Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Win32:afcore [trj]


  • This topic is locked This topic is locked
12 replies to this topic

#1 duhh001

duhh001

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 25 August 2006 - 10:46 PM

Downloaded Hijackthis, but need help (beginer). Also shows wmadxodi.dll\[UPX]

Avast detects it everytime but can't delete it.

Logfile of HijackThis v1.99.1
Scan saved at 11:55:25 PM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\{68EA4673-07C9-1033-0821-020326200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM95\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: dvb03a - dvb03a.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Edited by duhh001, 25 August 2006 - 10:59 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:26 PM

Posted 26 August 2006 - 08:03 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 duhh001

duhh001
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 26 August 2006 - 11:58 AM

Thank you for responding. Here's the copy of the Combo Fix log.

Administrator - 06-08-26 12:44:13.79
ComboFix 06.08.26BT - Running from: C:\Documents and Settings\Administrator\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-13 13:45 2 --a------ C:\WINDOWS\system32\wtstr.exe
2006-08-08 12:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-02 07:51 28672 --a------ C:\WINDOWS\system32\aubmr.exe
2006-08-02 03:59 127488 --a------ C:\WINDOWS\system32\jljirh.exe
2006-07-26 22:25 218 --a------ C:\WINDOWS\hgqoi.dll
2006-07-26 18:42 142 --a------ C:\WINDOWS\rinpr.dll
2006-07-24 11:39 53 --a------ C:\WINDOWS\vqocvw.dat


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-08-02 03:59 127488 jljirh.exe.qoo
06-08-02 07:51 28672 aubmr.exe.qoo
06-07-26 22:25 218 hgqoi.dll.qoo
06-07-26 18:42 142 rinpr.dll.qoo
06-07-24 11:39 53 vqocvw.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrator\Application Data\Sskdmns.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vxgame1.exe
C:\WINDOWS\system32\vxgame4.exe
C:\WINDOWS\system32\vxgamet1.exe
C:\WINDOWS\system32\vxgamet2.exe
C:\WINDOWS\system32\vxgamet3.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\icon_mediamotor.exe
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\maxd641.exe
C:\WINDOWS\system32\ts_mediamotor.exe
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\media_motor_bundle.exe
C:\WINDOWS\uni_eh.exe
C:\WINDOWS\xpupdate.exe
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\Program Files\TClock
C:\Program Files\System Files
C:\Program Files\System Icons
C:\Program Files\Common Files\{68EA4673-07C9-1033-0821-020326200001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\STEM32~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\SKS~1
C:\QooBox\Purity\Program Files\CURITY~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\RACLE~1\services.exe
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-07-26 to 2006-08-26 ))))))))))))))))))))))))))))))))))


2006-08-25 21:58 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-25 21:58 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-25 21:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-08-19 23:38 5,744 --a------ C:\WINDOWS\system32\testtestt.exe
2006-08-19 21:25 50,278 --a------ C:\WINDOWS\system32\klo5.sys
2006-08-19 21:16 61,857 --a------ C:\fedsetup.exe
2006-08-17 21:58 1,232 --a------ C:\WINDOWS\system32\TheMatrixHasYou.exe
2006-08-17 21:54 4,363 --a------ C:\WINDOWS\system32\dlh9jkdq5.exe
2006-08-17 21:54 2,518 --a------ C:\WINDOWS\system32\dlh9jkdq1.exe
2006-08-17 03:44 46,592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-08-17 03:43 63,290 --a------ C:\WINDOWS\system32\ipod.raw.exe
2006-08-17 03:41 15,088 --a------ C:\WINDOWS\system32\stonedrv.exe
2006-08-17 03:38 6,790 --a------ C:\WINDOWS\system32\dlh9jkdq7.exe
2006-08-17 03:38 6,787 --a------ C:\WINDOWS\system32\dlh9jkdq6.exe
2006-08-17 03:38 18,608 --a------ C:\WINDOWS\system32\dlh9jkdq2.exe
2006-08-12 19:43 16 --a------ C:\WINDOWS\system32\dlh9jkdq8.exe
2006-08-11 19:53 95,232 --a------ C:\WINDOWS\system32\Lfkodak.dll
2006-08-11 19:53 93,184 --a------ C:\WINDOWS\system32\lftif70n.dll
2006-08-11 19:53 668,672 --a------ C:\WINDOWS\system32\ipeistor11.dll
2006-08-11 19:53 66,560 --a------ C:\WINDOWS\system32\ipeapi11.dll
2006-08-11 19:53 55,808 --a------ C:\WINDOWS\system32\lffax70n.dll
2006-08-11 19:53 55,296 --a------ C:\WINDOWS\system32\ltfil70n.DLL
2006-08-11 19:53 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll
2006-08-11 19:53 395,264 --a------ C:\WINDOWS\system32\hpscntst.dll
2006-08-11 19:53 350,208 --a------ C:\WINDOWS\system32\ltkrn70n.dll
2006-08-11 19:53 35,328 --a------ C:\WINDOWS\system32\lffpx70n.dll
2006-08-11 19:53 324,096 --a------ C:\WINDOWS\system32\ipebase11.dll
2006-08-11 19:53 32,768 --a------ C:\WINDOWS\system32\lfgif70n.dll
2006-08-11 19:53 306,688 --a------ C:\WINDOWS\system32\Lffpx7.dll
2006-08-11 19:53 251,392 --a------ C:\WINDOWS\system32\hpscnmgr.dll
2006-08-11 19:53 24,576 --a------ C:\WINDOWS\system32\lfpcx70n.dll
2006-08-11 19:53 24,576 --a------ C:\WINDOWS\system32\lfbmp70n.dll
2006-08-11 19:53 224,768 --a------ C:\WINDOWS\system32\LFCMP70n.DLL
2006-08-11 19:53 16,896 --a------ C:\WINDOWS\system32\reg32.dll
2006-08-11 19:53 16,384 --a------ C:\WINDOWS\system32\hpsj32.dll
2006-08-11 19:53 13,824 --a------ C:\WINDOWS\system32\hpscan32.dll
2006-08-11 19:53 12,288 --a------ C:\WINDOWS\system32\hpsmui.dll
2006-08-11 19:53 111,104 --a------ C:\WINDOWS\system32\lfpng70n.dll
2006-08-11 19:53 1,080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-08-11 19:52 299,520 --a------ C:\WINDOWS\uninst.exe
2006-07-26 22:29 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-07-26 22:29 131,072 --------- C:\WINDOWS\system32\mclsp.dll
2006-07-26 22:29 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-07-26 20:44 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-26 12:48 -------- d-------- C:\Program Files\Common Files
2006-08-25 21:57 -------- d-------- C:\Program Files\Alwil Software
2006-08-17 03:42 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-08-13 13:45 2 --a------ C:\WINDOWS\system32\wtstr.exe
2006-08-12 09:53 -------- d-------- C:\Program Files\BitComet
2006-08-10 22:48 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2006-08-10 22:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2006-08-05 11:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 11:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 11:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 11:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 11:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-07-26 22:55 -------- d-------- C:\Program Files\McAfee.com
2006-07-26 22:15 -------- d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2006-07-26 18:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-24 02:45 -------- d-------- C:\Program Files\Webroot
2006-07-23 03:38 -------- d-------- C:\Program Files\LimeWire
2006-07-23 03:38 -------- d-------- C:\Program Files\Common Files\oiro
2006-07-23 03:11 1063 --a------ C:\WINDOWS\system32\gpndddf5.sys
2006-07-23 03:05 32768 --a------ C:\WINDOWS\unstall.exe
2006-07-23 03:05 -------- d-------- C:\Program Files\HP
2006-07-20 20:20 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2006-07-10 19:05 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-07-10 17:58 -------- d-------- C:\Program Files\Encore
2006-07-10 17:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-06 03:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2006-07-03 10:53 24576 --a------ C:\WINDOWS\system32\xd7ehbkw.exe
2006-07-03 10:53 1142784 --a------ C:\WINDOWS\system32\bdpn.exe
2006-07-03 05:57 -------- d-------- C:\Program Files\ArcSoft
2006-07-03 00:35 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-07-02 23:26 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2006-07-02 22:08 150 --a------ C:\AUTOEXEC.BAT
2006-07-02 22:08 -------- d-------- C:\Program Files\muvee Technologies
2006-07-02 22:08 -------- d-------- C:\Program Files\HP DVD
2006-07-02 22:08 -------- d-------- C:\Program Files\Common Files\muvee Technologies
2006-07-02 22:07 -------- d-------- C:\Program Files\PowerDVD
2006-07-02 22:07 -------- d-------- C:\Program Files\CyberLink
2006-07-02 22:07 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-02 22:04 -------- d-------- C:\Program Files\Common Files\Sonic
2006-07-02 22:03 -------- d-------- C:\Program Files\Sonic_RecordNow
2006-07-02 22:03 -------- d-------- C:\Program Files\Sonic
2006-07-02 22:03 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-07-02 19:29 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Real
2006-07-02 02:53 -------- d-------- C:\Program Files\Common Files\ArcSoft
2006-06-30 13:37 -------- d-------- C:\Program Files\AIM95
2006-06-30 11:52 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-06-30 11:51 -------- d-------- C:\Program Files\VideoLAN
2006-06-30 05:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-06-30 04:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-06-30 04:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2006-06-29 21:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-06-29 21:46 -------- d--h----- C:\Program Files\Uninstall Information
2006-06-29 21:46 -------- d-------- C:\Program Files\ORKTOOLS
2006-06-29 21:43 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-06-29 21:41 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-06-29 21:38 -------- d-------- C:\Program Files\Microsoft Works
2006-06-29 21:38 -------- d-------- C:\Program Files\Microsoft Office
2006-06-29 21:38 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-06-29 21:37 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-06-29 21:35 -------- d-------- C:\Program Files\Common Files\System
2006-06-29 21:34 -------- d-------- C:\Program Files\Microsoft.NET
2006-06-29 21:33 -------- d-------- C:\Program Files\WinRAR
2006-06-29 21:32 -------- d-------- C:\Program Files\PeerGuardian2
2006-06-29 21:32 -------- d-------- C:\Program Files\OO Software
2006-06-29 21:31 -------- d-------- C:\Program Files\Common Files\Ahead
2006-06-29 21:31 -------- d-------- C:\Program Files\Ahead
2006-06-29 21:30 -------- d-------- C:\Program Files\MagicISO
2006-06-29 21:30 -------- d-------- C:\Program Files\Jasc Software Inc
2006-06-29 21:30 -------- d-------- C:\Program Files\DVD2one
2006-06-29 21:30 -------- d-------- C:\Program Files\DVD Decrypter
2006-06-29 21:29 -------- d-------- C:\Program Files\Common Files\Adobe
2006-06-29 21:29 -------- d-------- C:\Program Files\Adobe
2006-06-29 21:28 -------- d-------- C:\Program Files\Lavasoft
2006-06-29 21:27 -------- d-------- C:\Program Files\WinZip
2006-06-29 21:27 -------- d-------- C:\Program Files\Real Alternative
2006-06-29 21:27 -------- d-------- C:\Program Files\QuickTime Alternative
2006-06-29 21:27 -------- d-------- C:\Program Files\Media Player Classic
2006-06-29 21:26 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-06-29 21:26 -------- d-------- C:\Program Files\Java
2006-06-29 21:25 -------- d-------- C:\Program Files\Common Files\Java
2006-06-29 21:07 -------- d-------- C:\Program Files\Internet Explorer
2006-06-29 21:05 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-06-29 21:01 0 -rahs---- C:\MSDOS.SYS
2006-06-29 21:01 0 -rahs---- C:\IO.SYS
2006-06-29 21:01 0 --a------ C:\CONFIG.SYS
2006-06-29 21:00 -------- d-------- C:\Program Files\Windows Media Player
2006-06-29 20:58 -------- d--h----- C:\Program Files\WindowsUpdate
2006-06-29 20:58 -------- d-------- C:\Program Files\Online Services
2006-06-29 20:56 -------- d-------- C:\Program Files\Outlook Express
2006-06-29 20:56 -------- d-------- C:\Program Files\NetMeeting
2006-06-29 20:56 -------- d-------- C:\Program Files\Movie Maker
2006-06-29 20:56 -------- d-------- C:\Program Files\Common Files\Services
2006-06-29 20:56 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-06-29 20:54 -------- d-------- C:\Program Files\ComPlus Applications
2006-06-29 20:53 -------- d-------- C:\Program Files\Windows NT
2006-06-29 20:53 -------- d-------- C:\Program Files\Unlocker
2006-06-29 20:53 -------- d-------- C:\Program Files\Messenger
2006-06-29 20:52 -------- d-------- C:\Program Files\MSN
2006-06-29 15:49 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-06-29 15:49 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-06-29 15:49 -------- d-------- C:\Program Files\Common Files\ODBC
2006-06-29 10:47 -------- d-------- C:\Program Files\Yahoo!
2006-06-29 10:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Jasc
2006-06-29 10:14 -------- d-------- C:\Program Files\Hewlett-Packard
2006-06-29 09:58 -------- d-------- C:\Program Files\Google
2006-06-29 09:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"AIM"="C:\\PROGRA~1\\AIM95\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Wallpaper"="C:\\WINDOWS\\desktop.html"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\HP\\pomo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\MSN Gaming Zone\\mekege.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^bsvjx.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\bsvjx.exe"
"backup"="C:\\WINDOWS\\pss\\bsvjx.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\bsvjx.exe"
"item"="bsvjx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Parallel Port Test.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Parallel Port Test.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Parallel Port Test.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\SCANJET\\PRECIS~1\\hpppt.exe /ICON"
"item"="HP Parallel Port Test"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\faubs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jljirh"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\jljirh.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Hhl7RfpJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssn6tuu"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\ssn6tuu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\idnarf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jljirh"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\jljirh.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ipwins\\ipwins.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Neeo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="services"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\RACLE~1\\services.exe\" -vt yazr"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Nqetkesx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOOL32~1"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\STEM32~1\\SOOL32~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pop06apelt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="thiselt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\thiselt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys017601839231]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys017601839231"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys017601839231.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys101760183923]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys101760183923"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys101760183923.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kernels8"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\kernels8.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\win32079231760183]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="win32079231760183"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\win32079231760183.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows update loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xpupdate"
"hkey"="HKCU"
"command"="C:\\Windows\\xpupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvb03a

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\dvb06a.sys

Completion time: Sat 08/26/2006 12:52:16.95
ComboFix.txt

#4 duhh001

duhh001
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 26 August 2006 - 12:00 PM

Fresh log of Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 12:58:15 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AIM95\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: dvb03a - dvb03a.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:26 PM

Posted 26 August 2006 - 08:09 PM

We still have much to do.

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Wallpaper"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^bsvjx.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\faubs]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ftexc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Hhl7RfpJ]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\idnarf]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IpWins]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Nqetkesx]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pop06apelt]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\shell]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys017601839231]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys101760183923]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\win32079231760183]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows update loader]
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


===========



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\Program Files\HP\pomo.html
    C:\Program Files\MSN Gaming Zone\mekege.html
    C:\WINDOWS\system32\wtstr.exe
    C:\WINDOWS\system32\xd7ehbkw.exe
    C:\WINDOWS\system32\bdpn.exe
    C:\WINDOWS\system32\testtestt.exe
    C:\WINDOWS\system32\TheMatrixHasYou.exe
    C:\WINDOWS\system32\dlh9jkdq5.exe
    C:\WINDOWS\system32\dlh9jkdq1.exe
    C:\WINDOWS\system32\zlbw.dll
    C:\WINDOWS\system32\ipod.raw.exe
    C:\WINDOWS\system32\stonedrv.exe
    C:\WINDOWS\system32\dlh9jkdq7.exe
    C:\WINDOWS\system32\dlh9jkdq6.exe
    C:\WINDOWS\system32\dlh9jkdq2.exe
    C:\WINDOWS\system32\dlh9jkdq8.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
===========



Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Clean out your Temporary Internet files
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start -> Control Panel and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    IMPORTANT: Close all windows and do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:

  • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido scan report along with a new Hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 duhh001

duhh001
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 26 August 2006 - 11:30 PM

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). Did not receive this prompt.

Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrator(Administrator)
was started @ Sunday, August 27, 2006, 12:15 AM

# 1 [Delete on Reboot]
Path = C:\Program Files\HP\pomo.html


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wtstr.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\xd7ehbkw.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\bdpn.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\testtestt.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\TheMatrixHasYou.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\dlh9jkdq5.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\dlh9jkdq1.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\zlbw.dll


# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\ipod.raw.exe


# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\stonedrv.exe


# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\dlh9jkdq7.exe


# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\dlh9jkdq6.exe


# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\dlh9jkdq2.exe


# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\dlh9jkdq8.exe


I Rebooted @ 12:20:30 AM
Killbox Closed(Exit) @ 12:20:41 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrator(Administrator)
was started @ Sunday, August 27, 2006, 12:26 AM

#7 duhh001

duhh001
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 27 August 2006 - 12:33 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:19:55 AM 8/27/2006

+ Scan result:



C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\!KillBox\bdpn.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmadxodi.dll -> Backdoor.Afcore.cr : Cleaned with backup (quarantined).
[668] C:\WINDOWS\system32\wmadxodi.dll -> Backdoor.Afcore.cr : Cleaned with backup (quarantined).
[840] C:\WINDOWS\system32\wmadxodi.dll -> Backdoor.Afcore.cr : Cleaned with backup (quarantined).
C:\fedsetup.exe -> Backdoor.Haxdoor.291 : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\RACLE~1\services.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\!KillBox\dlh9jkdq6.exe -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\!KillBox\dlh9jkdq7.exe -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\boot.inx -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\!KillBox\pomo.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\folder.js -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\!KillBox\dlh9jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.dz : Cleaned with backup (quarantined).
C:\!KillBox\ipod.raw.exe -> Proxy.Lager.cd : Cleaned with backup (quarantined).
C:\!KillBox\stonedrv.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\!KillBox\xd7ehbkw.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.ai : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.am : Cleaned with backup (quarantined).


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 1:30:02 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\AIM95\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\Hijack this\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: dvb03a - dvb03a.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:26 PM

Posted 27 August 2006 - 03:37 AM

I see that you are running two antivirus programs - Avast and Mcafee. This is not a good idea and can actually cause problems. Please uninstall one of them.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: dvb03a - dvb03a.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



Reboot your computer and post a new log from Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 duhh001

duhh001
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 27 August 2006 - 10:16 AM

Deleted Macafee Virus Scan, should I also delete Security Center & Firewall?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:26 PM

Posted 27 August 2006 - 10:23 AM

You should be able to run Mcafee's firewall without causing any conflicts. And you will need to keep the Security Center installed in order to keep the firewall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 duhh001

duhh001
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 27 August 2006 - 12:50 PM

Administrator - 06-08-27 13:40:14.51
ComboFix 06.08.26BT - Running from: C:\Documents and Settings\Administrator\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\STEM32~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\SKS~1
C:\QooBox\Purity\Program Files\CURITY~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))


2006-08-25 21:58 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-25 21:58 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-25 21:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-08-19 21:25 50,278 --a------ C:\WINDOWS\system32\klo5.sys
2006-08-11 19:53 95,232 --a------ C:\WINDOWS\system32\Lfkodak.dll
2006-08-11 19:53 93,184 --a------ C:\WINDOWS\system32\lftif70n.dll
2006-08-11 19:53 668,672 --a------ C:\WINDOWS\system32\ipeistor11.dll
2006-08-11 19:53 66,560 --a------ C:\WINDOWS\system32\ipeapi11.dll
2006-08-11 19:53 55,808 --a------ C:\WINDOWS\system32\lffax70n.dll
2006-08-11 19:53 55,296 --a------ C:\WINDOWS\system32\ltfil70n.DLL
2006-08-11 19:53 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll
2006-08-11 19:53 395,264 --a------ C:\WINDOWS\system32\hpscntst.dll
2006-08-11 19:53 350,208 --a------ C:\WINDOWS\system32\ltkrn70n.dll
2006-08-11 19:53 35,328 --a------ C:\WINDOWS\system32\lffpx70n.dll
2006-08-11 19:53 324,096 --a------ C:\WINDOWS\system32\ipebase11.dll
2006-08-11 19:53 32,768 --a------ C:\WINDOWS\system32\lfgif70n.dll
2006-08-11 19:53 306,688 --a------ C:\WINDOWS\system32\Lffpx7.dll
2006-08-11 19:53 251,392 --a------ C:\WINDOWS\system32\hpscnmgr.dll
2006-08-11 19:53 24,576 --a------ C:\WINDOWS\system32\lfpcx70n.dll
2006-08-11 19:53 24,576 --a------ C:\WINDOWS\system32\lfbmp70n.dll
2006-08-11 19:53 224,768 --a------ C:\WINDOWS\system32\LFCMP70n.DLL
2006-08-11 19:53 16,896 --a------ C:\WINDOWS\system32\reg32.dll
2006-08-11 19:53 16,384 --a------ C:\WINDOWS\system32\hpsj32.dll
2006-08-11 19:53 13,824 --a------ C:\WINDOWS\system32\hpscan32.dll
2006-08-11 19:53 12,288 --a------ C:\WINDOWS\system32\hpsmui.dll
2006-08-11 19:53 111,104 --a------ C:\WINDOWS\system32\lfpng70n.dll
2006-08-11 19:53 1,080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-08-11 19:52 299,520 --a------ C:\WINDOWS\uninst.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-27 13:38 -------- d-------- C:\Program Files\McAfee.com
2006-08-27 12:39 -------- d-------- C:\Program Files\DVD Shrink
2006-08-27 12:29 -------- d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2006-08-27 07:34 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-27 00:21 -------- d-------- C:\Program Files\HP
2006-08-26 12:48 -------- d-------- C:\Program Files\Common Files
2006-08-25 21:57 -------- d-------- C:\Program Files\Alwil Software
2006-08-17 03:42 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-08-12 09:53 -------- d-------- C:\Program Files\BitComet
2006-08-10 22:48 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2006-08-10 22:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2006-08-05 11:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 11:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 11:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 11:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 11:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-07-26 22:15 -------- d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2006-07-26 18:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-24 02:45 -------- d-------- C:\Program Files\Webroot
2006-07-23 03:38 -------- d-------- C:\Program Files\LimeWire
2006-07-23 03:38 -------- d-------- C:\Program Files\Common Files\oiro
2006-07-23 03:11 1063 --a------ C:\WINDOWS\system32\gpndddf5.sys
2006-07-20 20:20 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2006-07-10 19:05 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-07-10 17:58 -------- d-------- C:\Program Files\Encore
2006-07-10 17:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-06 03:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2006-07-03 05:57 -------- d-------- C:\Program Files\ArcSoft
2006-07-03 00:35 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-07-02 23:26 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2006-07-02 22:08 150 --a------ C:\AUTOEXEC.BAT
2006-07-02 22:08 -------- d-------- C:\Program Files\muvee Technologies
2006-07-02 22:08 -------- d-------- C:\Program Files\HP DVD
2006-07-02 22:08 -------- d-------- C:\Program Files\Common Files\muvee Technologies
2006-07-02 22:07 -------- d-------- C:\Program Files\PowerDVD
2006-07-02 22:07 -------- d-------- C:\Program Files\CyberLink
2006-07-02 22:07 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-02 22:04 -------- d-------- C:\Program Files\Common Files\Sonic
2006-07-02 22:03 -------- d-------- C:\Program Files\Sonic_RecordNow
2006-07-02 22:03 -------- d-------- C:\Program Files\Sonic
2006-07-02 22:03 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-07-02 19:29 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Real
2006-07-02 02:53 -------- d-------- C:\Program Files\Common Files\ArcSoft
2006-06-30 13:37 -------- d-------- C:\Program Files\AIM95
2006-06-30 11:52 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-06-30 11:51 -------- d-------- C:\Program Files\VideoLAN
2006-06-30 05:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-06-30 04:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-06-30 04:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2006-06-29 21:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-06-29 21:46 -------- d--h----- C:\Program Files\Uninstall Information
2006-06-29 21:46 -------- d-------- C:\Program Files\ORKTOOLS
2006-06-29 21:43 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-06-29 21:41 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-06-29 21:38 -------- d-------- C:\Program Files\Microsoft Works
2006-06-29 21:38 -------- d-------- C:\Program Files\Microsoft Office
2006-06-29 21:38 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-06-29 21:37 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-06-29 21:35 -------- d-------- C:\Program Files\Common Files\System
2006-06-29 21:34 -------- d-------- C:\Program Files\Microsoft.NET
2006-06-29 21:33 -------- d-------- C:\Program Files\WinRAR
2006-06-29 21:32 -------- d-------- C:\Program Files\PeerGuardian2
2006-06-29 21:32 -------- d-------- C:\Program Files\OO Software
2006-06-29 21:31 -------- d-------- C:\Program Files\Common Files\Ahead
2006-06-29 21:31 -------- d-------- C:\Program Files\Ahead
2006-06-29 21:30 -------- d-------- C:\Program Files\MagicISO
2006-06-29 21:30 -------- d-------- C:\Program Files\Jasc Software Inc
2006-06-29 21:30 -------- d-------- C:\Program Files\DVD2one
2006-06-29 21:30 -------- d-------- C:\Program Files\DVD Decrypter
2006-06-29 21:29 -------- d-------- C:\Program Files\Common Files\Adobe
2006-06-29 21:29 -------- d-------- C:\Program Files\Adobe
2006-06-29 21:28 -------- d-------- C:\Program Files\Lavasoft
2006-06-29 21:27 -------- d-------- C:\Program Files\WinZip
2006-06-29 21:27 -------- d-------- C:\Program Files\Real Alternative
2006-06-29 21:27 -------- d-------- C:\Program Files\QuickTime Alternative
2006-06-29 21:27 -------- d-------- C:\Program Files\Media Player Classic
2006-06-29 21:26 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-06-29 21:26 -------- d-------- C:\Program Files\Java
2006-06-29 21:25 -------- d-------- C:\Program Files\Common Files\Java
2006-06-29 21:07 -------- d-------- C:\Program Files\Internet Explorer
2006-06-29 21:05 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-06-29 21:01 0 -rahs---- C:\MSDOS.SYS
2006-06-29 21:01 0 -rahs---- C:\IO.SYS
2006-06-29 21:01 0 --a------ C:\CONFIG.SYS
2006-06-29 21:00 -------- d-------- C:\Program Files\Windows Media Player
2006-06-29 20:58 -------- d--h----- C:\Program Files\WindowsUpdate
2006-06-29 20:58 -------- d-------- C:\Program Files\Online Services
2006-06-29 20:56 -------- d-------- C:\Program Files\Outlook Express
2006-06-29 20:56 -------- d-------- C:\Program Files\NetMeeting
2006-06-29 20:56 -------- d-------- C:\Program Files\Movie Maker
2006-06-29 20:56 -------- d-------- C:\Program Files\Common Files\Services
2006-06-29 20:56 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-06-29 20:54 -------- d-------- C:\Program Files\ComPlus Applications
2006-06-29 20:53 -------- d-------- C:\Program Files\Windows NT
2006-06-29 20:53 -------- d-------- C:\Program Files\Unlocker
2006-06-29 20:53 -------- d-------- C:\Program Files\Messenger
2006-06-29 20:52 -------- d-------- C:\Program Files\MSN
2006-06-29 15:49 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-06-29 15:49 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-06-29 15:49 -------- d-------- C:\Program Files\Common Files\ODBC
2006-06-29 10:47 -------- d-------- C:\Program Files\Yahoo!
2006-06-29 10:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Jasc
2006-06-29 10:14 -------- d-------- C:\Program Files\Hewlett-Packard
2006-06-29 09:58 -------- d-------- C:\Program Files\Google
2006-06-29 09:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\McUpdate.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"MCAgentExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\McAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Parallel Port Test.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Parallel Port Test.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Parallel Port Test.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\SCANJET\\PRECIS~1\\hpppt.exe /ICON"
"item"="HP Parallel Port Test"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Neeo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="services"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\RACLE~1\\services.exe\" -vt yazr"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kernels8"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\kernels8.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\dvb06a.sys

Completion time: Sun 08/27/2006 13:41:18.93
ComboFix.txt
ComboFix2.txt

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:26 PM

Posted 27 August 2006 - 05:55 PM

Download haxfix.exe
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
  • Copy the contents of that logfile and paste it into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:26 PM

Posted 12 September 2006 - 06:47 PM

Unfortunately there has been no response, and this thread will now be closed. :thumbsup:

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users