Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just To See If I Am Clean Thanks


  • This topic is locked This topic is locked
18 replies to this topic

#1 dragowrx1

dragowrx1

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 12 January 2007 - 01:06 AM

Here is my log i just wanna double check to see if i am infected or not

Logfile of HijackThis v1.99.1
Scan saved at 10:51:41 PM, on 1/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}\Update.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Antivirus\caaviftest.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [{900FD1A1-0321-1033-0922-000118000001}] "C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}\Update.exe" te-110-12-0000245
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Edited by dragowrx1, 12 January 2007 - 01:53 AM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 12 January 2007 - 06:14 AM

Hello,

Yes, you are infected..

It is important you don't miss a step and perform everything in the right order!!

* Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot afterwards! Important!

--------------------
After reboot....

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O4 - HKLM\..\Run: [{900FD1A1-0321-1033-0922-000118000001}] "C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}\Update.exe" te-110-12-0000245
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
<== this is a resource hog

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post next logs in your following reply:
  • Log from combofix (combofix.txt)
  • New HijackThislog
You may need several replies to post the logs in case they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 12 January 2007 - 09:44 PM

HI again, Thanks for the help here is my combofix log

Naruto_Kun - 07-01-12 18:40:15.48 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Program Files\Downloaded programs"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Inetget2
C:\Program Files\Common Files\{300FD1A1-0321-1033-0922-000118000001}
C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Naruto_Kun\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Naruto_Kun\Application Data\FNTS~1\w?aclt.exe
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\FNTS~1\F?nts
C:\QooBox\Purity\Program Files\FNTS~1\spool32.exe
C:\QooBox\Purity\Program Files\MBOLS~1\smss.exe
C:\QooBox\Purity\Program Files\MBOLS~1\??mbols
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\YMBOLS~1
C:\QooBox\Purity\WINDOWS\RACLE~1\??anregw.exe
C:\QooBox\Purity\WINDOWS\system32\DOBE~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\DOBE~1\lsass.exe
C:\QooBox\Purity\WINDOWS\system32\DOBE~1\?dobe
C:\QooBox\Purity\WINDOWS\YMBOLS~1\w?auclt.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-12 to 2007-01-12 ))))))))))))))))))))))))))))))))))


2007-01-11 23:26 <DIR> d-------- C:\Program Files\webHancer
2007-01-11 21:41 <DIR> dr-h----- C:\Documents and Settings\Naruto_Kun\Recent
2007-01-03 08:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-03 08:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-03 08:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-01 11:34 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-01 11:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-01 11:07 <DIR> d-------- C:\Program Files\Grisoft
2006-12-31 16:59 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-12-31 16:53 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
2006-12-31 16:53 17,792 --------- C:\WINDOWS\system32\drivers\irbus.sys
2006-12-31 16:53 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
2006-12-31 16:53 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-31 16:53 <DIR> d-------- C:\WINDOWS\ehome
2006-12-31 16:52 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-12-31 16:52 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-12-31 16:52 67,200 --a------ C:\WINDOWS\system32\drivers\mqac.sys
2006-12-31 16:52 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-12-31 16:52 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-12-31 16:52 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-12-31 16:52 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-12-31 16:52 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-12-31 16:52 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-31 16:52 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-12-31 16:52 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-12-31 16:52 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-12-31 16:52 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-12-31 16:52 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-12-31 16:52 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-12-31 16:52 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-12-31 16:52 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-12-31 16:52 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-12-31 16:52 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-12-31 16:52 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-12-31 16:52 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-12-31 16:52 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-12-31 16:52 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-12-31 16:52 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-12-31 16:52 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-12-31 16:52 156,544 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-12-31 16:52 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-12-31 16:52 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-12-31 16:52 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-12-31 16:52 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-12-31 16:52 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-12-31 16:52 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-12-31 16:52 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-12-31 16:51 89,088 --a------ C:\WINDOWS\system32\mqsec.dll
2006-12-31 16:51 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
2006-12-31 16:51 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2006-12-31 16:51 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
2006-12-31 16:51 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
2006-12-31 16:51 613,888 --a------ C:\WINDOWS\system32\mqqm.dll
2006-12-31 16:51 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
2006-12-31 16:51 57,344 --a------ C:\WINDOWS\system32\nwwks.dll
2006-12-31 16:51 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-12-31 16:51 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2006-12-31 16:51 469,504 --a------ C:\WINDOWS\system32\mqutil.dll
2006-12-31 16:51 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2006-12-31 16:51 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2006-12-31 16:51 183,296 --a------ C:\WINDOWS\system32\gptext.dll
2006-12-31 16:51 164,864 --a------ C:\WINDOWS\system32\mqrt.dll
2006-12-31 16:51 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2006-12-31 16:51 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
2006-12-31 16:51 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2006-12-31 16:51 130,048 --a------ C:\WINDOWS\system32\mqad.dll
2006-12-31 16:51 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2006-12-31 16:51 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
2006-12-31 16:51 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
2006-12-31 16:49 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-31 16:49 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-12-31 16:49 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-12-31 16:49 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-12-31 16:49 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-12-31 16:49 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-12-31 16:49 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-12-31 16:49 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-12-31 16:49 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-12-31 16:49 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-12-31 16:49 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-12-31 16:49 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-12-31 16:49 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-12-31 16:49 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-12-31 16:49 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-12-31 16:49 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-12-31 16:49 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-12-31 16:49 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-12-31 16:49 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-12-31 16:49 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-12-31 16:49 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-12-31 16:49 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-12-31 16:49 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-12-31 16:49 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-12-31 16:49 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-12-31 16:49 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-12-31 16:49 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-12-31 16:49 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-12-31 16:49 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-12-31 16:49 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-31 16:49 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-12-31 16:49 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-12-31 16:49 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-12-31 16:49 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-12-31 16:49 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-12-31 16:49 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-12-31 16:49 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-12-31 16:49 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-12-31 16:49 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-12-31 16:49 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-12-31 16:49 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-12-31 16:49 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-12-31 16:49 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-12-31 16:49 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-12-31 16:49 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-12-31 16:49 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-12-31 16:49 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-12-31 16:49 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-12-31 16:49 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-12-31 16:49 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-12-31 16:49 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-12-31 16:49 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-31 16:49 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-12-31 16:49 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-12-31 16:49 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-12-31 16:49 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-12-31 16:49 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-12-31 16:48 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-12-31 16:48 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-31 16:48 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-31 16:48 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-12-31 16:48 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-12-31 16:48 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-12-31 16:48 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-12-31 16:48 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-12-31 16:48 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-12-31 16:48 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-12-31 16:48 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-31 16:48 64,512 --a------ C:\WINDOWS\system32\msiexec.exe
2006-12-31 16:48 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-12-31 16:48 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-12-31 16:48 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-31 16:48 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-31 16:48 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-12-31 16:48 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-12-31 16:48 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-31 16:48 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-12-31 16:48 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-12-31 16:48 435,200 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-31 16:48 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-12-31 16:48 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-12-31 16:48 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-12-31 16:48 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-12-31 16:48 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-12-31 16:48 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-12-31 16:48 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-31 16:48 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-12-31 16:48 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-12-31 16:48 305,664 --a------ C:\WINDOWS\system32\msihnd.dll
2006-12-31 16:48 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-12-31 16:48 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-12-31 16:48 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-12-31 16:48 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-12-31 16:48 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-12-31 16:48 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-12-31 16:48 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-12-31 16:48 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-12-31 16:48 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-31 16:48 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-12-31 16:48 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-31 16:48 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-12-31 16:48 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-12-31 16:48 2,086,400 --a------ C:\WINDOWS\system32\msi.dll
2006-12-31 16:48 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-12-31 16:48 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-12-31 16:48 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-12-31 16:48 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-12-31 16:48 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-12-31 16:48 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-12-31 16:48 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-12-31 16:48 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-12-31 16:48 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-12-31 16:48 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-12-31 16:48 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-12-31 16:48 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-12-31 16:48 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-12-31 16:48 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-12-31 16:48 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-12-31 16:48 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-31 16:48 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-12-31 16:48 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-12-31 16:48 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-12-31 16:48 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-12-31 16:48 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-12-31 16:47 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-12-31 16:47 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-12-31 16:47 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-12-31 16:47 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-12-31 16:47 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-12-31 16:47 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-12-31 16:47 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-12-31 16:47 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-31 16:47 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-12-31 16:47 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-12-31 16:47 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-12-31 16:47 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-12-31 16:47 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-12-31 16:47 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-31 16:47 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-12-31 16:47 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-12-31 16:47 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-12-31 16:47 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-31 16:47 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-12-31 16:47 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-31 16:47 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-12-31 16:47 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-12-31 16:47 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-12-31 16:47 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-12-31 16:47 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-12-31 16:47 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-31 16:47 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-12-31 16:47 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-12-31 16:47 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-12-31 16:47 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-12-31 16:47 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-12-31 16:47 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-12-31 16:47 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-31 16:47 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-12-31 16:47 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-12-31 16:47 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-12-31 16:47 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-31 16:47 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-12-31 16:47 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-12-31 16:47 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-12-31 16:47 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-12-31 16:47 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-31 16:47 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-12-31 16:47 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-12-31 16:47 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-12-31 16:47 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-31 16:47 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-12-31 16:47 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-12-31 16:47 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-12-31 16:47 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-12-31 16:47 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-12-31 16:47 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-12-31 16:47 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-12-31 16:47 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-12-31 16:47 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-12-31 16:47 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-12-31 16:47 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-12-31 16:47 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-31 16:47 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-12-31 16:47 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-31 16:47 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-12-31 16:47 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-12-31 16:47 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-12-31 16:47 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-31 16:47 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-12-31 16:47 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-12-31 16:47 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-12-31 16:47 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-12-31 16:47 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-12-31 16:47 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-12-31 16:47 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-12-31 16:47 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-12-31 16:47 1,169,920 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-31 16:47 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-12-31 16:46 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-31 16:46 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-12-31 16:46 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-12-31 16:46 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-12-31 16:46 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-12-31 16:46 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-12-31 16:46 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-12-31 16:46 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-12-31 16:46 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-12-31 16:46 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-31 16:46 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-12-31 16:46 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-12-31 16:46 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-12-31 16:46 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-12-31 16:46 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-12-31 16:46 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-12-31 16:46 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-12-31 16:46 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-12-31 16:46 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-12-31 16:46 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-12-31 16:46 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-12-31 16:46 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-12-31 16:46 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-31 16:46 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-12-31 16:46 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-12-31 16:46 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-12-31 16:46 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-12-31 16:46 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-12-31 16:46 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-12-31 16:46 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-12-31 16:46 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-12-31 16:46 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-12-31 16:46 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-12-31 16:46 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-12-31 16:46 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-12-31 16:46 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-12-31 16:46 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-12-31 16:46 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-12-31 16:46 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-12-31 16:46 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-12-31 16:46 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-12-31 16:46 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-12-31 16:46 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-12-31 16:46 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-12-31 16:46 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-12-31 16:46 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-12-31 16:46 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-12-31 16:46 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-12-31 16:46 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-12-31 16:46 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-12-31 16:46 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-12-31 16:46 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-12-31 16:46 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-12-31 16:46 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-31 16:46 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-12-31 16:46 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-12-31 16:46 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-12-31 16:46 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-31 16:46 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-12-31 16:46 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-12-31 16:46 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-12-31 16:46 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-31 16:46 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-12-31 16:46 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-12-31 16:46 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-12-31 16:46 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-12-31 16:46 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-12-31 16:45 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-31 16:45 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-12-31 16:45 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-12-31 16:45 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-12-31 16:45 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-12-31 16:45 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-12-31 16:45 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-12-31 16:45 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-12-31 16:45 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-12-31 16:45 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-12-31 16:45 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-12-31 16:45 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-12-31 16:45 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-31 16:45 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-12-31 16:45 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-12-31 16:45 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-12-31 16:45 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-12-31 16:45 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-12-31 16:45 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-12-31 16:45 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-12-31 16:45 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-12-31 16:45 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-12-31 16:45 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-12-31 16:45 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-12-31 16:45 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-12-31 16:21 <DIR> d-------- C:\68d3a67382cdbd72b03171b
2006-12-31 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-31 11:33 <DIR> d-------- C:\WINDOWS\pss
2006-12-31 10:26 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-31 10:26 <DIR> d-------- C:\WINDOWS\LogFiles
2006-12-30 23:09 <DIR> d-------- C:\Program Files\HijackThis
2006-12-28 21:34 <DIR> d-------- C:\Program Files\XoftSpySE
2006-12-27 08:58 <DIR> d-------- C:\Program Files\Common Files\Ódobe
2006-12-18 23:03 <DIR> d-------- C:\Program Files\CCleaner
2006-12-17 00:27 69 --a-s---- C:\WINDOWS\test.bat
2006-12-14 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-12 18:41 -------- d-------- C:\Program Files\Common Files
2007-01-12 18:40 -------- d-------- C:\Program Files\Downloaded programs
2006-12-31 16:59 -------- d-------- C:\Program Files\Messenger
2006-12-31 16:51 -------- d-------- C:\Program Files\NetMeeting
2006-12-31 16:51 -------- d-------- C:\Program Files\Movie Maker
2006-12-31 16:51 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 16:50 -------- d-------- C:\Program Files\Windows Media Player
2006-12-31 16:50 -------- d-------- C:\Program Files\Outlook Express
2006-12-31 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-12-27 08:58 -------- d-------- C:\Program Files\Common Files\Ódobe
2006-12-24 17:14 -------- d-------- C:\Program Files\Diablo II
2006-12-24 17:08 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-23 14:23 -------- d-------- C:\Documents and Settings\Naruto_Kun\Application Data\U3


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"D-Link Air Utility"="C:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"
"ANIWZCSService"="C:\\Program Files\\Alpha Networks\\ANIWZCS Service\\WZCSLDR.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 07-01-12 18:42:14.61
C:\ComboFix.txt ... 07-01-12 18:42
C:\ComboFix2.txt ... 07-01-01 00:36

#4 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 12 January 2007 - 09:45 PM

Ok here is the hijack log thanks again :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 6:45:10 PM, on 1/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 13 January 2007 - 01:15 AM

Hello,

You managed to install another infection in a meanwhile..

Go to start > controlpanel > software > add/remove programs and uninstall WebHancer
Reboot your computer afterwards. Important!!

After reboot,

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Post a new Hijackthislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 13 January 2007 - 01:22 AM

Forgot to add this in my previous instructions..

Delete next folder and file afterwards:

C:\WINDOWS\test.bat
C:\Program Files\webHancer <== folder

In case you are not able to delete the webHancer folder, don't delete it then, but tell me first. because it could be happen that it wasn't properly uninstalled previously, and when you attempt to delete that folder, it may result in a loss of your internet connection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 13 January 2007 - 04:22 AM

Hiya again yeah i could not delete the Webhancer folder and it was not in add/remove here is my current hijack log. Sorry about that

Logfile of HijackThis v1.99.1
Scan saved at 1:19:46 AM, on 1/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Avant Browser\avant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 13 January 2007 - 07:03 AM

Hi,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

-------------
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 13 January 2007 - 12:14 PM

Ok here ya go here is the uninstall list
----------------------------------------------------------------------------------
Ad-Aware SE Personal
Adobe Acrobat 5.0
Air Utility
ANIO Service
ANIWZCS Service
AOL Instant Messenger
Avant Browser (remove only)
AVG Anti-Spyware 7.5
BearShare
CCleaner (remove only)
Diablo II
Easy CD & DVD Creator 6
EasyGPRS
Gunbound Revolution
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Java™ SE Runtime Environment 6
K-Lite Codec Pack 2.49 Full
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
MSN Messenger 7.0
Outlook Express Q823353
QuickTime
Registry Mechanic 5.2
SBC Yahoo! Applications
SiS Audio Driver
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q307869 for more information]
Windows XP Hotfix (SP1) [See Q308210 for more information]
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q310437 for more information]
Windows XP Hotfix (SP1) [See Q310510 for more information]
Windows XP Hotfix (SP1) [See Q311542 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q316397 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q318388 for more information]
Windows XP Hotfix (SP1) [See Q318966 for more information]
Windows XP Hotfix (SP1) [See Q319322 for more information]
Windows XP Hotfix (SP1) [See Q319949 for more information]
Windows XP Hotfix (SP1) [See Q320174 for more information]
Windows XP Hotfix (SP1) [See Q320552 for more information]
Windows XP Hotfix (SP1) [See Q320678 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
Windows XP Service Pack 1a
WinRAR archiver
XoftSpySE

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 13 January 2007 - 12:41 PM

Hi, did you install Bearshare recently? Because Bearshare may be bundled with this Webhancer.
I do not recommend Bearshare anyway, because the free bundle contains spyware.

So in case you are having the free version, I strongly recommend you uninstall Bearshare.

Let me know first...
In case you choose to uninstall Bearshare, after uninstall, reboot your computer and then post a new Hijackthislog afterwards. That should show if Webhancer was bundled or not.

If not, then we'll deal with it in another way.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 13 January 2007 - 10:46 PM

Yeah i removed the Bearshare But i believe it wasnt bearshare that had webhancer because i used bearshare for a long time now. Webhancer is still there.. There is a folder called webhancer in program files thanks alot man here is the log file

Logfile of HijackThis v1.99.1
Scan saved at 7:44:08 PM, on 1/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 14 January 2007 - 04:09 AM

Ok, follow the instructions from next site:
IMPORTANT!! Make sure you download LSP Fix FIRST!! Because after you removed webhancer, you won't have internet access afterwards. Then you can fix it with LSPfix.

So save next instructions in notepad or print them out and follow them.

http://www.bleepingcomputer.com/forums/t/3133/how-to-remove-webhancer/

(In you case, you won't be able to uninstall WebHancer since it's not in add/remove programs, so you have to delete it manually from Safe mode)
░To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

Then post a log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 14 January 2007 - 02:17 PM

oh hey again ok i removed webhancer using spybots since.. hijack log recommended it and i couldnt delete it manually even in safe mode heh spybot deleted it before everything was loaded.. Werid thing is my internet still works after i rebooted my computer without using LSPFIX. OK here is the log file now.

Logfile of HijackThis v1.99.1
Scan saved at 11:14:54 AM, on 1/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:11 PM

Posted 14 January 2007 - 02:27 PM

Looking good again. Looks like spybot already restored your lsp as well.

How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 15 January 2007 - 02:12 AM

Yup working good again Thanks a bunch :thumbsup:!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users