Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad-aware, Spybot, And Avg Antivirus Not Working...


  • This topic is locked This topic is locked
17 replies to this topic

#1 im1215

im1215

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 10 July 2006 - 10:44 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:39:35 AM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Issei Masunaga\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9ABC670C-D176-4A15-A372-D66E492339B6} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B3D3C3F2-BD28-483A-9969-5E8CF11EC829} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {BFD383C4-6275-4908-893A-1E9D4DD8C735} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {CAAFA396-4FC9-4D03-BB6F-7C5186F93E05} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D94400B0-9BFE-4EBC-9E4A-2A07DD25EA45} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {D95C96A1-EBFF-F42B-CB17-FC7AE94A98A9} - C:\WINDOWS\vcblreca.dll
O2 - BHO: (no name) - {DC113AA5-A2BC-4A39-909F-529928BEB63E} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E0D7D039-F72D-40F0-8885-53251D9DBC27} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E40B2A8E-7BBA-4B9C-B5F4-DD01CAC97433} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [crpaa7e5] RUNDLL32.EXE w00cbccd.dll,n 001aa7e40000000300cbccd
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Issei Masunaga\Application Data\System Restore\1201.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {26417FBF-5235-4084-B8FD-DA6A956CE837} (CPActiveXGameRun Control) - http://game.netmarble.jp//_common/cab/CPActiveXGameRun.cab
O16 - DPF: {2A7EFEAA-8059-4C69-8FE2-4BA999C3B102} (TrickCtrl Class) - https://ssl2.gcrest.com/trickster/cabs/TrickLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/NewX/lcjggame.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



PS I found some of the viruses in the windows system32 files, but they cant be deleted. Is there some way around this?

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 10 July 2006 - 10:48 AM

Hello,
Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show. Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

========================

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

Edited by D-Trojanator, 10 July 2006 - 11:31 AM.


#3 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 10 July 2006 - 11:26 AM

First of all, Thank you for the quick reply.

But second, I'm having trouble doing what you told me to do with the bfu program.
When I copy this: c:\bfu\alcanshorty.bfu into the "Download BfU script" window it tells me that
"BFU was unable to download the file located at: c:\bfu\alcanshorty.bfu
The BFU program is in its own folder under C:\BFU

again thank you for the quick reply.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 10 July 2006 - 11:32 AM

Heya there im1215.

I have updated the instructions and they should work for you now.
Sorry about the confusion there. In addition to my above instruction I also want you to complete the following. This utility "List Installed Programs" will provide a list of installed programs. It is found half way down the page. Click on the little arrow and then the download icon that is on the new window that opens up. You can download the script and run it from your hard disk or run it without downloading.
When asked to enter the PC details - leave it blank and click OK. Ask to view the results and copy the Notepad list. Paste it in a reply to this thread.

David

#5 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 10 July 2006 - 03:37 PM

Ok, here it is:



INSTALLED SOFTWARE (183) - ISSEICOMP1 - 7/10/2006 4:35:13 PM

Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 2/13/2006
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 2/13/2006
AOLIcon Ver: 1.00.0000 Installed: 2/13/2006
ArtRage 2.0 Free
AVG Free Edition
BitTorrent 4.4.1
Broadcom Management Programs Ver: 8.65.05 Installed: 2/13/2006
Camera Access Library Ver: 8.0.0.21 Installed: 5/9/2006
Camera Support Core Library Ver: 7.3.0.4 Installed: 5/9/2006
Camera Window DS Ver: 5.3.1 Installed: 5/9/2006
Camera Window DVC Ver: 5.4.4 Installed: 5/9/2006
Camera Window DVC Ver: 6.0 Installed: 5/9/2006
Camera Window MC Ver: 6.0 Installed: 5/9/2006
Canon Camera Access Library Ver: 8.0.0.21 Installed: 5/9/2006
Canon Camera Support Core Library Ver: 7.3.0.4 Installed: 5/9/2006
Canon Camera Window DC_DV 5 for ZoomBrowser EX Ver: 5.4.4 Installed: 5/9/2006
Canon Camera Window DC_DV 6 for ZoomBrowser EX Ver: 6.0 Installed: 5/9/2006
Canon Camera Window DSLR 5 for ZoomBrowser EX Ver: 5.3.1 Installed: 5/9/2006
Canon Camera Window MC 6 for ZoomBrowser EX Ver: 6.0 Installed: 5/9/2006
Canon MovieEdit Task for ZoomBrowser EX Ver: 2.1.0.20 Installed: 5/9/2006
Canon PhotoRecord Ver: 02.02.03002 Installed: 5/9/2006
Canon RAW Image Task for ZoomBrowser EX Ver: 2.2 Installed: 5/9/2006
Canon Utilities PhotoStitch 3.1 Ver: 3.1.16 Installed: 5/9/2006
Canon ZoomBrowser EX (E) Ver: 5.05.0000 Installed: 5/9/2006
CDBurnerXP Pro 3 Ver: 3.0.116 Installed: 4/24/2006
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6 Ver: 6.31 Installed: 5/16/2006
Dell Digital Jukebox Driver
Dell Support 3.1 Ver: 5.1.760 Installed: 2/13/2006
Dell System Restore Ver: 2.00.0000 Installed: 2/13/2006
Digital Content Portal Ver: 1.00.0000 Installed: 2/13/2006
Digital Line Detect Ver: 1.15
DVD Decrypter (Remove Only)
EducateU Ver: 1.00.0000 Installed: 2/13/2006
ELIcon Ver: 1.00.0000 Installed: 2/13/2006
Empire Earth II Ver: 1.0 Installed: 2/26/2006
HDD Thermometer Ver: 1.3
High Definition Audio Driver Package - KB835221 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Player 10 (KB903157) Installed: 8/16/2005
Hotfix for Windows XP (KB888795) Ver: 3 Installed: 8/16/2005
Hotfix for Windows XP (KB891593) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB895961) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB896256) Ver: 1
Hotfix for Windows XP (KB899337) Ver: 5 Installed: 8/16/2005
Hotfix for Windows XP (KB899510) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB902841) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB906569) Ver: 2
Intel® Graphics Media Accelerator Driver Ver: 6.14.10.4431
Intel® PROSet/Wireless Software Ver: 10.01.0000
Internal Network Card Power Management Ver: 1.7.2
iPod for Windows 2006-03-23 Ver: 4.7.0 Installed: 4/1/2006
iPod for Windows 2006-03-23 Ver: 4.7.0 Installed: 4/1/2006
iTunes Ver: 6.0.4.2 Installed: 4/20/2006
iTunes Ver: 6.0.4.2 Installed: 4/20/2006
J2SE Runtime Environment 5.0 Update 7 Ver: 1.5.0.70 Installed: 7/9/2006
K-Lite Codec Pack 2.70 Basic Ver: 2.70
LimeWire 4.10.9 Ver: 4.10.9
Macromedia Flash Player 8 Ver: 8
Macromedia Shockwave Player Ver: 10.1.0.11
mCore Ver: 5.20.0000 Installed: 2/13/2006
mDrWiFi Ver: 5.20.0000 Installed: 2/13/2006
mHlpDell Ver: 5.20.0000 Installed: 2/13/2006
Microsoft .NET Framework 1.0 Hotfix (KB887998) Installed: 2/19/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 2/19/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3514 Installed: 2/13/2006
Microsoft Word 2002 Ver: 10.0.2627.01 Installed: 2/13/2006
Microsoft Works Ver: 08.05.0818 Installed: 2/13/2006
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word Ver: 8.0.0.0000 Installed: 2/13/2006
mIWA Ver: 5.20.0000 Installed: 2/13/2006
mLogView Ver: 5.20.0000 Installed: 2/13/2006
mMHouse Ver: 5.20.0000 Installed: 2/13/2006
Modem Helper Ver: 3.01
MovieEdit Task Ver: 2.1.0.20 Installed: 5/9/2006
Mozilla Firefox (1.5.0.4) Ver: 1.5.0.4 (en-US)
mPfMgr Ver: 5.20.0000 Installed: 2/13/2006
mPfWiz Ver: 5.20.0000 Installed: 2/13/2006
mProSafe Ver: 9.00.0000 Installed: 2/13/2006
mSSO Ver: 5.20.0000 Installed: 2/13/2006
mWlsSafe Ver: 9.00.0000 Installed: 2/13/2006
mWMI Ver: 5.20.0000 Installed: 2/13/2006
mXML Ver: 5.20.0000 Installed: 2/13/2006
mZConfig Ver: 5.20.0000 Installed: 2/13/2006
PhotoStitch Ver: 3.1.16 Installed: 5/9/2006
Pocket Tanks 1.00b
PowerDVD 5.7
QuickSet Ver: 7.0.9
QuickTime Ver: 7.0.4 Installed: 2/18/2006
QuickTime Ver: 7.0.4 Installed: 2/18/2006
RAW Image Task 2.2 Ver: 2.2 Installed: 5/9/2006
RealPlayer
RegAlyzer 1.4 Ver: 1.4
Security Update for Windows Media Player 10 (KB911565) Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 7/7/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896422) Ver: 1
Security Update for Windows XP (KB896423) Ver: 1
Security Update for Windows XP (KB896424) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896688) Ver: 1
Security Update for Windows XP (KB899587) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB899588) Ver: 1
Security Update for Windows XP (KB899589) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB899591) Ver: 1
Security Update for Windows XP (KB900725) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB901190) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB901214) Ver: 1
Security Update for Windows XP (KB902400) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB904706) Ver: 1
Security Update for Windows XP (KB905414) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB905915) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB918439) Ver: 1 Installed: 7/7/2006
Shockwave Director 10.1.1
Sonic DLA Ver: 4.95 Installed: 2/13/2006
Sonic Encoders Ver: 1.00 Installed: 8/16/2005
Spybot - Search & Destroy 1.4 Ver: 1.4
Starcraft
Synaptics Pointing Device Driver Ver: 8.2.4.3
Trillian
Update for Windows Media Player 10 (KB910393) Installed: 2/19/2006
Update for Windows Media Player 10 (KB913800) Installed: 5/4/2006
Update for Windows XP (KB894391) Ver: 1 Installed: 2/19/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 2/19/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 5/4/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 2/19/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 7/7/2006
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.4a Ver: 0.8.4a
Wacom Tablet Driver
WebCyberCoach 3.2 Dell
WebFldrs XP Ver: 9.50.7523 Installed: 8/16/2005
WinAce Archiver Ver: 2.61
Windows Genuine Advantage Notifications (KB905474) Ver: 1.5.0540.0 Installed: 5/4/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10 Ver: 9.00.3636 Installed: 2/13/2006
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885855 Ver: 20040930.104104
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB888310 Ver: 20041027.095746
Windows XP Hotfix - KB889673 Ver: 20041116.085848
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 2/19/2006
Windows XP Hotfix - KB890927 Ver: 20050111.122717
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892627 Ver: 20050201.181426
Windows XP Hotfix - KB893056 Ver: 20050126.164313
Windows XP Media Center Edition 2005 KB908246 Installed: 2/13/2006
Windows XP Media Center Edition 2005 KB908250
WinZip Ver: 10.0 (6685)
Works Upgrade Ver: 8.0.0.0000 Installed: 2/13/2006
ZoneAlarm Ver: 6.5.722.000
ネットマーブル '麻雀' Ver: 179

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 11 July 2006 - 11:32 AM

Please complete the instructions in Post #2,
David :thumbsup:

#7 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 11 July 2006 - 02:19 PM

I'm sorry I thought I did step 2.
I ran bfu with alconshorty and then I ran list installed programs, list below.
Is there anything else I have to do?


here is the list:



INSTALLED SOFTWARE (183) - ISSEICOMP1 - 7/11/2006 3:12:25 PM

Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 2/13/2006
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 2/13/2006
AOLIcon Ver: 1.00.0000 Installed: 2/13/2006
ArtRage 2.0 Free
AVG Free Edition
BitTorrent 4.4.1
Broadcom Management Programs Ver: 8.65.05 Installed: 2/13/2006
Camera Access Library Ver: 8.0.0.21 Installed: 5/9/2006
Camera Support Core Library Ver: 7.3.0.4 Installed: 5/9/2006
Camera Window DS Ver: 5.3.1 Installed: 5/9/2006
Camera Window DVC Ver: 5.4.4 Installed: 5/9/2006
Camera Window DVC Ver: 6.0 Installed: 5/9/2006
Camera Window MC Ver: 6.0 Installed: 5/9/2006
Canon Camera Access Library Ver: 8.0.0.21 Installed: 5/9/2006
Canon Camera Support Core Library Ver: 7.3.0.4 Installed: 5/9/2006
Canon Camera Window DC_DV 5 for ZoomBrowser EX Ver: 5.4.4 Installed: 5/9/2006
Canon Camera Window DC_DV 6 for ZoomBrowser EX Ver: 6.0 Installed: 5/9/2006
Canon Camera Window DSLR 5 for ZoomBrowser EX Ver: 5.3.1 Installed: 5/9/2006
Canon Camera Window MC 6 for ZoomBrowser EX Ver: 6.0 Installed: 5/9/2006
Canon MovieEdit Task for ZoomBrowser EX Ver: 2.1.0.20 Installed: 5/9/2006
Canon PhotoRecord Ver: 02.02.03002 Installed: 5/9/2006
Canon RAW Image Task for ZoomBrowser EX Ver: 2.2 Installed: 5/9/2006
Canon Utilities PhotoStitch 3.1 Ver: 3.1.16 Installed: 5/9/2006
Canon ZoomBrowser EX (E) Ver: 5.05.0000 Installed: 5/9/2006
CDBurnerXP Pro 3 Ver: 3.0.116 Installed: 4/24/2006
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6 Ver: 6.31 Installed: 5/16/2006
Dell Digital Jukebox Driver
Dell Support 3.1 Ver: 5.1.760 Installed: 2/13/2006
Dell System Restore Ver: 2.00.0000 Installed: 2/13/2006
Digital Content Portal Ver: 1.00.0000 Installed: 2/13/2006
Digital Line Detect Ver: 1.15
DVD Decrypter (Remove Only)
EducateU Ver: 1.00.0000 Installed: 2/13/2006
ELIcon Ver: 1.00.0000 Installed: 2/13/2006
Empire Earth II Ver: 1.0 Installed: 2/26/2006
HDD Thermometer Ver: 1.3
High Definition Audio Driver Package - KB835221 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Player 10 (KB903157) Installed: 8/16/2005
Hotfix for Windows XP (KB888795) Ver: 3 Installed: 8/16/2005
Hotfix for Windows XP (KB891593) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB895961) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB896256) Ver: 1
Hotfix for Windows XP (KB899337) Ver: 5 Installed: 8/16/2005
Hotfix for Windows XP (KB899510) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB902841) Ver: 1 Installed: 8/16/2005
Hotfix for Windows XP (KB906569) Ver: 2
IntelŪ Graphics Media Accelerator Driver Ver: 6.14.10.4431
IntelŪ PROSet/Wireless Software Ver: 10.01.0000
Internal Network Card Power Management Ver: 1.7.2
iPod for Windows 2006-03-23 Ver: 4.7.0 Installed: 4/1/2006
iPod for Windows 2006-03-23 Ver: 4.7.0 Installed: 4/1/2006
iTunes Ver: 6.0.4.2 Installed: 4/20/2006
iTunes Ver: 6.0.4.2 Installed: 4/20/2006
J2SE Runtime Environment 5.0 Update 7 Ver: 1.5.0.70 Installed: 7/9/2006
K-Lite Codec Pack 2.70 Basic Ver: 2.70
LimeWire 4.10.9 Ver: 4.10.9
Macromedia Flash Player 8 Ver: 8
Macromedia Shockwave Player Ver: 10.1.0.11
mCore Ver: 5.20.0000 Installed: 2/13/2006
mDrWiFi Ver: 5.20.0000 Installed: 2/13/2006
mHlpDell Ver: 5.20.0000 Installed: 2/13/2006
Microsoft .NET Framework 1.0 Hotfix (KB887998) Installed: 2/19/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 2/19/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3514 Installed: 2/13/2006
Microsoft Word 2002 Ver: 10.0.2627.01 Installed: 2/13/2006
Microsoft Works Ver: 08.05.0818 Installed: 2/13/2006
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word Ver: 8.0.0.0000 Installed: 2/13/2006
mIWA Ver: 5.20.0000 Installed: 2/13/2006
mLogView Ver: 5.20.0000 Installed: 2/13/2006
mMHouse Ver: 5.20.0000 Installed: 2/13/2006
Modem Helper Ver: 3.01
MovieEdit Task Ver: 2.1.0.20 Installed: 5/9/2006
Mozilla Firefox (1.5.0.4) Ver: 1.5.0.4 (en-US)
mPfMgr Ver: 5.20.0000 Installed: 2/13/2006
mPfWiz Ver: 5.20.0000 Installed: 2/13/2006
mProSafe Ver: 9.00.0000 Installed: 2/13/2006
mSSO Ver: 5.20.0000 Installed: 2/13/2006
mWlsSafe Ver: 9.00.0000 Installed: 2/13/2006
mWMI Ver: 5.20.0000 Installed: 2/13/2006
mXML Ver: 5.20.0000 Installed: 2/13/2006
mZConfig Ver: 5.20.0000 Installed: 2/13/2006
PhotoStitch Ver: 3.1.16 Installed: 5/9/2006
Pocket Tanks 1.00b
PowerDVD 5.7
QuickSet Ver: 7.0.9
QuickTime Ver: 7.0.4 Installed: 2/18/2006
QuickTime Ver: 7.0.4 Installed: 2/18/2006
RAW Image Task 2.2 Ver: 2.2 Installed: 5/9/2006
RealPlayer
RegAlyzer 1.4 Ver: 1.4
Security Update for Windows Media Player 10 (KB911565) Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 7/7/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896422) Ver: 1
Security Update for Windows XP (KB896423) Ver: 1
Security Update for Windows XP (KB896424) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB896688) Ver: 1
Security Update for Windows XP (KB899587) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB899588) Ver: 1
Security Update for Windows XP (KB899589) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB899591) Ver: 1
Security Update for Windows XP (KB900725) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB901190) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB901214) Ver: 1
Security Update for Windows XP (KB902400) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB904706) Ver: 1
Security Update for Windows XP (KB905414) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB905915) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/19/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 7/7/2006
Security Update for Windows XP (KB918439) Ver: 1 Installed: 7/7/2006
Shockwave Director 10.1.1
Sonic DLA Ver: 4.95 Installed: 2/13/2006
Sonic Encoders Ver: 1.00 Installed: 8/16/2005
Spybot - Search & Destroy 1.4 Ver: 1.4
Starcraft
Synaptics Pointing Device Driver Ver: 8.2.4.3
Trillian
Update for Windows Media Player 10 (KB910393) Installed: 2/19/2006
Update for Windows Media Player 10 (KB913800) Installed: 5/4/2006
Update for Windows XP (KB894391) Ver: 1 Installed: 2/19/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 2/19/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 5/4/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 2/19/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 7/7/2006
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.4a Ver: 0.8.4a
Wacom Tablet Driver
WebCyberCoach 3.2 Dell
WebFldrs XP Ver: 9.50.7523 Installed: 8/16/2005
WinAce Archiver Ver: 2.61
Windows Genuine Advantage Notifications (KB905474) Ver: 1.5.0540.0 Installed: 5/4/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10 Ver: 9.00.3636 Installed: 2/13/2006
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885855 Ver: 20040930.104104
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB888310 Ver: 20041027.095746
Windows XP Hotfix - KB889673 Ver: 20041116.085848
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 2/19/2006
Windows XP Hotfix - KB890927 Ver: 20050111.122717
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892627 Ver: 20050201.181426
Windows XP Hotfix - KB893056 Ver: 20050126.164313
Windows XP Media Center Edition 2005 KB908246 Installed: 2/13/2006
Windows XP Media Center Edition 2005 KB908250
WinZip Ver: 10.0 (6685)
Works Upgrade Ver: 8.0.0.0000 Installed: 2/13/2006
ZoneAlarm Ver: 6.5.722.000
ネットマーブル '麻雀' Ver: 179

And I just realized that the last part of your message wanst your signature, here is the combofix list:

Start Time= 07/11/2006 Tue 15:19:29.39
Running from: C:\Documents and Settings\Issei Masunaga\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-11 15:18:18 1063 ( A.... ) "C:\WINDOWS\system32\crpaa7e5.sys"
2006-07-11 15:18:18 1063 ( A.... ) "C:\WINDOWS\system32\crpaa7e5.sys"
2006-07-10 11:48:40 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-10 11:47:12 ( .D... ) "C:\Program Files\Safer Networking"
2006-07-09 02:54:58 234248 ( A.... ) "C:\WINDOWS\Tagasuarus2.exe"
2006-07-09 02:51:36 ( .D... ) "C:\Documents and Settings\Issei Masunaga\Application Data\System Restore"
2006-07-07 16:58:58 20480 ( A.... ) "C:\stub_sca3.exe"
2006-07-07 16:58:56 ( .D... ) "C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}"
2006-07-07 16:58:50 61440 ( ..... ) "C:\WINDOWS\system32\crpaa7e5.dll"
2006-07-07 16:58:48 29696 ( ..... ) "C:\WINDOWS\system32\w00cbccd.dll"
2006-07-07 16:58:22 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-07 16:21:44 ( .D... ) "C:\Program Files\DVD Decrypter"
2006-06-30 19:37:36 ( .D... ) "C:\Program Files\WinAce"
2006-06-30 17:13:36 12036 ( A.... ) "C:\Documents and Settings\Issei Masunaga\Application Data\wklnhst.dat"
2006-06-30 14:32:30 94208 ( A.... ) "C:\WINDOWS\ScUnin.exe"
2006-06-30 14:29:50 ( .D... ) "C:\Program Files\Starcraft"
2006-06-28 11:43:58 ( .D... ) "C:\Program Files\GAMANIA"
2006-06-24 16:50:06 ( .D... ) "C:\Program Files\Pocket Tanks"
2006-06-23 11:22:08 9216 ( ..... ) "C:\WINDOWS\vcblreca.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:26 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-06-18 17:54:26 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-06-18 17:54:24 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-06-18 17:54:24 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-06-18 17:54:22 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-06-18 17:54:22 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-06-18 17:54:20 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-06-18 17:54:20 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-06-18 17:54:20 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-06-18 17:54:18 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-18 17:54:08 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-05-25 17:50:48 848 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
2006-05-25 01:22:06 53248 ( A.... ) "C:\WINDOWS\bdoscandel.exe"
2006-05-13 21:18:00 ( .D... ) "C:\Program Files\Yahoo!"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"
2006-04-20 17:47:34 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2006-04-20 17:47:26 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2006-04-20 17:47:26 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2006-04-20 17:47:24 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-10 11:48 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-10 11:48 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-10 11:48 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-10 11:48 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-10 11:48 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-10 11:48 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-10 11:48 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-10 11:48 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-10 11:48 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-10 11:47 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-10 11:47 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-10 11:47 157,688 C:\WINDOWS\system32\vsinit.dll
2006-07-09 22:05 53,346 C:\WINDOWS\system32\javaw.exe
2006-07-09 22:05 49,248 C:\WINDOWS\system32\java.exe
2006-07-09 22:05 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-09 02:54 234,248 C:\WINDOWS\Tagasuarus2.exe
2006-07-07 16:58 8,464 C:\WINDOWS\system32\sporder.dll
2006-07-07 16:58 61,440 C:\WINDOWS\system32\crpaa7e5.dll
2006-07-07 16:58 29,696 C:\WINDOWS\system32\w00cbccd.dll
2006-07-07 16:58 20,480 C:\stub_sca3.exe
2006-07-07 16:58 1,063 C:\WINDOWS\system32\crpaa7e5.sys
2006-06-30 14:30 94,208 C:\WINDOWS\ScUnin.exe
2006-06-23 11:22 9,216 C:\WINDOWS\vcblreca.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ShowLOMControl"=dword:00000001
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"crpaa7e5"="RUNDLL32.EXE w00cbccd.dll,n 001aa7e40000000300cbccd"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RSD_HDDThermo"="C:\\Program Files\\HDD Thermometer\\HDD Thermometer.exe"
"wallp2.exe"="C:\\WINDOWS\\system32\\wallp2.exe"
"VSL13.exe"="C:\\WINDOWS\\system32\\VSL13.exe"
"1201.exe"="C:\\Documents and Settings\\Issei Masunaga\\Application Data\\System Restore\\1201.exe"
"ssqbn.exe"="C:\\WINDOWS\\system32\\ssqbn.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C8A380B4-07CB-1041-1217-050001}"="\"C:\\Program Files\\Common Files\\{C8A380B4-07CB-1041-1217-050001}\\Update.exe\" mc-110-12-0000228"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\kykeboz.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Movie Maker\\hohyxewiv.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



Contents of the 'Scheduled Tasks' folder

Completion time: 07/11/2006 Tue 15:19:39.89
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-11.151929.txt

And here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:21:04 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}\Update.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Issei Masunaga\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9ABC670C-D176-4A15-A372-D66E492339B6} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {B3D3C3F2-BD28-483A-9969-5E8CF11EC829} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {BFD383C4-6275-4908-893A-1E9D4DD8C735} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {CAAFA396-4FC9-4D03-BB6F-7C5186F93E05} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D94400B0-9BFE-4EBC-9E4A-2A07DD25EA45} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {D95C96A1-EBFF-F42B-CB17-FC7AE94A98A9} - C:\WINDOWS\vcblreca.dll
O2 - BHO: (no name) - {DC113AA5-A2BC-4A39-909F-529928BEB63E} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E0D7D039-F72D-40F0-8885-53251D9DBC27} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E40B2A8E-7BBA-4B9C-B5F4-DD01CAC97433} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [crpaa7e5] RUNDLL32.EXE w00cbccd.dll,n 001aa7e40000000300cbccd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Issei Masunaga\Application Data\System Restore\1201.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {26417FBF-5235-4084-B8FD-DA6A956CE837} (CPActiveXGameRun Control) - http://game.netmarble.jp//_common/cab/CPActiveXGameRun.cab
O16 - DPF: {2A7EFEAA-8059-4C69-8FE2-4BA999C3B102} (TrickCtrl Class) - https://ssl2.gcrest.com/trickster/cabs/TrickLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/NewX/lcjggame.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by im1215, 11 July 2006 - 02:22 PM.


#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 11 July 2006 - 05:01 PM

Hey im1215,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

* Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following bold part into the Suspicious File Packer window:

C:\WINDOWS\system32\crpaa7e5.sys
C:\WINDOWS\system32\crpaa7e5.dll
C:\WINDOWS\ScUnin.exe
C:\WINDOWS\vcblreca.dll


Allow SFP to pack the file. This will generate a CAB archive on your desktop.
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to the CAB archive that was been created on your desktop.
The cab file will be called requested-files[*].cab (the * stands for the date and hour).
Then click the Send File button below.
Please let me know when you have submitted the files.

* Download KillBox from here
- Click killbox.exe.
- Select the option "Delete on reboot".
- Click the button: All Files (!important!)
- Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\Tagasuarus2.exe
C:\stub_sca3.exe
C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}
C:\WINDOWS\system32\w00cbccd.dll
C:\WINDOWS\system32\wallp2.exe
C:\WINDOWS\system32\VSL13.exe
C:\WINDOWS\system32\ssqbn.exe
C:\Documents and Settings\Issei Masunaga\Application Data\System Restore\1201.exe


- Open 'file' in the killboxmenu on top and choose Paste from clipboard
- Then press the button that looks like a red circle with a white X in it.
- Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
- If you don't get that message, reboot manually.
- Your computer should reboot now.

Ignore the errors you'll get after reboot, that's normal, they will be gone after performing next steps..

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

O2 - BHO: (no name) - {9ABC670C-D176-4A15-A372-D66E492339B6} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {B3D3C3F2-BD28-483A-9969-5E8CF11EC829} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {BFD383C4-6275-4908-893A-1E9D4DD8C735} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {CAAFA396-4FC9-4D03-BB6F-7C5186F93E05} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D94400B0-9BFE-4EBC-9E4A-2A07DD25EA45} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {D95C96A1-EBFF-F42B-CB17-FC7AE94A98A9} - C:\WINDOWS\vcblreca.dll
O2 - BHO: (no name) - {DC113AA5-A2BC-4A39-909F-529928BEB63E} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E0D7D039-F72D-40F0-8885-53251D9DBC27} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E40B2A8E-7BBA-4B9C-B5F4-DD01CAC97433} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [crpaa7e5] RUNDLL32.EXE w00cbccd.dll,n 001aa7e40000000300cbccd
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Issei Masunaga\Application Data\System Restore\1201.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {2A7EFEAA-8059-4C69-8FE2-4BA999C3B102} (TrickCtrl Class) - https://ssl2.gcrest.com/trickster/cabs/TrickLauncher.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/NewX/lcjggame.cab


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

You are using LimeWire. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to LimeWire.
This is another article: http://www.cexx.org/adware.htm

Please reboot and post a new Hijackthis log.
David

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 11 July 2006 - 05:03 PM

Hey im1215,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

* Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following bold part into the Suspicious File Packer window:

C:\WINDOWS\system32\crpaa7e5.sys
C:\WINDOWS\system32\crpaa7e5.dll
C:\WINDOWS\ScUnin.exe
C:\WINDOWS\vcblreca.dll


Allow SFP to pack the file. This will generate a CAB archive on your desktop.
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to the CAB archive that was been created on your desktop.
The cab file will be called requested-files[*].cab (the * stands for the date and hour).
Then click the Send File button below.
Please let me know when you have submitted the files.

* Download KillBox from here
- Click killbox.exe.
- Select the option "Delete on reboot".
- Click the button: All Files (!important!)
- Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\Tagasuarus2.exe
C:\stub_sca3.exe
C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}
C:\WINDOWS\system32\w00cbccd.dll
C:\WINDOWS\system32\wallp2.exe
C:\WINDOWS\system32\VSL13.exe
C:\WINDOWS\system32\ssqbn.exe
C:\Documents and Settings\Issei Masunaga\Application Data\System Restore\1201.exe


- Open 'file' in the killboxmenu on top and choose Paste from clipboard
- Then press the button that looks like a red circle with a white X in it.
- Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
- If you don't get that message, reboot manually.
- Your computer should reboot now.

Ignore the errors you'll get after reboot, that's normal, they will be gone after performing next steps..

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

O2 - BHO: (no name) - {9ABC670C-D176-4A15-A372-D66E492339B6} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {B3D3C3F2-BD28-483A-9969-5E8CF11EC829} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {BFD383C4-6275-4908-893A-1E9D4DD8C735} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {CAAFA396-4FC9-4D03-BB6F-7C5186F93E05} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D94400B0-9BFE-4EBC-9E4A-2A07DD25EA45} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {D95C96A1-EBFF-F42B-CB17-FC7AE94A98A9} - C:\WINDOWS\vcblreca.dll
O2 - BHO: (no name) - {DC113AA5-A2BC-4A39-909F-529928BEB63E} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E0D7D039-F72D-40F0-8885-53251D9DBC27} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O2 - BHO: (no name) - {E40B2A8E-7BBA-4B9C-B5F4-DD01CAC97433} - C:\Program Files\MSN\hocenyhib.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [crpaa7e5] RUNDLL32.EXE w00cbccd.dll,n 001aa7e40000000300cbccd
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Issei Masunaga\Application Data\System Restore\1201.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {2A7EFEAA-8059-4C69-8FE2-4BA999C3B102} (TrickCtrl Class) - https://ssl2.gcrest.com/trickster/cabs/TrickLauncher.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/NewX/lcjggame.cab


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

You are using LimeWire. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to LimeWire.
This is another article: http://www.cexx.org/adware.htm

Please reboot and post a new Hijackthis log.
David

#10 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 11 July 2006 - 05:35 PM

Ok, I submitted the files, now I'll continue on the instructions

#11 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 11 July 2006 - 05:57 PM

And now I rebooted the computer and I did the Hijackthis scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:53:35 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Issei Masunaga\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {26417FBF-5235-4084-B8FD-DA6A956CE837} (CPActiveXGameRun Control) - http://game.netmarble.jp//_common/cab/CPActiveXGameRun.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

And btw are these really malware?:

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/NewX/lcjggame.cab

I got rid of them anyway but I didnt suspect them to be so.

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 12 July 2006 - 03:59 PM

Hey there,

My theory on those 016's is this - If I research them with no conclusive results I always have them deleted. If they are legitimate, next time you visit that site the activex control will just be replaced. I think, in my opinion, it is better to be safe than sorry. I want you to navigate to the following files and delete them is present:

C:\WINDOWS\system32\crpaa7e5.sys
C:\WINDOWS\system32\crpaa7e5.dll
C:\WINDOWS\vcblreca.dll

As with all malware like this, it never comes alone and there are probably infected files left on your computer. Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply by using Add Reply, along with a new Hijackthis log. Also rerun Combofix and post its log.

David

#13 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 12 July 2006 - 05:22 PM

Panda:


Incident Status Location

Adware:Adware/DigInk Not disinfected C:\!KillBox\Tagasuarus2.exe
Adware:Adware/DollarRevenue Not disinfected C:\!KillBox\w00cbccd.dll
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Issei Masunaga\Application Data\Mozilla\Firefox\Profiles\dgb26nms.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Issei Masunaga\Cookies\issei masunaga@ad.yieldmanager[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Issei Masunaga\Cookies\issei masunaga@banners.searchingbooth[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Issei Masunaga\Desktop\requested-files[2006-07-11_18_25].cab[C:\WINDOWS\system32\crpaa7e5.dll]
Virus:Trj/Downloader.JKC Not disinfected C:\Documents and Settings\Issei Masunaga\Desktop\requested-files[2006-07-11_18_25].cab[C:\WINDOWS\vcblreca.dll]

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:18:23 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Issei Masunaga\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {26417FBF-5235-4084-B8FD-DA6A956CE837} (CPActiveXGameRun Control) - http://game.netmarble.jp//_common/cab/CPActiveXGameRun.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

combofix:

Start Time= 07/12/2006 Wed 18:19:01.84
Running from: C:\Documents and Settings\Issei Masunaga\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-12 10:04:00 ( .D... ) "C:\Program Files\Sonic"
2006-07-11 19:33:42 ( .D... ) "C:\Program Files\Shareaza"
2006-07-11 19:33:42 ( .D... ) "C:\Documents and Settings\Issei Masunaga\Application Data\Shareaza"
2006-07-11 19:21:38 ( .D... ) "C:\Documents and Settings\Issei Masunaga\Application Data\Azureus"
2006-07-11 19:21:26 ( .D... ) "C:\Program Files\Azureus"
2006-07-10 11:48:40 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-10 11:47:12 ( .D... ) "C:\Program Files\Safer Networking"
2006-07-09 02:51:36 ( .D... ) "C:\Documents and Settings\Issei Masunaga\Application Data\System Restore"
2006-07-07 16:58:56 ( .D... ) "C:\Program Files\Common Files\{C8A380B4-07CB-1041-1217-050001}"
2006-07-07 16:58:22 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-07 16:21:44 ( .D... ) "C:\Program Files\DVD Decrypter"
2006-06-30 19:37:36 ( .D... ) "C:\Program Files\WinAce"
2006-06-30 17:13:36 12036 ( A.... ) "C:\Documents and Settings\Issei Masunaga\Application Data\wklnhst.dat"
2006-06-30 14:32:30 94208 ( A.... ) "C:\WINDOWS\ScUnin.exe"
2006-06-30 14:29:50 ( .D... ) "C:\Program Files\Starcraft"
2006-06-28 11:43:58 ( .D... ) "C:\Program Files\GAMANIA"
2006-06-24 16:50:06 ( .D... ) "C:\Program Files\Pocket Tanks"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:26 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-06-18 17:54:26 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-06-18 17:54:24 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-06-18 17:54:24 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-06-18 17:54:22 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-06-18 17:54:22 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-06-18 17:54:20 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-06-18 17:54:20 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-06-18 17:54:20 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-06-18 17:54:18 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-18 17:54:08 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-05-25 17:50:48 848 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
2006-05-25 01:22:06 53248 ( A.... ) "C:\WINDOWS\bdoscandel.exe"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-13 21:18:00 ( .D... ) "C:\Program Files\Yahoo!"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"
2006-04-20 17:47:34 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2006-04-20 17:47:26 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2006-04-20 17:47:26 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2006-04-20 17:47:24 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-12 17:06 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-12 17:06 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-12 10:04 98,358 C:\WINDOWS\dla.exe
2006-07-12 10:04 61,498 C:\WINDOWS\system32\tfswapi.dll
2006-07-10 11:48 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-10 11:48 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-10 11:48 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-10 11:48 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-10 11:48 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-10 11:48 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-10 11:48 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-10 11:48 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-10 11:48 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-10 11:47 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-10 11:47 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-10 11:47 157,688 C:\WINDOWS\system32\vsinit.dll
2006-07-09 22:05 53,346 C:\WINDOWS\system32\javaw.exe
2006-07-09 22:05 49,248 C:\WINDOWS\system32\java.exe
2006-07-09 22:05 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-07 16:58 8,464 C:\WINDOWS\system32\sporder.dll
2006-06-30 14:30 94,208 C:\WINDOWS\ScUnin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ShowLOMControl"=dword:00000001
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RSD_HDDThermo"="C:\\Program Files\\HDD Thermometer\\HDD Thermometer.exe"
"Shareaza"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C8A380B4-07CB-1041-1217-050001}"="\"C:\\Program Files\\Common Files\\{C8A380B4-07CB-1041-1217-050001}\\Update.exe\" mc-110-12-0000228"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\kykeboz.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Movie Maker\\hohyxewiv.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e1,00,00,00,00,00,00,00,bf,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



Contents of the 'Scheduled Tasks' folder

Completion time: 07/12/2006 Wed 18:19:13.34
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-11.151929.txt
ComboFix.2006-07-12.181901.txt

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 15 July 2006 - 09:45 AM

Please empty this folder:
C:\!KillBox

You are using Shareaza. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Shareaza.
This is another article: http://www.cexx.org/adware.htm

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle basin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Please reboot and let me know how the computer is running.
David :thumbsup:

#15 im1215

im1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 15 July 2006 - 01:53 PM

Ok, I deleted the contents of !killbox.
I didnt remove shareaza because it was under the clean programs list.
I removed all of the temporary internet files and ran the fix.reg.
The computer is working well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users