Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 Todd036

Todd036

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 July 2008 - 03:22 PM

I run spybot search & destroy every few days, but I can't get rid of a virus that is pulling up random websites; in addition, the "Windows Defender" option keeps opening. I have just run HJT, and have a log I'd like to post, if someone could please help me. I have 3 young kids using this computer, and they are seeing some very bad porn sites due to random pullups of sites.

downloaded the most recent version, and here is my new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:03, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:WINDOWSsystem32FreezeScreenSaver.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32UAService7.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesAnalog DevicesSoundMAXSmtray.exe
C:Program FilesYahoo!browserybrwicon.exe
C:Program FilesVisual NetworksVisual IP InSightSBCIPClient.exe
C:Program FilesVisual NetworksVisual IP InSightSBCIPMon32.exe
C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
C:Program FilesJavaj2re1.4.2_06binjusched.exe
C:Program FilesDIGStreamdigstream.exe
C:Program FilesESPNRunTimeDIGServices.exe
C:PROGRA~1Yahoo!browserycommon.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesLogitechLComMgrCommunications_Helper.exe
C:Program FilesLogitechQuickCam10QuickCam10.exe
C:Program FilesCommon FilesLogitechLComMgrLVComSX.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesJavaj2re1.4.2_06binjucheck.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesSBC Self Support Toolbinmpbtn.exe
C:Program FilesE-ColorTrue Internet ColorTICIcon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesHijackThisHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.espn.com/
F2 - REG:system.ini: UserInit=C:WINDOWSSystem32Userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSmtray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [PCDRealtime] C:WINDOWSrealtime.exe
O4 - HKLM..Run: [MSNSysRestore] C:WINDOWSSystem32pc32.exe bg
O4 - HKLM..Run: [YBrowser] C:Program FilesYahoo!browserybrwicon.exe
O4 - HKLM..Run: [IPInSightLAN 02] "C:Program FilesVisual NetworksVisual IP InSightSBCIPClient.exe" -l
O4 - HKLM..Run: [IPInSightMonitor 02] "C:Program FilesVisual NetworksVisual IP InSightSBCIPMon32.exe"
O4 - HKLM..Run: [Motive SmartBridge] C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06binjusched.exe
O4 - HKLM..Run: [DIGStream] C:Program FilesDIGStreamdigstream.exe
O4 - HKLM..Run: [DIGServices] C:Program FilesESPNRunTimeDIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [{A0114C5A-0965-1033-0903-020903200001}] "C:Program FilesCommon Files{A0114C5A-0965-1033-0903-020903200001}Update.exe" mc-110-12-0000272
O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogitechLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [LogitechQuickCamRibbon] "C:Program FilesLogitechQuickCam10QuickCam10.exe" /hide
O4 - HKLM..Run: [LVCOMSX] "C:Program FilesCommon FilesLogitechLComMgrLVComSX.exe"
O4 - HKLM..Run: [a0114cf5] rundll32.exe "C:WINDOWSsystem32wksrqgat.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] 1
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [igndlm.exe] C:Program FilesIGNDownload ManagerDLM.exe /windowsstart /startifwork
O4 - HKCU..Run: [Spino] C:Program FilesJurassic Park III GamesDanger ZoneDINO3.EXE
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [e] C:Program FilesXP Antivirusxpa.exe
O4 - HKCU..Run: [RegistryMechanic] C:Program FilesRegistry MechanicRegMech.exe /H
O4 - HKUSS-1-5-21-1220945662-1450960922-839522115-1007..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe (User 'Dylan')
O4 - HKUSS-1-5-21-1220945662-1450960922-839522115-1007..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Dylan')
O4 - HKUSS-1-5-18..Run: [ALUAlert] C:Program FilesSymantecLiveUpdateALUNotify.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [ALUAlert] C:Program FilesSymantecLiveUpdateALUNotify.exe (User 'Default user')
O4 - Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SBC Self Support Tool.lnk = C:Program FilesSBC Self Support Toolbinmatcli.exe
O4 - Startup: True Internet Color Icon.lnk = C:Program FilesE-ColorTrue Internet ColorTICIcon.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:Program FilesSBC Self Support Toolbinmatcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:Program FilesAOL Toolbartoolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:Program FilesYahoo!Commonylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:Program FilesYahoo!Commonylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!commonyinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/174891515fb084...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100647698213
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: dysmenorrhoea - {2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4} - C:WINDOWSsystem32jhzpcn.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:WINDOWSsystem32FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogitechSrvLnchSrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:WINDOWSsystem32UAService7.exe
O23 - Service: YPCService - Yahoo! Inc. - C:WINDOWSsystem32YPCSER~1.EXE

--
End of file - 12046 bytes

here is the log fom dss.exe

Deckard's System Scanner v20071014.68
Run by Todd Michael on 2008-07-27 15:56:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-27 20:56:27 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
System Drive C: has 3.65 GiB (less than 15%) free.


-- HijackThis (run as Todd Michael.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:52, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:WINDOWSsystem32FreezeScreenSaver.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32UAService7.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesAnalog DevicesSoundMAXSmtray.exe
C:Program FilesYahoo!browserybrwicon.exe
C:Program FilesVisual NetworksVisual IP InSightSBCIPClient.exe
C:Program FilesVisual NetworksVisual IP InSightSBCIPMon32.exe
C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
C:Program FilesJavaj2re1.4.2_06binjusched.exe
C:Program FilesDIGStreamdigstream.exe
C:Program FilesESPNRunTimeDIGServices.exe
C:PROGRA~1Yahoo!browserycommon.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesLogitechLComMgrCommunications_Helper.exe
C:Program FilesLogitechQuickCam10QuickCam10.exe
C:Program FilesCommon FilesLogitechLComMgrLVComSX.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesJavaj2re1.4.2_06binjucheck.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesSBC Self Support Toolbinmpbtn.exe
C:Program FilesE-ColorTrue Internet ColorTICIcon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTodd MichaelLocal SettingsTemporary Internet FilesContent.IE565CRL7OMdss[1].exe
C:Program FilesMessengermsmsgs.exe
C:PROGRA~1HIJACK~1Todd Michael.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.espn.com/
F2 - REG:system.ini: UserInit=C:WINDOWSSystem32Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: (no name) - {0DE12639-4A0A-4D43-B3A0-BB2250ABC119} - C:WINDOWSsystem32jkkjg.dll (file missing)
O2 - BHO: (no name) - {307199D9-D979-451D-8971-161A1E487BDD} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5A0B5A92-06B4-4842-A428-0E84D7D14C1F} - (no file)
O2 - BHO: (no name) - {6E3C937D-AB5D-4E7A-8CC3-45EAC7CB8284} - (no file)
O2 - BHO: (no name) - {811F71AE-3E72-46EF-8A65-17C3B7192B41} - (no file)
O2 - BHO: (no name) - {8CC8DD31-888E-474E-A6B2-FA71238EE7FB} - C:WINDOWSsystem32tuvSmMET.dll
O2 - BHO: (no name) - {97B3DD89-EF0A-496B-A8DB-BEC93AEBFDEE} - (no file)
O2 - BHO: (no name) - {B83CF4F4-B7CB-405B-A811-A3AB970C1AEA} - (no file)
O2 - BHO: (no name) - {c6734b81-cb05-42d2-af27-ebecd4af6d1d} - (no file)
O2 - BHO: (no name) - {D9D52366-4419-47AD-84AB-61E6B746C103} - (no file)
O2 - BHO: (no name) - {EFAC0D7C-E49F-994F-EA4D-9E6C201B55CF} - C:WINDOWSsystem32ibuwjtnl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSmtray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [PCDRealtime] C:WINDOWSrealtime.exe
O4 - HKLM..Run: [MSNSysRestore] C:WINDOWSSystem32pc32.exe bg
O4 - HKLM..Run: [YBrowser] C:Program FilesYahoo!browserybrwicon.exe
O4 - HKLM..Run: [IPInSightLAN 02] "C:Program FilesVisual NetworksVisual IP InSightSBCIPClient.exe" -l
O4 - HKLM..Run: [IPInSightMonitor 02] "C:Program FilesVisual NetworksVisual IP InSightSBCIPMon32.exe"
O4 - HKLM..Run: [Motive SmartBridge] C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06binjusched.exe
O4 - HKLM..Run: [DIGStream] C:Program FilesDIGStreamdigstream.exe
O4 - HKLM..Run: [DIGServices] C:Program FilesESPNRunTimeDIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [{A0114C5A-0965-1033-0903-020903200001}] "C:Program FilesCommon Files{A0114C5A-0965-1033-0903-020903200001}Update.exe" mc-110-12-0000272
O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogitechLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [LogitechQuickCamRibbon] "C:Program FilesLogitechQuickCam10QuickCam10.exe" /hide
O4 - HKLM..Run: [LVCOMSX] "C:Program FilesCommon FilesLogitechLComMgrLVComSX.exe"
O4 - HKLM..Run: [a0114cf5] rundll32.exe "C:WINDOWSsystem32wksrqgat.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] 1
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [igndlm.exe] C:Program FilesIGNDownload ManagerDLM.exe /windowsstart /startifwork
O4 - HKCU..Run: [Spino] C:Program FilesJurassic Park III GamesDanger ZoneDINO3.EXE
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [e] C:Program FilesXP Antivirusxpa.exe
O4 - HKCU..Run: [RegistryMechanic] C:Program FilesRegistry MechanicRegMech.exe /H
O4 - HKUSS-1-5-21-1220945662-1450960922-839522115-1007..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe (User 'Dylan')
O4 - HKUSS-1-5-21-1220945662-1450960922-839522115-1007..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Dylan')
O4 - HKUSS-1-5-18..Run: [ALUAlert] C:Program FilesSymantecLiveUpdateALUNotify.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [ALUAlert] C:Program FilesSymantecLiveUpdateALUNotify.exe (User 'Default user')
O4 - Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SBC Self Support Tool.lnk = C:Program FilesSBC Self Support Toolbinmatcli.exe
O4 - Startup: True Internet Color Icon.lnk = C:Program FilesE-ColorTrue Internet ColorTICIcon.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:Program FilesSBC Self Support Toolbinmatcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:Program FilesAOL Toolbartoolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:Program FilesYahoo!Commonylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:Program FilesYahoo!Commonylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!commonyinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/174891515fb084...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100647698213
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: khfFyXRI - khfFyXRI.dll (file missing)
O22 - SharedTaskScheduler: dysmenorrhoea - {2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4} - C:WINDOWSsystem32jhzpcn.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:WINDOWSsystem32FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogitechSrvLnchSrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:WINDOWSsystem32UAService7.exe
O23 - Service: YPCService - Yahoo! Inc. - C:WINDOWSsystem32YPCSER~1.EXE

--
End of file - 13371 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:windowssystem32driversprohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:windowssystem32driversprosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:windowssystem32driverssfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:windowssystem32driversprodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 aslm75 - c:windowssystem32driversaslm75.sys
R3 pfc (Padus ASPI Shell) - c:windowssystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus ASPI Shell>

S0 avgntmgr - c:windowssystem32driversavgntmgr.sys (file missing)
S1 avgntdd - c:windowssystem32driversavgntdd.sys (file missing)
S2 UZSFTCOE - c:windowssystem32uzsftcoe.rnf (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FreezeScreenSaver - c:windowssystem32freezescreensaver.exe <Not Verified; ; trioService Module>
R2 UserAccess7 (SecuROM User Access Service (V7)) - c:windowssystem32uaservice7.exe

S2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:program filesantivir personaledition classicsched.exe <Not Verified; Avira GmbH; AntiVir Scheduler>
S3 YPCService - c:windowssystem32ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 14:56:42 426 --a------ C:WINDOWSTasksSymantec NetDetect.job
2008-07-25 20:01:54 544 --a------ C:WINDOWSTasksNorton AntiVirus - Scan my computer.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 08:54:57 116352 --a------ C:WINDOWSsystem32nctevr.dll
2008-07-27 08:54:56 116352 --a------ C:WINDOWSsystem32rlttgigj.dll
2008-07-26 08:52:40 116864 --a------ C:WINDOWSsystem32gsrpmt.dll
2008-07-26 08:52:39 116864 --a------ C:WINDOWSsystem32kimjpdil.dll
2008-07-25 08:56:17 116352 --a------ C:WINDOWSsystem32ctvofl.dll
2008-07-25 08:56:16 116352 --a------ C:WINDOWSsystem32rqmvrgox.dll
2008-07-24 08:52:12 95360 --a------ C:WINDOWSsystem32xncsjihs.dll
2008-07-24 08:52:08 116352 --a------ C:WINDOWSsystem32yzylup.dll
2008-07-24 08:52:07 116352 --a------ C:WINDOWSsystem32yfngvxyv.dll
2008-07-23 08:53:58 116864 --a------ C:WINDOWSsystem32bwcvfi.dll
2008-07-23 08:53:57 116864 --a------ C:WINDOWSsystem32vqbmnemf.dll
2008-07-23 08:50:57 94848 --a------ C:WINDOWSsystem32qvepjvwa.dll
2008-07-22 08:54:16 116352 --a------ C:WINDOWSsystem32sfnyxt.dll
2008-07-22 08:54:16 116352 --a------ C:WINDOWSsystem32gnxrocuv.dll
2008-07-22 08:51:16 94848 --a------ C:WINDOWSsystem32hsmxirdj.dll
2008-07-21 08:51:26 116352 --a------ C:WINDOWSsystem32uiefjs.dll
2008-07-21 08:51:25 116352 --a------ C:WINDOWSsystem32svxyhmtm.dll
2008-07-21 08:49:12 93184 --a------ C:WINDOWSsystem32fyxtglth.dll
2008-07-20 06:01:31 116352 --a------ C:WINDOWSsystem32xgyorfwm.dll
2008-07-20 06:01:31 116352 --a------ C:WINDOWSsystem32nckomi.dll
2008-07-20 05:58:31 92672 --a------ C:WINDOWSsystem32fjtmnrsv.dll
2008-07-19 06:00:58 93184 --a------ C:WINDOWSsystem32mevejbcd.dll
2008-07-19 05:57:58 116864 --a------ C:WINDOWSsystem32nqofex.dll
2008-07-19 05:57:57 116864 --a------ C:WINDOWSsystem32aowvxmoa.dll
2008-07-18 23:55:20 116864 --a------ C:WINDOWSsystem32uoatsn.dll
2008-07-18 23:55:19 116864 --a------ C:WINDOWSsystem32hdvjoqqj.dll
2008-07-18 23:54:10 650993 --ahs---- C:WINDOWSsystem32TEMmSvut.ini2
2008-07-18 23:54:03 322816 --a------ C:WINDOWSsystem32tuvSmMET.dll
2008-06-29 01:42:01 4782 --a------ C:WINDOWSsystem32tmp.reg
2008-06-29 01:20:01 0 d-------- C:Documents and SettingsTodd MichaelApplication DataMalwarebytes
2008-06-29 01:19:51 0 d-------- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-06-29 01:01:23 0 d-------- C:Program FilesEnigma Software Group
2008-06-29 00:38:42 0 d-a------ C:Documents and SettingsAll UsersApplication DataTEMP


-- Find3M Report ---------------------------------------------------------------

2008-07-27 14:56:18 0 d-------- C:Program FilesCommon Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{0DE12639-4A0A-4D43-B3A0-BB2250ABC119}]
C:WINDOWSsystem32jkkjg.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{307199D9-D979-451D-8971-161A1E487BDD}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{5A0B5A92-06B4-4842-A428-0E84D7D14C1F}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6E3C937D-AB5D-4E7A-8CC3-45EAC7CB8284}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{811F71AE-3E72-46EF-8A65-17C3B7192B41}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{8CC8DD31-888E-474E-A6B2-FA71238EE7FB}]
07/18/2008 23:54 322816 --a------ C:WINDOWSsystem32tuvSmMET.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{97B3DD89-EF0A-496B-A8DB-BEC93AEBFDEE}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{B83CF4F4-B7CB-405B-A811-A3AB970C1AEA}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{c6734b81-cb05-42d2-af27-ebecd4af6d1d}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D9D52366-4419-47AD-84AB-61E6B746C103}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{EFAC0D7C-E49F-994F-EA4D-9E6C201B55CF}]
C:WINDOWSsystem32ibuwjtnl.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Smapp"="C:Program FilesAnalog DevicesSoundMAXSmtray.exe" [06/26/2002 18:36]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [12/05/2007 02:41]
"nwiz"="nwiz.exe" [12/05/2007 02:41 C:WINDOWSsystem32nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [03/04/2003 04:50 C:WINDOWSLOGI_MWX.EXE]
"PCDRealtime"="C:WINDOWSrealtime.exe" [03/15/2003 23:46]
"MSNSysRestore"="C:WINDOWSSystem32pc32.exe" []
"YBrowser"="C:Program FilesYahoo!browserybrwicon.exe" [07/11/2003 15:51]
"IPInSightLAN 02"="C:Program FilesVisual NetworksVisual IP InSightSBCIPClient.exe" [06/11/2003 02:52]
"IPInSightMonitor 02"="C:Program FilesVisual NetworksVisual IP InSightSBCIPMon32.exe" [06/11/2003 02:52]
"Motive SmartBridge"="C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe" [12/10/2003 05:52]
"SunJavaUpdateSched"="C:Program FilesJavaj2re1.4.2_06binjusched.exe" [09/28/2004 21:26]
"DIGStream"="C:Program FilesDIGStreamdigstream.exe" [10/31/2005 12:05]
"DIGServices"="C:Program FilesESPNRunTimeDIGServices.exe" [10/31/2005 12:18]
"avgnt"="C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" []
"ccApp"="C:Program FilesCommon FilesSymantec SharedccApp.exe" [12/22/2004 17:45]
"Advanced Tools Check"="C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE" [08/17/2003 23:33]
"Symantec NetDriver Monitor"="C:PROGRA~1SYMNET~1SNDMon.exe" [06/20/2006 12:21]
"{A0114C5A-0965-1033-0903-020903200001}"="C:Program FilesCommon Files{A0114C5A-0965-1033-0903-020903200001}Update.exe" []
"UnlockerAssistant"="C:Program FilesUnlockerUnlockerAssistant.exe" [09/07/2006 12:19]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [12/05/2007 02:41]
"LogitechCommunicationsManager"="C:Program FilesCommon FilesLogitechLComMgrCommunications_Helper.exe" [10/31/2006 02:03]
"LogitechQuickCamRibbon"="C:Program FilesLogitechQuickCam10QuickCam10.exe" [11/15/2006 22:58]
"LVCOMSX"="C:Program FilesCommon FilesLogitechLComMgrLVComSX.exe" [11/15/2006 23:01]
"a0114cf5"="C:WINDOWSsystem32wksrqgat.dll" []

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 02:56]
"Yahoo! Pager"="1" []
"LDM"="C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe" []
"igndlm.exe"="C:Program FilesIGNDownload ManagerDLM.exe" [11/07/2006 20:22]
"Spino"="C:Program FilesJurassic Park III GamesDanger ZoneDINO3.EXE" []
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [01/28/2008 12:43]
"e"="C:Program FilesXP Antivirusxpa.exe" []
"RegistryMechanic"="C:Program FilesRegistry MechanicRegMech.exe" [07/08/2008 16:41]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"ALUAlert"=C:Program FilesSymantecLiveUpdateALUNotify.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
"{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}"= C:WINDOWSsystem32jhzpcn.dll [ ]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{313907D9-4A98-43BD-BDD6-020BC0B5FB0C}"= C:WINDOWSsystem32khfFyXRI.dll [ ]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifykhfFyXRI]
khfFyXRI.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32tuvSmMET

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7900 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-27 15:59:22 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 27 July 2008 - 11:11 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 July 2008 - 12:09 AM

Hello, my name is fenzodahl512 and welcome to BC... This computer is very heavily infected.. Lets do the following...

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 06 August 2008 - 08:37 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users