Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello Im New Here And Need Help


  • Please log in to reply
3 replies to this topic

#1 memphisbp

memphisbp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 24 November 2007 - 04:12 PM

I deleated this log and posted a new one

Edited by memphisbp, 25 November 2007 - 12:42 PM.


BC AdBot (Login to Remove)

 


#2 memphisbp

memphisbp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 24 November 2007 - 06:58 PM

I did some research here at bleepingcomputer and found this little program SDFix it made a log file for me so ill post it also. Since i ran this little program Avast! hasnt detected Gwang.exe but i still get popups. ok so first Ill post a New Hijackthis log and the the SDFix log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:11 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\DAE0DDDFDEE6E5.exe
C:\WINDOWS\win32071326-159568.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Cool\X_cool.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {2CFA6235-965C-4432-85EA-2A7FDB9C1EFA} - C:\Program Files\Common Files\hokerC:\Program Files\InetGet2\gm3-24418.exe.dll (file missing)
O2 - BHO: CoolBHO - {5C2A9795-B130-4622-B036-BDCAD28602DC} - C:\Program Files\Cool\Cool.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C70371C5-A005-46D7-B405-ABF8B8941EAA} - C:\Program Files\Common Files\hokerC:\DOCUME~1\Owner\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: (no name) - {F83E8425-4BFE-4D9C-A2B1-3D5042636E8E} - C:\Program Files\Common Files\hokerC:\WINDOWS\system32\h2\jumper83122.exe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [71777476757D7C7C] DAE0DDDFDEE6E5.exe
O4 - HKLM\..\Run: [{3D-D5-5D-D2-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [win32071326-159568] C:\WINDOWS\win32071326-159568.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TMT] C:\WINDOWS\Gwang.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9783 bytes



AND SDFIX

SDFix: Version 1.115

Run by Owner on Sat 11/24/2007 at 04:44 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value


Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\rMa06yy\rMa06yy1083.exe - Deleted
C:\WINDOWS\system32\rMa17yy\rMa17yy2314.exe - Deleted
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\MBDownloader_876923.exe - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\abW9\tPho.log - Deleted
C:\WINDOWS\b111.exe - Deleted
C:\WINDOWS\b149.exe - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted



Folder C:\Program Files\Temporary - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\system32\f1 - Removed
Folder C:\WINDOWS\system32\h2 - Removed
Folder C:\WINDOWS\system32\r2 - Removed
Folder C:\WINDOWS\system32\rMa06yy - Removed
Folder C:\WINDOWS\system32\rMa17yy - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 16:57:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,fa,1f,33,fe,fa,d9,04,9b,fe,83,ad,5a,f2,aa,f8,22,12,..
"ljej40"=hex:0e,86,34,51,41,df,bb,2e,f1,f6,ef,56,86,13,30,07,f6,24,e8,d2,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
"ujdew"=hex:20,02,00,00,fa,1f,33,fe,ad,80,be,6a,fe,83,ad,5a,81,aa,f8,22,12,..
"ljej40"=hex:7d,86,34,51,41,df,bb,2e,f1,f6,ef,56,86,13,30,07,f6,24,e8,d2,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg42]
"ujdew"=hex:20,02,00,00,fa,1f,33,fe,96,54,85,ea,fe,83,ad,5a,92,aa,f8,22,12,..
"ljej40"=hex:6e,86,34,51,41,df,bb,2e,f1,f6,ef,56,86,13,30,07,f6,24,e8,d2,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg43]
"ujdew"=hex:20,02,00,00,fa,1f,33,fe,b3,cf,83,95,fe,83,ad,5a,ef,aa,f8,22,12,..
"ljej40"=hex:13,86,34,51,41,df,bb,2e,f1,f6,ef,56,86,13,30,07,f6,24,e8,d2,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg44]
"ujdew"=hex:20,02,00,00,fa,1f,33,fe,86,63,7c,b5,fe,83,ad,5a,37,ba,f8,22,12,..
"ljej40"=hex:07,87,34,51,51,de,bb,2e,f1,f6,ef,56,86,13,30,07,f6,24,e8,d2,65,..
"ljej41"=hex:da,87,34,51,29,de,bb,2e,f0,f6,ee,56,87,13,30,07,f6,24,e8,d2,15,..
"ljej42"=hex:da,87,34,51,29,de,bb,2e,f0,f6,ee,56,87,13,30,07,f6,24,e8,d2,15,..
"ljej43"=hex:da,87,34,51,29,de,bb,2e,f0,f6,ee,56,87,13,30,07,f6,24,e8,d2,15,..
"ljej44"=hex:da,87,34,51,29,de,bb,2e,f0,f6,ee,56,87,13,30,07,f6,24,e8,d2,15,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

C:\Documents and Settings\Owner\Desktop\BITCOMET STUFF & MISC\Done MOVIES just torrent files\Cucusoft.AVI.to.DVD.VCD.SVCD.MPEG.Converter.Pro.4.29\Cucusoft.AVI.to.DVD.VCD.SVCD.MPEG.Converter.Pro.4.29\Cucusoft_MPEG-AVI_to_VCD-DVD-SVCD-MPEG_Converter_v4.53_Pro_by_TSRH\file_id.diz 420 bytes
C:\Documents and Settings\Owner\Desktop\BITCOMET STUFF & MISC\Done MOVIES just torrent files\Cucusoft.AVI.to.DVD.VCD.SVCD.MPEG.Converter.Pro.4.29\Cucusoft.AVI.to.DVD.VCD.SVCD.MPEG.Converter.Pro.4.29\Cucusoft_MPEG-AVI_to_VCD-DVD-SVCD-MPEG_Converter_v4.53_Pro_by_TSRH\tsrh.nfo 13072 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"="C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe:*:Enabled:Flyff"
"C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Gpotato\\CorumOnline\\CorumOnline.exe"="C:\\Program Files\\Gpotato\\CorumOnline\\CorumOnline.exe:*:Enabled:CorumOnline"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:Play Unreal Tournament"
"C:\\Program Files\\Croteam\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"="C:\\Program Files\\Croteam\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"="C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\solidnm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\solidnm.exe:*:Enabled:Solid State Networks Browser Plugin"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\io43mvuiw4kj.exe"="C:\\WINDOWS\\io43mvuiw4kj.exe:*:Disabled:io43mvuiw4kj"
"C:\\WINDOWS\\win32071326-159568.exe"="C:\\WINDOWS\\win32071326-159568.exe:*:Disabled:win32071326-159568"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 30 Jun 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 30 Jun 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 30 Jun 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Fri 17 Aug 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 15 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 2 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 5 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3470d8afe674adae2ee1cba944cf0413\BIT1.tmp"

Finished!

#3 memphisbp

memphisbp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 25 November 2007 - 09:40 AM

is bumping allow here?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:46 PM

Posted 08 December 2007 - 05:58 PM

Hello memphisbp,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users