Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

How to virus hunt and kill

Discuss How to virus hunt and kill in the Antivirus Protection forum on Dev Shed.
How to virus hunt and kill Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Page 1 of 2 1 2 >
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old April 8th, 2008, 03:08 AM
CryTek CryTek is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 16 CryTek User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 1 m 5 sec
Reputation Power: 0
How to virus hunt and kill
I have had these 2 viruses for the past I'm guessing 2years:
jkihbgh.exe
dmmtjcj.exe

Google search brings me a program called prevx csi, nothing else.

My Operating system Winxp service pack 2.
AMD 3800X2 2gigRam 4Xharddrives

I know exactly where in my computer where these 2 viruses are but I can't do anything about it. When i click open the folder (C:/Programs/Commonfiles etc) that they are in the windows explorer bar shuts off. If i google a link to a antivirus software website the website shuts off..(I use firefox 2.0)

My antivirus is Bitdefender and it won't touch it...it can see it but can't do anything about it.....I used Prevx and it restarts and cleans it but these 2 viruses come right back.
I re-install my operating system and sooner than later its in task manager again. (would make you think I pick them up from a website.?)

I click on the folder that these viruses are in with Unlocker and unlocker doesn't see the process running even though task manager does.
80% of my computer use is as a media box for movies and mp3s.
These 2 viruses are awesome at making copies of themselves and infecting my laptops as well via..external drives.

clicking end task in task manager does nothing because they instantly restart.
restart in safemode doesn't work cause the computer endlessly restarts after the safemode option is selected.

A big thank you to everyone who reads my post and for any advice.
Reply With Quote
  #2  
Old April 8th, 2008, 08:26 AM
Porthos's Avatar
Porthos Porthos is offline
Malware Warrior /AV forum Mod
Dev Shed Beginner (1000 - 1499 posts)
  
Join Date: Nov 2006
Location: San Antonio Tx
Posts: 1,479 Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level) 
Time spent in forums: 1 Week 5 Days 7 h 51 m 17 sec
Reputation Power: 508
Will your computer stay running for us to run any tools?
__________________
O'Neill: "So, we basically saved your whole planet, right?"
Chancellor: "Yes."
O'Neill: "Are you, therefore, indebted to us in any modest way?"
Chancellor: "I suppose that is the case."
O'Neill: "So how 'bout the blueprints to build one of those ion cannons?"
Chancellor: "You have been told our policy. That has not changed."
Reply With Quote
  #3  
Old April 8th, 2008, 11:58 AM
CryTek CryTek is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 16 CryTek User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 1 m 5 sec
Reputation Power: 0
Sure, I run my desktop computer 24/7. These 2 programsjkihbgh.exe)( dmmtjcj.exe) don't affect stability of the computer unless i try to mess with them. They act more defensively than offensive...I know with use of a port scanner that one of them uses a port, I forget which one.

NEWS...
Hey get this....I "cleaned" my computer with the program Prevx..6 hours later it was back in my taskmanager...my activity in that 6 hours was this website and Slashdot...and no infection...then on a hunch..I started a program called Steam. Its a gaming program I got with this game called Counter-Strike...As soon as I opened the program Steam to play the game..these 2 viruses appear in my Task manager...It may seem as though they are either Game website And/Or game program related.

Could it be I've found the culprit?
This Counter-strike game is new..picked it up over the weekend..but I've run into these 2 programs before every now and then...so perhaps its PC gaming website related. The Steam program does bring up a website and then the game server page.
Reply With Quote
  #4  
Old April 8th, 2008, 12:40 PM
Porthos's Avatar
Porthos Porthos is offline
Malware Warrior /AV forum Mod
Dev Shed Beginner (1000 - 1499 posts)
  
Join Date: Nov 2006
Location: San Antonio Tx
Posts: 1,479 Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level)Porthos User rank is Colonel (50000 - 60000 Reputation Level) 
Time spent in forums: 1 Week 5 Days 7 h 51 m 17 sec
Reputation Power: 508
Lets take a look at you system.

Download Deckard's System Scanner. HERE

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - Main.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread here.
5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
6. Attach Extra.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What Deckard's System Scanner will do:

* create a new System Restore point in Windows XP and Vista.
* clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
* check some important areas of your system and produce a report for your analyst to review. Deckard's System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


When you get the two notepad documents, click somewhere inside the notepad document and hold CTRL/Control and press A then C. This will "select all" and "copy" the text.

Please post both of the logs.
Reply With Quote
  #5  
Old April 8th, 2008, 01:02 PM
CryTek CryTek is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 16 CryTek User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 1 m 5 sec
Reputation Power: 0
lol..these 2 bugs instantly kill the DSS.program..doesn't surprise me.

I click on the Dss program and when the screen comes up, it instantly terminates.

I could disinfect the computer with prevx, but I'm not sure if that would you out at all.
Reply With Quote
  #6  
Old April 8th, 2008, 01:41 PM
CryTek CryTek is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 16 CryTek User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 1 m 5 sec
Reputation Power: 0
ok I managed to get through DSS but the reports are too big to post all at once.
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
17/11/2007 16:57 130048 --a------ C:\WINDOWS\mpcodecplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [24/02/2005 17:26]
"SoundMan"="SOUNDMAN.EXE" [17/11/2006 05:42 C:\WINDOWS\soundman.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [27/02/2008 09:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"dqipyvp"="C:\Program Files\Common Files\System\dmmtjcj.exe" [12/10/2007 08:15]
"exqmmle"="C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe" [12/10/2007 08:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 17:07]
"Steam"="C:\Program Files\Steam\Steam.exe" [07/04/2008 05:33]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24/05/2006 11:31]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A93A4625-6216-499C-B360-BBD0A7C0D479}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\QQGS1.dll [08/04/2008 10:26 240747]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AST.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FYFireWall.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPF.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair.com]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapw32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPFMntor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQKav.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng.EXE]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upiea.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\USBCleaner.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsstat.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscanx.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
Reply With Quote
  #7  
Old April 8th, 2008, 01:42 PM
CryTek CryTek is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 16 CryTek User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 1 m 5 sec
Reputation Power: 0
ok I managed to get through DSS but the reports are too big to post all at once.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.42 MiB / 1601.71 MiB
Pagefile Memory (total/avail): 3939.43 MiB / 3600.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 14.62 GiB total, 6.37 GiB free.
D: is Fixed (NTFS) - 59.9 GiB total, 47.19 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 152.59 GiB total, 136.49 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 14.62 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 59.9 GiB - D:

\\.\PHYSICALDRIVE1 - Maxtor 6 Y160P0 USB Device - 152.6 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 152.59 GiB - G:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gimp\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TVIRUS-DBA70AAD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gimp
LOGONSERVER=\\TVIRUS-DBA70AAD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\gimp\LOCALS~1\Temp
TMP=C:\DOCUME~1\gimp\LOCALS~1\Temp
USERDOMAIN=TVIRUS-DBA70AAD
USERNAME=gimp
USERPROFILE=C:\Documents and Settings\gimp
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

gimp (admin)


-- Add/Remove Programs ---------------------------------------------------------

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
BitCometBeta [20080311] --> C:\Program Files\BitComet\uninst.exe
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Futuremark SystemInfo --> C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
Guild Wars --> "D:\Guild Wars\Gw.exe" -uninstall
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Prevx CSI --> "C:\Program Files\PrevxCSI\\PrevxCSI.exe" /prop UNINSTALL=Y
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type194 / Error
Event Submitted/Written: 04/08/2008 09:46:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dmmtjcj.exe, version 0.0.0.0, faulting module dmmtjcj.exe, version 0.0.0.0, fault address 0x000019ba.
Processing media-specific event for [dmmtjcj.exe!ws!]

Event Record #/Type192 / Error
Event Submitted/Written: 04/08/2008 09:46:12 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dmmtjcj.exe, version 0.0.0.0, faulting module dmmtjcj.exe, version 0.0.0.0, fault address 0x00001c46.
Processing media-specific event for [dmmtjcj.exe!ws!]

Event Record #/Type171 / Error
Event Submitted/Written: 04/07/2008 08:15:20 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mplayer2.exe, version 6.0.2.902, faulting module msdxm.ocx, version 6.4.9.1130, fault address 0x0001c6ab.
Processing media-specific event for [mplayer2.exe!ws!]

Event Record #/Type169 / Error
Event Submitted/Written: 04/07/2008 08:15:17 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mplayer2.exe, version 6.0.2.902, faulting module msdxm.ocx, version 6.4.9.1130, fault address 0x0001c6ab.
Processing media-specific event for [mplayer2.exe!ws!]

Event Record #/Type167 / Error
Event Submitted/Written: 04/07/2008 08:10:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mplayer2.exe, version 6.0.2.902, faulting module msdxm.ocx, version 6.4.9.1130, fault address 0x0001c6ab.
Processing media-specific event for [mplayer2.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type328 / Error
Event Submitted/Written: 04/08/2008 03:38:51 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type304 / Error
Event Submitted/Written: 04/08/2008 03:32:28 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.100.2 for the Network Card with network address 00115BE39371 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type303 / Error
Event Submitted/Written: 04/08/2008 03:32:07 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 76.17.173.44 for the Network Card with network address 00115BE39371 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type302 / Warning
Event Submitted/Written: 04/08/2008 03:32:07 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00115BE39371. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type273 / Error
Event Submitted/Written: 04/08/2008 00:43:38 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460



-- End of Deckard's System Scanner: finished at 2008-04-08 11:22:43 ------------
Reply With Quote
  #8  
Old April 8th, 2008, 01:45 PM
CryTek CryTek is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 16 CryTek User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 1 m 5 sec
Reputation Power: 0
The rest of Main txt.
Deckard's System Scanner v20071014.68
Run by gimp on 2008-04-08 11:21:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as gimp.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:45, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe
C:\Program Files\Common Files\System\dmmtjcj.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gimp\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\gimp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dqipyvp] C:\Program Files\Common Files\System\dmmtjcj.exe
O4 - HKLM\..\Run: [exqmmle] C:\Program Files\Common Files\Microsoft Shared\jkihbgh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5411 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CSIScanner - "c:\program files\prevxcsi\\prevxcsi.exe" /service <Not Verified; Prevx; Prevx CSI>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>

S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 11:21:43 0 d-------- C:\Program Files\Trend Micro
2008-04-08 09:45:57 65116 ---hs---- C:\Program Files\meex.exe
2008-04-08 03:32:59 0 dr-h----- C:\Documents and Settings\gimp\Recent
2008-04-07 23:24:48 0 d-------- C:\WINDOWS\system32\Futuremark
2008-04-07 23:24:47 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-07 23:24:47 0 d-------- C:\Documents and Settings\gimp\Application Data\InstallShield
2008-04-07 23:24:33 0 d-------- C:\WINDOWS\Sun
2008-04-07 23:24:33 0 d-------- C:\Documents and Settings\gimp\Application Data\Sun
2008-04-07 23:24:07 0 d-------- C:\Program Files\Java
2008-04-07 23:24:02 0 d-------- C:\Program Files\Common Files\Java
2008-04-07 22:58:44 0 d-------- C:\Documents and Settings\gimp\Application Data\Desktopicon
2008-04-07 05:51:25 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-07 05:51:25 0 d-------- C:\Downloads
2008-04-07 05:51:04 0 d-------- C:\Program Files\BitComet
2008-04-07 05:46:53 10880 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
2008-04-07 05:46:53 0 d-------- C:\Program Files\PrevxCSI
2008-04-07 05:46:49 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-04-07 05:41:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-07 05:41:33 0 d-------- C:\Documents and Settings\gimp\Application Data\Mozilla
2008-04-07 05:39:18 0 d-------- C:\Program Files\RegistryFix
2008-04-07 05:37:20 0 d-------- C:\Program Files\NoAdware5.0
2008-04-07 05:33:18 0 d-------- C:\Documents and Settings\gimp\Application Data\ATI
2008-04-07 05:33:18 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-07 05:32:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-07 05:29:10 0 d-------- C:\Documents and Settings\gimp\Application Data\Macromedia
2008-04-07 05:26:11 0 d-------- C:\Program Files\TGTSoft
2008-04-07 05:25:49 0 d-------- C:\Program Files\ExtractNow
2008-04-07 05:24:52 0 d-------- C:\Program Files\Realtek Sound Manager
2008-04-07 05:24:40 0 d-------- C:\Program Files\AvRack
2008-04-07 05:24:32 0 d-------- C:\Program Files\Realtek AC97
2008-04-07 05:24:30 315392 -ra------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-04-07 05:23:48 22 --a------ C:\WINDOWS\FileName
2008-04-07 05:23:43 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-07 05:23:09 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-07 05:22:04 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-07 05:21:19 0 d-------- C:\Program Files\AVI Codec Pack
2008-04-07 05:21:18 0 d-------- C:\WINDOWS\system32\quicktime
2008-04-07 05:20:57 0 d-------- C:\Program Files\Fusion Media Player
2008-04-07 05:20:41 0 d-------- C:\Program Files\Matroska Pack
2008-04-07 05:19:50 0 d-------- C:\Program Files\Steam
2008-04-07 05:18:24 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-07 05:18:07 0 d-------- C:\Program Files\ATI Technologies
2008-04-07 05:18:05 0 d--h----- C:\Program Files\InstallShield Installation Information<