Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Popups And New Dll Error


  • This topic is locked This topic is locked
9 replies to this topic

#1 Torisen

Torisen

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 09 April 2007 - 12:07 AM

Hi there.

2 days ago, my wife's computer started having popups appear frequently and for no obvious reason.

First attempt to solve was Spybot, which found a bunch of items, but couldn't seem to remove one called smitfraud_c Toolbar 888. It found 2 instances of this that it couldn't seem to erradicate, and the popups didn't go away.

I've been working on this for over 12 hours now. Somewhere along the line, on reboot I started getting a DLL error, which is likely a side issue. It comes up with a box, the box title is "RUN DLL" and the text is "error loading c:\windows\ddayyw.dll" with a note that the specific module could not be found, and an "OK" button. I don't notice anything else odd about this, but it comes up on each reboot.

OK, things I've tried: Spybot. AVG found a bunch of trojans. Spybot again. Each time I went on the internet I'd get more popups, then spybot would find more items. Updated windows - she had automatic updates turned off and there were 65 updates to install, including IE 7.

I looked for specific info on smitfraud, tried smitfraudfix (it found stuff but didn't seem to get everything). I tried to download "spyhunter" but while it found items it didn't seem to have a fix function so I deleted it. Reran spybot. Got and ran AdAware. I reran it until it found nothing, but each time I went back on the internet and got more popups, it would find more tracking cookies.

Tried to do a system restore using the Windows XP tool, but it said the system hadn't changed.

Started on the list on this site - started over at the top, actually. Ran cleanmgr, spybot, Adaware. Ran Housecall (it found but couldn't seem to clear TSPY_BHO.IF if my notes are accurate, and some cookies). Ran Panda anti-spy and anti-virus. Ran Bit Defender - it found but couldn't repair an infected file titled autlui.dll; and when I ran it a 2nd time it seemed to crash. I've been getting so many positives that I stopped writing them all down.

I ran stinger, but it found nothing.

Loaded zone alarm - it kept getting tripped by panda and bit defender, so I uninstalled both of them. I installed and ran Avast, and it found some more items.

After rebooting, when I first ran IE, it tripped zone alarm twice, I accepted the first but denied the 2nd. I don't know if it has anything to do with that, or with avast, or zone alarm, but I haven't had any popups in the past hour or so. Still, I don't trust that things are fixed, so I'm posting the hijack this log. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:33:45 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Regan\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1d29c5cc-f70c-417d-b16c-680d97cf1dcc} - C:\WINDOWS\system32\autlui.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp4B.tmp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\ddayyw.dll",realset
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Regan\LOCALS~1\Temp\{8325EB5F-A240-47CE-98FB-CF0EB4B12DBC}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O20 - AppInit_DLLs:
O20 - Winlogon Notify: autlui - autlui.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Torisen

Torisen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 09 April 2007 - 12:24 AM

OK, on startup, I'm getting 2 attempts to link to the internet from IE:

1 goes to 127.0.0.1:Port 1090
The other to 74.53.120.7:DNS

74.53.120.7 appears to be thottbot.com, which is her home page, but I am including this since it seemed a little odd to me.

#3 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 09 April 2007 - 03:07 AM

Welcome to the BleepingComputer HijackThis forum Torisen :thumbsup:

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*********************************

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

*********************************

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {1d29c5cc-f70c-417d-b16c-680d97cf1dcc} - C:\WINDOWS\system32\autlui.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp4B.tmp.dll
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\ddayyw.dll",realset
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Regan\LOCALS~1\Temp\{8325EB5F-A240-47CE-98FB-CF0EB4B12DBC}\{D1DA2BA 7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O20 - Winlogon Notify: autlui - autlui.dll (file missing)


Find and delete if present:
C:\WINDOWS\system32\tmp4B.tmp.dll
C:\WINDOWS\ddayyw.dll
C:\Documents and Settings\Regan\LocalSettings\Temp<-Delete everything inside this Temp folder.

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report into your next reply.

******************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the AVG Anti Spyware report,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#4 Torisen

Torisen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 09 April 2007 - 09:05 PM

Thank you for the welcome and the help.

Everything on the Hijack This step was still present. I could not locate either dll to remove. Before doing anything, I had another pop-up, so prior to starting this I know that I still had issues.

Here's the AVG anti-spy log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:38:26 PM 4/9/2007

+ Scan result:



Nothing found.


::Report end


Here's the combofix log:

"Regan" - 07-04-09 18:52:01 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Regan\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))


2007-04-09 16:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-08 23:05 <DIR> d-------- C:\HijackThis
2007-04-08 19:51 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-08 19:51 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-08 19:51 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-08 19:51 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-08 19:51 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-08 19:51 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-08 19:51 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-08 19:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-08 18:32 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-08 18:32 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-08 18:32 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-08 18:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-08 18:28 14 --a------ C:\DOCUME~1\Regan\getfile.dat
2007-04-08 17:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-08 16:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-08 16:00 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-08 15:35 <DIR> d-------- C:\DOCUME~1\Regan\.housecall6.6
2007-04-08 14:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-08 13:41 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-08 12:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-08 12:22 <DIR> d-------- C:\DOCUME~1\Regan\APPLIC~1\Lavasoft
2007-04-08 11:24 2,446 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-08 10:55 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-08 10:49 <DIR> d-------- C:\f11a413351bb38288f6e
2007-04-08 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-07 23:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-25 11:50 <DIR> d-------- C:\Program Files\iTunes
2007-03-25 11:50 <DIR> d-------- C:\Program Files\iPod
2007-03-25 11:49 <DIR> d-------- C:\Program Files\QuickTime
2007-03-25 11:47 <DIR> d-------- C:\Program Files\Apple Software Update
2007-03-15 12:23 497,496 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-03-15 12:19 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-08 17:17 -------- d--h----- C:\Program Files\installshield installation information
2007-04-08 16:55 -------- d-------- C:\Program Files\messenger
2007-04-08 16:55 -------- d-------- C:\Program Files\google
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-10 21:45 -------- d-------- C:\Program Files\burning crusade closed beta


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"hpWirelessAssistant"=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\
48,50,51,5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,\
5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,2e,65,78,\
65,22,00
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070409-165407-251
O20 - Winlogon Notify: autlui - autlui.dll (file missing)
backup-20070409-165406-414
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
backup-20070409-165406-832
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
backup-20070409-165406-704
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
backup-20070409-165406-495
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\ddayyw.dll",realset
backup-20070409-165406-890
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Regan\LOCALS~1\Temp\{8325EB5F-A240-47CE-98FB-CF0EB4B12DBC}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
backup-20070409-165406-463
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp4B.tmp.dll
backup-20070409-165406-546
O2 - BHO: (no name) - {1d29c5cc-f70c-417d-b16c-680d97cf1dcc} - C:\WINDOWS\system32\autlui.dll (file missing)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\SYSTEM.SAV\DAYLGSAV.reg 320 bytes
C:\SYSTEM.SAV\highgost.flg 32 bytes
C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\ISLOGCHK.LOG 4096 bytes
C:\SYSTEM.SAV\logoff.bat 112 bytes
C:\SYSTEM.SAV\logoff.reg 288 bytes
C:\SYSTEM.SAV\Logs
C:\SYSTEM.SAV\Logs\Cia.ini 77824 bytes
C:\SYSTEM.SAV\Logs\Info.bom 16384 bytes
C:\SYSTEM.SAV\Logs\Install.log 352256 bytes
C:\SYSTEM.SAV\Logs\Preinchk.log 4096 bytes
C:\SYSTEM.SAV\Logs\Sysinfo.log 307200 bytes
C:\SYSTEM.SAV\mszone.log 16384 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGDEV.LOG 40 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RegionCF
C:\SYSTEM.SAV\RegionCF\euro.reg 216 bytes
C:\SYSTEM.SAV\RegionCF\SFr.reg 232 bytes
C:\SYSTEM.SAV\RmDev.log 12288 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 307200 bytes
C:\SYSTEM.SAV\SysInfo.US 307200 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\AppEvBk1.old 65536 bytes
C:\SYSTEM.SAV\UTIL\bcr.cmd 232 bytes
C:\SYSTEM.SAV\UTIL\bootldr.flg 0 bytes
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\brand.exe 184320 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 12288 bytes
C:\SYSTEM.SAV\UTIL\BRAND_1.FLG 16 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 126976 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 69632 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 77824 bytes
C:\SYSTEM.SAV\UTIL\CMDOOBE.CMD 72 bytes
C:\SYSTEM.SAV\UTIL\CMDSWSET.CMD 64 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cpqsm.exe 86016 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\delcia.flg 32 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.bat 128 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\DelWLAN.reg 320 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.EXE 98304 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.INI 408 bytes
C:\SYSTEM.SAV\UTIL\dmiuia.cmd 136 bytes
C:\SYSTEM.SAV\UTIL\DNSP1.LOG 16384 bytes
C:\SYSTEM.SAV\UTIL\DQM_MRK.exe 323584 bytes
C:\SYSTEM.SAV\UTIL\EISDTICON.log 32 bytes
C:\SYSTEM.SAV\UTIL\EISFE.log 32 bytes
C:\SYSTEM.SAV\UTIL\EVENTDEL.VBS 208 bytes
C:\SYSTEM.SAV\UTIL\FB_EIS.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 77824 bytes
C:\SYSTEM.SAV\UTIL\infobomg.exe 172032 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 356352 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\make_rtr.flg 136 bytes
C:\SYSTEM.SAV\UTIL\mobproc.flg 136 bytes
C:\SYSTEM.SAV\UTIL\oobe.min 144 bytes
C:\SYSTEM.SAV\UTIL\oobe.wpe 4096 bytes
C:\SYSTEM.SAV\UTIL\osexclude.txt 168 bytes
C:\SYSTEM.SAV\UTIL\PININST.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.CMD 536 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 536 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 216 bytes
C:\SYSTEM.SAV\UTIL\PREINFO.INI 168 bytes
C:\SYSTEM.SAV\UTIL\PREINFO2.EXE 102400 bytes
C:\SYSTEM.SAV\UTIL\qlb.log 176 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\RMDEV.CMD 488 bytes
C:\SYSTEM.SAV\UTIL\RMIRDEV.CMD 112 bytes
C:\SYSTEM.SAV\UTIL\SecEvBk1.old 65536 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\STRTMENU.EXE 24576 bytes
C:\SYSTEM.SAV\UTIL\SWSETDIR.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\SWSETUP.BTO 424 bytes
C:\SYSTEM.SAV\UTIL\SWSETUP.CMD 136 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\SysEvBk1.old 65536 bytes
C:\SYSTEM.SAV\UTIL\ticrdbus.log 32 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\uiadump32.exe 32768 bytes
C:\SYSTEM.SAV\UTIL\uiautil.exe 57344 bytes
C:\SYSTEM.SAV\UTIL\WINDVD.LOG 168 bytes
C:\SYSTEM.SAV\UTIL\wlassistant.log 184 bytes
C:\SYSTEM.SAV\UTIL\WMI.BAT 48 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 96

********************************************************************

Completion time: 07-04-09 18:54:17
C:\ComboFix-quarantined-files.txt ... 07-04-09 18:54


And, here is the Hijack This log, that I just ran:

Logfile of HijackThis v1.99.1
Scan saved at 6:56:40 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again for the help. Please let me know what's next, assuming there is more needed. I'll post if I notice anything odd, as well.

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 April 2007 - 04:36 AM

Your log is clean,hows your pc running now please.
Posted Image
Posted Image

#6 Torisen

Torisen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 10 April 2007 - 11:29 AM

Not getting anything at startup anymore - haven't run it enough yet to see if any popups are coming up. I'll give it a workout today and report back. Thank you!

#7 Torisen

Torisen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 10 April 2007 - 12:18 PM

Well, I just ran AdAware and had 11 tracking cookies. And, I just had zone alarm block "Generic Host Programs for Win32 Servers" from accessing 68.6.16.30. I have the AdAware log if it helps:

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, April 10, 2007 10:00:53 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R164 02.04.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-10-2007 10:00:53 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 612
ThreadCreationTime : 4-10-2007 1:46:04 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 4-10-2007 1:46:08 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 704
ThreadCreationTime : 4-10-2007 1:46:15 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 4-10-2007 1:46:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 4-10-2007 1:46:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 4-10-2007 1:46:24 AM
BasePriority : Normal
FileVersion : 6.14.10.4111
ProductVersion : 6.14.10.4111.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 4-10-2007 1:46:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 4-10-2007 1:46:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1152
ThreadCreationTime : 4-10-2007 1:46:27 AM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 4-10-2007 1:46:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 4-10-2007 1:46:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1404
ThreadCreationTime : 4-10-2007 1:46:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1416
ThreadCreationTime : 4-10-2007 1:46:29 AM
BasePriority : Normal
FileVersion : 7.0.337.000
ProductVersion : 7.0.337.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:14 [ati2evxx.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 1576
ThreadCreationTime : 4-10-2007 1:46:36 AM
BasePriority : Normal
FileVersion : 6.14.10.4111
ProductVersion : 6.14.10.4111.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1656
ThreadCreationTime : 4-10-2007 1:46:36 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 344
ThreadCreationTime : 4-10-2007 1:46:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 972
ThreadCreationTime : 4-10-2007 1:46:56 AM
BasePriority : Normal


#:18 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 980
ThreadCreationTime : 4-10-2007 1:46:56 AM
BasePriority : High
FileVersion : 4, 7, 936, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswServ.exe

#:19 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1216
ThreadCreationTime : 4-10-2007 1:46:57 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1308
ThreadCreationTime : 4-10-2007 1:46:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1452
ThreadCreationTime : 4-10-2007 1:47:39 AM
BasePriority : Normal


#:22 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1596
ThreadCreationTime : 4-10-2007 1:47:44 AM
BasePriority : Normal


#:23 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2208
ThreadCreationTime : 4-10-2007 1:47:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:24 [hp wireless assistant.exe]
FilePath : C:\Program Files\HPQ\HP Wireless Assistant\
ProcessID : 2984
ThreadCreationTime : 4-10-2007 1:48:24 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 30
ProductVersion : 1, 0, 0, 30
ProductName : hp Wireless Assistant
CompanyName : Hewlett-Packard Company
FileDescription : hp Wireless Assistant Module
InternalName : hp Wireless Assistant
LegalCopyright : Copyright 2004
OriginalFilename : hp Wireless Assistant.exe

#:25 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3016
ThreadCreationTime : 4-10-2007 1:48:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:26 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 3024
ThreadCreationTime : 4-10-2007 1:48:26 AM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:27 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 3076
ThreadCreationTime : 4-10-2007 1:48:28 AM
BasePriority : Normal
FileVersion : 7.0.337.000
ProductVersion : 7.0.337.000
ProductName : ZoneAlarm Client
CompanyName : Zone Labs, LLC
FileDescription : ZoneAlarm Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:28 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 3148
ThreadCreationTime : 4-10-2007 1:48:32 AM
BasePriority : Normal
FileVersion : 4, 7, 936, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswDisp.exe

#:29 [hpqwmi.exe]
FilePath : C:\Program Files\HPQ\SHARED\
ProcessID : 3272
ThreadCreationTime : 4-10-2007 1:48:39 AM
BasePriority : Normal
FileVersion : 1, 0, 4, 2
ProductVersion : 1, 0, 4, 2
ProductName : hpqwmi Module
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : hpqwmi Module
InternalName : hpqwmi
LegalCopyright : © Copyright 2003, 2004 Hewlett-Packard Development Company, L.P.
OriginalFilename : hpqwmi.EXE

#:30 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3344
ThreadCreationTime : 4-10-2007 1:48:43 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3424
ThreadCreationTime : 4-10-2007 1:48:47 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:32 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3448
ThreadCreationTime : 4-10-2007 1:48:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:33 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 6008
ThreadCreationTime : 4-10-2007 5:00:42 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regan@atdmt.com/
Expires : 4-7-2012 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regan@revenue.net/
Expires : 6-9-2022 10:05:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:regan@trafficmp.com/
Expires : 4-9-2008 9:38:24 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:regan@advertising.com/
Expires : 7-19-2049 2:22:52 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@searchportal.information[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:regan@searchportal.information.com/
Expires : 4-9-2009 9:47:58 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@sixapart.adbureau[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:regan@sixapart.adbureau.net/
Expires : 2-27-2008 5:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@cnn.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regan@cnn.122.2o7.net/
Expires : 4-8-2012 9:41:28 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regan@adrevolver.com/
Expires : 4-9-2008 2:38:16 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:regan@doubleclick.net/
Expires : 4-9-2010 9:42:10 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@media.adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:regan@media.adrevolver.com/adrevolver/
Expires : 12-27-2009 9:17:32 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regan@sixapart.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regan\Cookies\regan@sixapart.adbureau[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 11




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

10:07:53 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:00.313
Objects scanned:147195
Objects identified:11
Objects ignored:0
New critical objects:11


So... should I be concerned?

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 April 2007 - 12:48 PM

I think you mean't 'Generic Host Process for Win32 Services'.
Generic Host Processes are a list of processes/services Microsoft uses for the XP operating system.
Many of them are associated with Network applications which require access to the internet,you should allow it access through Zone Alarm,it's nothing to be concerned about.

**********************

Your log is clean :thumbsup:
If all's ok,please do the following:

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Posted Image
Posted Image

#9 Torisen

Torisen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 10 April 2007 - 02:20 PM

Thanks - I'm a little paranoid right now. Kind of like how for a month after I was rear-ended on the highway I kept a wary eye on my rear-view mirror. :flowers:

I'll get the rest of that taken care of right away.

Thank you again for all of your help! :thumbsup:

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 April 2007 - 03:42 PM

You're welcome :thumbsup:

Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users