Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages V   1 2 3 >  
Closed TopicStart new topic
> Log Looks Dirty, Lots of svchost's and one takes alot of Mem in task manager.
ibLah
post Jul 6 2007, 07:07 PM
Post #1


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
I see allot of crap but I'm not sure what I should be deleting. crazy.gif
I'm also wondering why I have so many svchost.exe's running. I thought that there was only supposed to be like 4. One of them takes up alot of "Mem Usage" in the task manager.
It shows 9 svchost.exe's in task manager but in the HJT log it shows only 6. Why is that?



Logfile of HijackThis v1.99.1
Scan saved at 7:52:33 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Justin\Start Menu\Programs\Startup\DUC20.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O1 - Hosts: 85.214.19.81 l2testauthd.lineage2.com
O1 - Hosts: 85.214.19.81 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: DUC - Justin.log
O4 - Startup: DUC20.exe
O4 - Startup: Service.log
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{729F5C05-D1D1-489B-BFA2-0E33112B0160}: NameServer = 66.181.124.254,66.181.127.131
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

This post has been edited by ibLah: Jul 6 2007, 07:13 PM


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 7 2007, 08:53 AM
Post #2


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\regscan.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the box --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot back into normal mode.

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Go to the top of the page
 
+Quote Post
ibLah
post Jul 7 2007, 05:28 PM
Post #3


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
I did all but combofix. I let it run for 30 mins and got impatient so I closed it, restarted my computer, ran it again and took off for a few hours. When I came back it was still scanning so I just closed it.
I also had a problem running Disk Cleaner (cleanmgr). So I rebooted back to normal mode, searched google and found this: "Disk Cleanup Tool...". Then I rebooted back to safe mode and it worked.

Oh yeah.. combofix also reset my time settings to 24hours. dry.gif



~~~~~~~~~~~~~~~~~~~~~~New HJT Log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 18:21, on 2007-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Justin\Start Menu\Programs\Startup\DUC20.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 85.214.19.81 l2testauthd.lineage2.com
O1 - Hosts: 85.214.19.81 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: DUC - Justin.log
O4 - Startup: DUC20.exe
O4 - Startup: Service.log
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{729F5C05-D1D1-489B-BFA2-0E33112B0160}: NameServer = 66.181.124.254,66.181.127.131
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Maybe I should leave combofix running over night?

This post has been edited by ibLah: Jul 7 2007, 05:30 PM


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 9 2007, 01:55 PM
Post #4


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Please click on start > run > and type: cmd /c set >\set.txt&&\set.txt
Hit enter and let the DOS windows open and close. This is normal.
A notepad window will open with text inside, copy and paste that back here.

Also, right click on the combofix.exe on your desktop, and tell me it's file size please.
Go to the top of the page
 
+Quote Post
ibLah
post Jul 9 2007, 10:20 PM
Post #5


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
QUOTE
Please click on start > run > and type: cmd /c set >\set.txt&&\set.txt


I did that several times and not once did notepad come up. command prompt came up and closed but nothing after that.

combofix is 1.06mb.


=/

This post has been edited by ibLah: Jul 9 2007, 10:20 PM


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 10 2007, 04:58 AM
Post #6


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Click start > run > and type: notepad
Hit enter and let me know what happens...

Click start > run and type: C:. Look for a folder called Combofix. Is it there?
If so, please open that folder, and double click on the file called ComboFix.bat.
Combofix should run, and please post the text file that will open at the end back here.

If that still doesn't work, and only if it didn't, let's try running it from the command prompt.
Start > Run - cmd /k C:\ComboFix\ComboFix.bat

Let me know how you get on, it's important we find out the cause of the problem.
Go to the top of the page
 
+Quote Post
ibLah
post Jul 10 2007, 12:27 PM
Post #7


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
When I type "notepad" into "Run..." notepad comes up.


I found C:\Combofix but when i ran combofix.bat and press 1 it tells me it cant find vundonames.cf. =/


When I typed "cmd /k C:\ComboFix\ComboFix.bat" into "Run..." a command promp came up but it gave me an error type thingy...




Should I delete combofix and download it again?

This post has been edited by ibLah: Jul 10 2007, 01:32 PM


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 10 2007, 01:37 PM
Post #8


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Ok let's try that. Delete combofix from your desktop, along with the "C:\ComboFix" folder.
Redownload combofix from the above link, and rerun it a per previous instructions..
If it doesn't work, don't worry - I will get the tool author to have a look.
Go to the top of the page
 
+Quote Post
ibLah
post Jul 10 2007, 04:31 PM
Post #9


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
Okay I deleted it off my desktop and I deleted the combofix folder then i downloaded again. Let it run for an hour and it did nothing. I when in the combofix folder again and ran ComboFix.bat and it gave me the same error as before.


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 11 2007, 05:28 AM
Post #10


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
ibLah
post Jul 11 2007, 12:35 PM
Post #11


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
Yay it worked. smile.gif




extra.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 1.80GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 510.48 MiB / 285.41 MiB
Pagefile Memory (total/avail): 1248.82 MiB / 982.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1968.04 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.91 GiB total, 3.14 GiB free.
E: is CDROM (No Media)
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Guild Wars\\Gw.exe"="C:\\Program Files\\Guild Wars\\Gw.exe:*:Enabled:Guild Wars"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Steam\\SteamApps\\matrex1\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\matrex1\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1142912584\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1142912584\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Steam\\SteamApps\\matrex1\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\matrex1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe:*:Disabled:PDP RPC Server"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\BYOND\\bin\\dreamseeker.exe"="C:\\Program Files\\BYOND\\bin\\dreamseeker.exe:*:Enabled:dreamseeker"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Full Files\\Unreal Tournament\\System\\UnrealTournament.exe"="C:\\Full Files\\Unreal Tournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Full Files\\Command and Conquer Red Alert 2\\GAME.EXE"="C:\\Full Files\\Command and Conquer Red Alert 2\\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"C:\\MatreX Private mIRC\\mirc.exe"="C:\\MatreX Private mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft SQL Server\\MSSQL\\Binn\\sqlservr.exe"="C:\\Program Files\\Microsoft SQL Server\\MSSQL\\Binn\\sqlservr.exe:*:Enabled:SQL Server Windows NT"
"C:\\muserver\\DataServer1\\Dataserver.exe"="C:\\muserver\\DataServer1\\Dataserver.exe:*:Enabled:Dataserver ?? ????"
"C:\\muserver\\DataServer2\\Dataserver.exe"="C:\\muserver\\DataServer2\\Dataserver.exe:*:Enabled:Dataserver ?? ????"
"C:\\muserver\\CS\\CS.exe"="C:\\muserver\\CS\\CS.exe:*:Enabled:CS"
"C:\\muserver\\JoinServer\\JoinServer.exe"="C:\\muserver\\JoinServer\\JoinServer.exe:*:Enabled:JoinServer MFC ?? ????"
"C:\\muserver\\RankingServer\\DevilSqure_EventServer.exe"="C:\\muserver\\RankingServer\\DevilSqure_EventServer.exe:*:Enabled:DevilSqure_EventServer"
"C:\\muserver\\ExDB\\Exdb.exe"="C:\\muserver\\ExDB\\Exdb.exe:*:Enabled:Exdb MFC ?? ????"
"C:\\muserver\\GameServer\\GameServer.exe"="C:\\muserver\\GameServer\\GameServer.exe:*:Enabled:GameServer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Installs\\utorrent.exe"="C:\\Installs\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Game"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\utorrent.exe"="C:\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Crimson Editor\\cedt.exe"="C:\\Program Files\\Crimson Editor\\cedt.exe:*:Enabled:Crimson Editor"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Justin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMECOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Justin
JAVA_HOME=C:\BigApache\j2sdk141
JBOSS_HOME=C:\BigApache\jboss
LOGONSERVER=\\HOMECOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\QuickTime\QTSystem\;c:\BigApache\perl\bin;C:\BigApache\perl\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
USERDOMAIN=HOMECOMPUTER
USERNAME=Justin
USERPROFILE=C:\Documents and Settings\Justin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Justin (admin)
max orlando (admin)
Administrator.JEANNAORLANDO (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\Program Files\Microsoft SQL Server\MSSQL$JUSTIN\Uninst.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
.sol Editor 1.1.0.1 --> C:\Program Files\Sol Edit\uninst.exe
a-squared Personal 1.6.5 --> "C:\Program Files\a-squared\unins000.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
ActionReplay Xbox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\ActionReplay Xbox\Uninst.isu"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AppServ v2.4.5 --> C:\WINDOWS\unvise32.exe C:\AppServ\uninstal.log
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Big Kahuna Reef 2 (remove only) --> "C:\Program Files\Yahoo! Games\Big Kahuna Reef 2\Uninstall.exe"
BigApache --> C:\WINDOWS\unvise32.exe C:\WINDOWS\BigApache_uninstal.log
Blast Thru --> C:\eGames\BLASTT~1\UNWISE.EXE C:\eGames\BLASTT~1\INSTALL.LOG
Broadcom 440x Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Cablenut 4.08 --> C:\Program Files\Cablenut\uninst-cablenut.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Client Fix 1.9.2 --> C:\WINDOWS\iun6002.exe "C:\Program Files\World of Warcraft\irunin.ini"
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.03.02.0425) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres CtCamPin.crl
Creative WebCam Instant User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Cubis Gold 2 --> C:\PROGRA~1\FRESHG~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\FRESHG~1\CUBISG~1\INSTALL.LOG
Dedicated Server --> "C:\Valve\Steam\steam.exe" steam://uninstall/5
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EtherDetect Packet Sniffer v1.3 --> C:\PROGRA~1\ETHERD~1\UNWISE.EXE C:\PROGRA~1\ETHERD~1\INSTALL.LOG
FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe"
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Haste MuOnline --> C:\WINDOWS\Haste MuOnline Uninstaller.exe
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
HijackThis 1.99.1 --> C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
IGN Download Manager 2.3.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark X125 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88739060-F683-11D3-B761-00105AD153C1}\SETUP.EXE" UNINSTALL
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic Match --> "C:\Program Files\MSN Games\Magic Match\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match\install.log"
Marble Blaster --> C:\PROGRA~1\eGames\MARBLE~1\UNWISE.EXE C:\PROGRA~1\eGames\MARBLE~1\INSTALL.LOG
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "C:\mIRC\6.21\mirc.exe" -uninstall
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MyDSC2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PixRecovery --> C:\Program Files\PixRecovery\GLF76.exe /handle:pir
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
SoftV92 Data Fax Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200214F1\HXFSETUP.EXE -U -IGENHSF5.inf
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spin and Play --> "C:\Program Files\MSN Games\Spin and Play\Uninstall.exe" "C:\Program Files\MSN Games\Spin and Play\install.log"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Odyssey- Winds of Athena --> "C:\Program Files\MSN Games\The Odyssey- Winds of Athena\Uninstall.exe" "C:\Program Files\MSN Games\The Odyssey- Winds of Athena\install.log"
TightVNC 1.2.9 --> "C:\Program Files\TightVNC\unins000.exe"
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewAhead Photo Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A724058-2D43-11D6-AD5B-00105AE20051}\setup.exe" -uninst
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VNC Enterprise Edition E4.2.9 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe
XLink Kai Evolution 7 --> MsiExec.exe /X{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of Deckard's System Scanner: finished at 2007-07-11 at 13:28:57 ---------


main.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~

Deckard's System Scanner v20070708.52
Run by Justin on 2007-07-11 at 13:25:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-07-11 17:25:19 UTC - RP135 - Deckard's System Scanner Restore Point
2: 2007-07-11 05:55:47 UTC - RP134 - System Checkpoint
1: 2007-07-10 05:29:43 UTC - RP133 - Unsigned driver install


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:27:39 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\No-IP\DUC20.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Justin\Desktop\dss.exe
C:\DOCUME~1\Justin\Desktop\HIJACK~1\Justin.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 85.214.19.81 l2testauthd.lineage2.com
O1 - Hosts: 85.214.19.81 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Shortcut to DUC20.exe.lnk = C:\No-IP\DUC20.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{729F5C05-D1D1-489B-BFA2-0E33112B0160}: NameServer = 66.181.124.254,66.181.127.131
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


-- HijackThis Fixed Entries (C:\DOCUME~1\Justin\Desktop\HIJACK~1\backups\) -----

backup-20070707-130347-185 R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
backup-20070707-130347-196 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070707-130347-275 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070707-130347-279 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070707-130347-371 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070707-130347-474 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070707-130347-831 O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
backup-20070707-130347-976 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070707-182138-866 O4 - Startup: Service.log
backup-20070707-182138-887 O4 - Startup: DUC - Justin.log

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys (file missing)
S2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 kbeepm - c:\docume~1\justin\locals~1\temp\kbeepm.sys (file missing)
S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 npkcrypt - c:\program files\lineage ii\system\npkcrypt.sys (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
S3 SetupSys (Conexant Setup API) - c:\windows\system32\drivers\setupsys.sys <Not Verified; Conexant; Diagnostic Interface>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>
S3 xbreader (ActionReplay XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 Atmideers -
S3 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; ; FileZilla Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
S4 MSSQL$JUSTIN - c:\progra~1\micros~2\mssql$~1\binn\sqlservr.exe -sjustin (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
S4 SQLAgent$JUSTIN - c:\progra~1\micros~2\mssql$~1\binn\sqlagent.exe -i justin (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-11 00:00:00 416 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JEANNAORLANDO-Justin).job


-- Files created between 2007-06-11 and 2007-07-11 -----------------------------

2007-07-10 01:24:47 42496 --a------ C:\WINDOWS\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - DLL>
2007-07-10 01:24:47 29184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
2007-07-08 18:21:35 0 d-------- C:\Program Files\TightVNC
2007-07-08 10:11:02 0 d-------- C:\Documents and Settings\max orlando\Application Data\Talkback
2007-07-08 10:10:48 0 d-------- C:\Documents and Settings\max orlando\Application Data\Mozilla
2007-07-07 21:57:40 0 d-------- C:\magistral
2007-07-07 20:26:05 0 d-------- C:\Program Files\EtherDetect
2007-07-07 18:35:34 0 d-------- C:\No-IP
2007-07-07 13:13:49 0 dr-h----- C:\Documents and Settings\Administrator.JEANNAORLANDO\Recent
2007-07-06 20:23:16 0 d-------- C:\PrecessExplorer
2007-07-02 15:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-02 15:18:47 0 d-------- C:\Program Files\Bonjour
2007-07-02 14:57:12 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-02 08:35:59 0 d-------- C:\Documents and Settings\max orlando\Application Data\Help
2007-07-02 08:33:38 0 d-------- C:\Program Files\TimeSink
2007-07-02 08:07:00 0 d-------- C:\Documents and Settings\max orlando\WINDOWS
2007-07-02 08:06:45 0 d-------- C:\DOGZ.MAX
2007-07-02 08:02:31 26112 --a------ C:\WINDOWS\system\WAVEMIX.DLL <Not Verified; Microsoft Corporation; Microsoft Windows WaveMix DLL>
2007-07-02 08:01:55 0 d-------- C:\ODDBALLZ.MAX
2007-07-02 07:57:19 0 d-------- C:\CATZ.MAX
2007-06-30 15:29:20 0 d-------- C:\Program Files\WinPcap
2007-06-26 19:27:11 0 d-------- C:\Program Files\Notepad++
2007-06-26 19:27:11 0 d-------- C:\Documents and Settings\Justin\Application Data\Notepad++
2007-06-25 14:44:37 0 d-------- C:\ibLabbo
2007-06-22 21:39:03 0 d-------- C:\Documents and Settings\Justin\Application Data\My Games
2007-06-22 20:46:33 0 d-------- C:\Documents and Settings\Justin\Application Data\Firaxis Games
2007-06-22 20:13:54 0 d-------- C:\Program Files\Steam
2007-06-22 20:04:54 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-06-22 17:32:15 0 d-------- C:\Program Files\Guild Wars
2007-06-21 11:44:44 0 d-------- C:\Program Files\Lineage II
2007-06-20 23:01:52 0 d-------- C:\Documents and Settings\Justin\Application Data\IGN_DLM
2007-06-20 23:01:47 0 d-------- C:\Program Files\IGN
2007-06-19 17:59:24 0 d-------- C:\Documents and Settings\Justin\Application Data\CrystalApp
2007-06-19 17:59:23 0 d-------- C:\Documents and Settings\Justin\Application Data\CrystalSpace
2007-06-18 14:00:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-12 17:55:01 14336 --a------ C:\WINDOWS\system32\shell64.dll
2007-06-11 18:52:05 0 dr-h----- C:\Documents and Settings\Justin\Recent
2007-06-11 15:12:19 0 d-------- C:\Program Files\FileZilla Server
2007-06-11 15:02:41 974915 --a------ C:\WINDOWS\system32\python23.dll <Not Verified; PythonLabs at Zope Corporation; Python>
2007-06-11 15:02:33 238 --a------ C:\WINDOWS\Stop_BigApache.cmd


-- Find3M Report ---------------------------------------------------------------

2007-07-10 22:47:03 0 d-------- C:\Documents and Settings\Justin\Application Data\Azureus
2007-07-10 14:34:16 0 d-------- C:\Documents and Settings\Justin\Application Data\Adobe
2007-07-09 19:47:04 0 d-------- C:\Program Files\Big Kahuna Reef 2
2007-07-06 19:03:42 0 d-------- C:\Program Files\Common Files\SourceTec
2007-07-06 18:55:47 0 d-------- C:\Program Files\Crimson Editor
2007-07-02 15:18:39 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-02 14:39:32 0 d-------- C:\Program Files\Common Files\Macromedia
2007-07-02 14:39:22 0 d-------- C:\Program Files\Macromedia
2007-07-02 10:32:56 0 d-------- C:\Program Files\MSN Messenger
2007-06-30 02:42:14 0 d-------- C:\Program Files\Azureus
2007-06-22 17:29:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-21 10:48:47 0 d-------- C:\Program Files\Kids Cam Show and Share Creativity Center
2007-06-10 19:05:10 0 d-------- C:\Program Files\No-IP
2007-06-10 15:41:52 0 d-------- C:\Program Files\Microsoft SQL Server
2007-06-02 15:30:20 0 d-------- C:\Program Files\Java
2007-05-27 01:26:42 1210960 --a------ C:\WINDOWS\Haste MuOnline Uninstaller.exe
2007-05-26 16:16:14 0 d-------- C:\Program Files\Sol Edit
2007-05-14 12:46:02 0 d-------- C:\Documents and Settings\Justin\Application Data\Winamp
2007-05-14 06:58:16 0 d-------- C:\Program Files\AlienGUIse
2007-05-14 06:56:22 0 d-------- C:\Program Files\Common Files\Stardock
2007-05-13 19:19:56 0 d-------- C:\Program Files\PeerGuardian2
2007-05-13 16:22:28 0 d-------- C:\Documents and Settings\Justin\Application Data\vlc
2007-05-13 14:03:59 0 d-------- C:\Program Files\VideoLAN
2007-05-12 02:38:33 0 d-------- C:\Documents and Settings\Justin\Application Data\uTorrent
2007-04-20 16:35:04 64 --a------ C:\Documents and Settings\Justin\Application Data\dm.ini
2007-04-17 20:55:10 400392 --a------ C:\WINDOWS\system32\~.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PD0620 STISvc"="RunDLL32.exe P0620Pin.dll,RunDLL32EP 513"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"FileZilla Server Interface"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"igndlm.exe"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
"Steam"=""
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickFinder Scheduler"="\"C:\\Program Files\\WordPerfect Office X3\\Programs\\QFSCHD130.EXE\""
"ABBYY Community Agent"="C:\\Program Files\\ABBYY FineReader 5.0 Sprint\\CAgent.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"McRegWiz"="c:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.msxsecurity.com
127.0.0.1 msxsecurity.com
127.0.0.1 http://msxsecurity.com
127.0.0.1 http://sourceindustries.net
127.0.0.1 http://www.sourceindustries.net
127.0.0.1 www.sourceindustries.net
127.0.0.1 sourceindustries.net
127.0.0.1 http://www.mpcheats.org
127.0.0.1 http://mpcheats.org
127.0.0.1 www.mpcheats.org

32 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-07-11 at 13:28:57 ---------


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 12 2007, 05:36 PM
Post #12


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Sorry for the delay in getting back to you, I've been in contact with the author of combofix and it's been a struggle trying to find what's wrong with the tool.
I'm going to need to get a couple of samples off you before we continue with the fix, please bear with me.

Go to your C: and look for the folder called "combofix".
Right click - Send to - Click "Compressed (zipped) Folder".
Then go to this page: http://www.bleepingcomputer.com/submit-malware.php?channel=4
Where it says, browse to the combofix.zip folder and click "send file".

Have a look here for further, more detailed instructions if needed:
http://www.iopus.com/guides/windows-zip.htm

Make sure you are uploading the zipped combofix folder, not the original folder itself.

Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop but do not run it.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Please open the Suspicious File Packer you downloaded earlier.
Paste the following bold part into the Suspicious File Packer window:
C:\WINDOWS\system32\~.exe
Allow SFP to pack the file. This will generate a CAB archive on your desktop.
Reboot back to normal mode.

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to the CAB archive that was been created on your desktop.

The cab file will be called requested-files[*].cab (the * stands for the date and hour).
Then click the Send File button below.
Please let me know when you have submitted the files.

This post has been edited by D-Trojanator: Jul 12 2007, 05:45 PM
Go to the top of the page
 
+Quote Post
ibLah
post Jul 12 2007, 08:20 PM
Post #13


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
I sent them, but I don't think I fully sent the combofix one before I restart my computer so I sent it again just to be sure.


I hope we can fix this.
Thanks for helping me. smile.gif


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
-David-
post Jul 13 2007, 04:18 AM
Post #14


Forum Addict
******

Group: HJT Team
Posts: 10,603
Joined: 28-October 05
From: London
Member No.: 38,920
Ok, it looks as though we've found the file where Combofix is stalling.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\~.exe <--file

Reboot back into normal mode.

Now try running combofix again please, and let me know what happens.
It is normal for the scan to take quite a long time, so give it a change.
I don't mean hours, just give it at least 20-30 minutes to make sure...
Go to the top of the page
 
+Quote Post
ibLah
post Jul 13 2007, 02:45 PM
Post #15


Member
**

Group: Members
Posts: 23
Joined: 6-July 07
From: United States of America
Member No.: 141,867
Okay I deleted ~.exe and let combofix run for about an hour and still got nothing. =S


--------------------

Signature #19 [+]
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

3 Pages V   1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 05:20 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.