008-07-09 22:38 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\uTorrent
2008-07-09 19:12 . 2008-07-09 19:12 <DIR> d-------- C:\WINDOWS\CLUE Classic
2008-07-09 19:12 . 2008-07-09 19:12 <DIR> d-------- C:\Program Files\CLUE Classic
2008-07-09 19:12 . 2008-07-09 19:12 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\GamesCafe
2008-07-09 19:12 . 2008-07-09 19:12 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-08 22:24 . 2008-07-08 22:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-08 20:48 . 2008-07-08 20:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-08 19:55 . 2008-07-08 19:56 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-08 19:55 . 2008-07-08 19:56 <DIR> d--h----- C:\Documents and Settings\Bachan Ramdhan\Application Data\GTek
2008-07-08 19:55 . 2008-07-08 19:56 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-08 19:53 . 2008-07-08 19:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-08 06:12 . 2008-07-08 06:18 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\U3
2008-06-24 18:38 . 2008-06-24 18:38 <DIR> d-------- C:\BIBLECD3
2008-06-24 18:38 . 1993-05-12 00:00 398,416 --------- C:\WINDOWS\vbrun300.dll
2008-06-24 18:38 . 2008-06-24 18:38 62,080 --a------ C:\WINDOWS\iun1400.exe
2008-06-24 18:38 . 1992-10-21 00:00 38,366 --------- C:\WINDOWS\system\vbodbca.dll
2008-06-24 18:38 . 1993-08-16 10:41 20,880 --------- C:\WINDOWS\system\vbprint.dll
2008-06-24 18:38 . 1993-04-28 00:00 18,688 --------- C:\WINDOWS\CMDIALOG.VBX
2008-06-22 21:33 . 2008-07-10 09:59 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-22 18:07 . 2008-06-22 18:08 <DIR> d-------- C:\pmw
2008-06-22 18:07 . 2008-06-22 18:07 0 --a------ C:\WINDOWS\MSREGUSR.INI
2008-06-22 17:29 . 2008-07-12 06:30 766 --a------ C:\WINDOWS\logo.ico
2008-06-21 09:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-21 09:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-21 09:25 . 2008-06-21 09:25 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-21 09:25 . 2008-06-21 09:25 <DIR> d--h----- C:\Program Files\CanonBJ
2008-06-21 09:25 . 2008-06-21 09:25 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-21 09:25 . 2008-04-03 05:00 198,656 --a------ C:\WINDOWS\system32\CNMLM7K.DLL
2008-06-21 09:25 . 2008-02-07 15:59 195,072 --a------ C:\WINDOWS\system32\CNCC150.DLL
2008-06-21 09:25 . 2005-05-30 19:45 139,264 --a------ C:\WINDOWS\system32\CNCL150.DLL
2008-06-21 09:25 . 2006-06-29 14:29 106,496 --a------ C:\WINDOWS\system32\cncisco.dll
2008-06-21 09:25 . 2008-02-07 15:59 37,888 --a------ C:\WINDOWS\system32\CNCI150.DLL
2008-06-20 16:40 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-20 16:40 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-20 16:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-20 16:39 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-20 10:21 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-20 10:13 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-20 10:13 . 2008-06-20 10:13 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-20 10:11 . 2008-06-20 10:11 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-20 10:10 . 2008-06-20 10:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-20 10:10 . 2008-06-20 10:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-20 10:09 . 2008-06-20 10:09 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-20 10:08 . 2008-06-20 10:10 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-20 10:05 . 2008-06-20 10:05 <DIR> dr-h----- C:\MSOCache
2008-06-20 09:06 . 2008-06-20 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-20 09:05 . 2007-03-07 19:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-20 09:05 . 2007-03-07 19:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-20 09:05 . 2007-03-07 19:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-20 09:05 . 2007-03-07 19:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-20 09:04 . 2008-06-20 09:05 <DIR> d-------- C:\Program Files\Winamp
2008-06-20 09:04 . 2008-06-20 09:04 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\Winamp
2008-06-20 09:02 . 2008-06-20 09:02 <DIR> d-------- C:\Program Files\Webshots
2008-06-20 09:02 . 2008-06-20 09:02 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\Webshots
2008-06-20 09:01 . 2008-06-22 17:27 <DIR> d-------- C:\Documents and Settings\Bachan Ramdhan\Application Data\Ahead
2008-06-20 08:59 . 2008-06-20 08:59 <DIR> d-------- C:\Program Files\Nero
2008-06-20 08:59 . 2008-06-20 09:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-20 08:59 . 2008-06-20 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-20 08:55 . 2008-06-20 08:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-20 08:54 . 2008-06-20 08:54 <DIR> d-------- C:\Program Files\CyberLink
2008-06-20 08:54 . 2003-03-18 20:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2008-06-20 08:54 . 2003-02-21 04:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-06-20 08:54 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-20 08:42 . 2008-06-20 08:42 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-06-20 08:42 . 2008-06-20 08:42 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-20 08:42 . 2008-06-20 08:42 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-20 08:39 . 2008-06-20 08:39 <DIR> d-------- C:\Program Files\Realtek
2008-06-20 08:39 . 2008-06-20 08:39 <DIR> d-------- C:\Program Files\Driver
2008-06-20 08:38 . 2008-06-20 08:38 <DIR> d-------- C:\WINDOWS\vnDrvBas
2008-06-20 08:38 . 2006-10-27 04:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-06-20 08:38 . 2007-02-27 04:14 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-06-20 08:37 . 2008-06-20 08:37 <DIR> d-------- C:\Program Files\S3
2008-06-20 08:37 . 2008-06-20 08:54 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 08:36 . 2008-06-20 08:36 <DIR> d-------- C:\Program Files\VIA
2008-06-20 08:36 . 2008-06-20 08:53 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-20 08:36 . 2005-11-17 03:46 337,320 --a------ C:\WINDOWS\system32\difxapi.dll
2008-06-20 08:35 . 2005-03-16 02:23 13,696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 22:21 1,096 ----a-w C:\Program Files\DOWNLOAD_INSTALL.LOG
2008-07-10 22:13 155,995 ----a-w C:\WINDOWS\java\Packages\SBNDJPNB.ZIP
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 12:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 20:01 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

Code:
<pre>
----a-w         6,749,544 2003-11-26 03:50:00  C:\Documents and Settings\Bachan Ramdhan\My Documents\SF 2014, HP\Documents and Settings\Owner.BACHAN.000\Desktop\Desctop Data\brian1\Games\DX Ball 2\Warez - Gamez - Dx - Ball 2 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" [2007-03-12 13:49 16944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Motive SmartBridge"="C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe" [2006-06-27 13:03 458839]

C:\Documents and Settings\Bachan Ramdhan\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1998-05-18 12:41:00 255408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TSTT Quick Assist.lnk - C:\Program Files\TSTT Quick Assist\bin\matcli.exe [2008-07-10 18:20:52 217088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bachan Ramdhan^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Bachan Ramdhan\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 22:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-06-13 14:49 16377344 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
--a------ 2007-05-15 10:31 200704 C:\WINDOWS\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26]
S1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 02:23]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 04:14]
S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-06-04 11:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 09:58:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-07-19 10:02:40
ComboFix-quarantined-files.txt 2008-07-19 14:02:32

Pre-Run: 45,801,672,704 bytes free
Post-Run: 46,800,547,840 bytes free

199 --- E O F --- 2008-07-11 03:12:56




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:31 AM, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 2626 bytes
Back to top
View users profile Send private message
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17155

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Sun Jul 20, 2008 5:14 am    Post subject:
Reply with quote

You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
239ppm 0.583s (0.149s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer