Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 Roshimbo

Roshimbo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 22 May 2007 - 07:48 PM

Not sure how to remove the program, but essentially my computer is slowed way down, not typing all of the letters that I type, and spybot and adaware have failed to remove the virus. Pretty irritating popups constantly popping in every 1-2 minutes while I'm using my browser.

Advertisements say they are coming from outerinfo...



Logfile of HijackThis v1.99.1
Scan saved at 6:29:53 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\YMANTE~1\cmd.exe
c:\windows\system32\dwdsregt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Austin Jones\Desktop\stinger.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\F?nts\n?tepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ture] c:\windows\system32\ture.exe /nocomm
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{27-7A-AD-D2-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\hvtlrewy.dll",realset
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ctto] "C:\PROGRA~1\COMMON~1\YMANTE~1\cmd.exe" -vt yazb
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Austin Jones\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...712640OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130918894546
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thanks for the help.

BC AdBot (Login to Remove)

 


m

#2 Roshimbo

Roshimbo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 22 May 2007 - 09:14 PM

Adaware scan results...

UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:austin jones@adtech.de/
Expires : 5-19-2017 6:55:34 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@mercury.bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:austin jones@mercury.bravenet.com/network/
Expires : 5-24-2007 5:16:22 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@date[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:austin jones@date.com/
Expires : 1-17-2038 6:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@gatorarcade.aavalue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:austin jones@gatorarcade.aavalue.com/
Expires : 9-26-2037 6:00:00 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:austin jones@bravenet.com/
Expires : 6-21-2007 6:18:08 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:austin jones@tribalfusion.com/
Expires : 5-21-2008 6:50:50 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:austin jones@2o7.net/
Expires : 5-20-2012 6:53:36 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@hc2.humanclick[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:austin jones@hc2.humanclick.com/
Expires : 5-21-2008 5:00:46 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@gatorarcade[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:austin jones@gatorarcade.com/
Expires : 5-14-2037 6:16:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:austin jones@doubleclick.net/
Expires : 5-21-2010 7:51:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:austin jones@trafficmp.com/
Expires : 5-21-2008 6:09:14 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@adbrite[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:72
Value : Cookie:austin jones@adbrite.com/
Expires : 5-21-2008 7:55:44 PM
LastSync : Hits:72
UseCount : 0
Hits : 72

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@roiservice[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:austin jones@roiservice.com/
Expires : 5-22-2027 6:46:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:austin jones@revenue.net/
Expires : 6-9-2022 11:05:42 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@buy[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:austin jones@buy.com/
Expires : 12-31-2020 6:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@buycom.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:austin jones@buycom.122.2o7.net/
Expires : 5-20-2012 5:05:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@adbrite[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:austin jones@adbrite.com/stats/
Expires : 6-21-2007 6:29:46 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:austin jones@statcounter.com/
Expires : 5-20-2012 7:53:30 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@4.adbrite[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:austin jones@4.adbrite.com/
Expires : 5-23-2007 7:43:12 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:austin jones@~~local~~/
Expires : 6-5-2007 6:17:30 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@www.gatorarcade[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:austin jones@www.gatorarcade.com/
Expires : 5-14-2037 6:16:04 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:austin jones@perf.overture.com/
Expires : 5-21-2011 6:46:22 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 45



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Z-Quest Object Recognized!
Type : File
Data : VTTC[1].exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\Documents and Settings\Austin Jones\Local Settings\Temporary Internet Files\Content.IE5\2ZASDBF3\


Object "UDC6_0001_D19M1908NetInstaller.exe" found in this archive.

DriveCleaner Object Recognized!
Type : File
Data : installdrivecleanerstart[1].cab
TAC Rating : 3
Category : Misc
Comment : Object "UDC6_0001_D19M1908NetInstaller.exe" found in this archive.
Object : C:\Documents and Settings\Austin Jones\Local Settings\Temporary Internet Files\Content.IE5\X91GUQ3B\



Adware.Z-Quest Object Recognized!
Type : File
Data : TTC.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\Program Files\Creative\



Adware.Z-Quest Object Recognized!
Type : File
Data : A0287132.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{711990CB-91C0-4D4B-A484-944C66D672AB}\RP650\



Adware.Z-Quest Object Recognized!
Type : File
Data : VTTC.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 50


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 50




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Other Object Recognized!
Type : File
Data : VTTC.EXE-06357C93.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 51

8:08:16 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:39.859
Objects scanned:182769
Objects identified:38
Objects ignored:0
New critical objects:38

#3 Roshimbo

Roshimbo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 22 May 2007 - 09:56 PM

url.cpvfeed.com with random extensions afterwards is now in place of the adds from the previous post.

spybot is finding smitfraud-c.toolbar888 and smitfraud-c.coreservice on every search but is unable to remove it. spybot also found the following after running it on loading windows after deleting its findings on startup :

searchingbooth.com
adrevolver
adspy.ttc
advertising.com
avenueA.inc
directTrack
doubleclick
hitbox
k2l
tagasaurus
zenosearch
zqest.k8l

adaware new log


Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, May 22, 2007 8:12:58 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R171 21.05.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Z-Quest(TAC index:4):3 total references
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5/22/2007 8:12:58 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1580436667-682003330-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 404
ThreadCreationTime : 5/23/2007 1:22:27 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 468
ThreadCreationTime : 5/23/2007 1:22:32 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 5/23/2007 1:22:34 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 5/23/2007 1:22:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 5/23/2007 1:22:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 5/23/2007 1:22:35 AM
BasePriority : Normal
FileVersion : 6.14.10.4132
ProductVersion : 6.14.10.4132
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 5/23/2007 1:22:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 5/23/2007 1:22:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 5/23/2007 1:22:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 5/23/2007 1:22:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1256
ThreadCreationTime : 5/23/2007 1:22:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1432
ThreadCreationTime : 5/23/2007 1:22:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1636
ThreadCreationTime : 5/23/2007 1:22:51 AM
BasePriority : Normal
FileVersion : 6.14.10.4132
ProductVersion : 6.14.10.4132
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:14 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1696
ThreadCreationTime : 5/23/2007 1:22:52 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:15 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1868
ThreadCreationTime : 5/23/2007 1:22:56 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2036
ThreadCreationTime : 5/23/2007 1:22:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 176
ThreadCreationTime : 5/23/2007 1:23:00 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 320
ThreadCreationTime : 5/23/2007 1:23:03 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:19 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1272
ThreadCreationTime : 5/23/2007 1:23:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 5/23/2007 1:23:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:21 [ctnotify.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ProcessID : 1656
ThreadCreationTime : 5/23/2007 1:42:32 AM
BasePriority : Normal
FileVersion : 2.00.02.0
ProductVersion : 2.0
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : CtNotify
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : CtNotify.exe
Comments : CtNotify Entry

#:22 [mediadet.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ProcessID : 1732
ThreadCreationTime : 5/23/2007 1:42:32 AM
BasePriority : Normal
FileVersion : 2.00.02.0
ProductVersion : 2.00
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : MediaDet.exe
Comments : Local Server

#:23 [ahqtb.exe]
FilePath : C:\Program Files\Creative\SBLive\AudioHQ\
ProcessID : 140
ThreadCreationTime : 5/23/2007 1:42:34 AM
BasePriority : Normal
FileVersion : 1.0.193
ProductVersion : 1.0.193
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright © Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ

#:24 [incd.exe]
FilePath : C:\Program Files\ahead\InCD\
ProcessID : 1884
ThreadCreationTime : 5/23/2007 1:42:34 AM
BasePriority : Normal
FileVersion : 3.22.0
ProductVersion : 3.22.0
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:25 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 1772
ThreadCreationTime : 5/23/2007 1:42:34 AM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe

#:26 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 116
ThreadCreationTime : 5/23/2007 1:42:35 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe

#:27 [mouse32a.exe]
FilePath : C:\Program Files\Browser Mouse\
ProcessID : 192
ThreadCreationTime : 5/23/2007 1:42:35 AM
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0.0.0
LegalCopyright : Copyright 2001 by LEE,WEI-BIN.

#:28 [ctavtray.exe]
FilePath : C:\Program Files\Creative\SBLive\Program\
ProcessID : 1972
ThreadCreationTime : 5/23/2007 1:42:35 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CTAvtray
CompanyName : Creative Technology Ltd.
FileDescription : EAX Animation Playback
InternalName : CTAvtray
LegalCopyright : Copyright © Creative Technology Ltd. 2000
OriginalFilename : CTAvtray.EXE
Comments : EAX Animation

#:29 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 1244
ThreadCreationTime : 5/23/2007 1:42:35 AM
BasePriority : Normal
FileVersion : 4, 60, 100, 37068
ProductVersion : 4, 60
ProductName : InstallShield Update Service
CompanyName : Macrovision Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 2005 Macrovision Corporation
OriginalFilename : issch.exe

#:30 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 944
ThreadCreationTime : 5/23/2007 1:42:36 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 5/23/2007 1:42:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1572
ThreadCreationTime : 5/23/2007 1:42:38 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:33 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 1800
ThreadCreationTime : 5/23/2007 1:42:38 AM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:34 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2288
ThreadCreationTime : 5/23/2007 1:42:43 AM
BasePriority : Normal


#:35 [dwdsregt.exe]
FilePath : c:\windows\system32\
ProcessID : 2364
ThreadCreationTime : 5/23/2007 1:42:48 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : © 2004

#:36 [hpqgalry.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2616
ThreadCreationTime : 5/23/2007 1:42:56 AM
BasePriority : Normal


#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3532
ThreadCreationTime : 5/23/2007 1:54:21 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3480
ThreadCreationTime : 5/23/2007 2:12:37 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Z-Quest Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment : C:\Program Files\Creative\meqosati.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{6C308311-64E7-416E-B2AF-2720DEB6C26E}

Adware.Z-Quest Object Recognized!
Type : File
Data : meqosati.dll
TAC Rating : 4
Category : Adware
Comment :
Object : c:\program files\creative\



Adware.Z-Quest Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment : C:\Program Files\Creative\meqosati.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C308311-64E7-416E-B2AF-2720DEB6C26E}

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@adbrite[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:austin jones@adbrite.com/
Expires : 5/21/2008 8:12:48 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : austin_jones@4.adbrite[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:austin jones@4.adbrite.com/
Expires : 5/23/2007 8:12:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 6


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

8:26:28 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:30.32
Objects scanned:182575
Objects identified:5
Objects ignored:0
New critical objects:5

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:51 AM

Posted 23 May 2007 - 02:32 AM

Hello,

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Reboot your computer afterwards.
After reboot, perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again in order to delete files that were in use previously.

Post a new HijackThislog in your next reply - then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Roshimbo

Roshimbo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 24 May 2007 - 02:03 AM

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!


Thanks for the response. I work a lot so I was hoping to get some good advice to avoid having to reformat everything.

Ok, I downloaded comodo and avs. Thanks for the info. My norton internet security and antivirus stuff broke down and won't update without errors anymore. I uninstalled it and got the 2 aforementioned put on.

AVS is saying the core.sys one is still a problem and wasn't removed by restarting my computer. There were approximately 60 trojan files throughout my hard drive, startup files, and backup files. The core.sys one is the only one AVS said it didn't fix, but on startup it found 12 others all related to the core.sys one.

Logfile of HijackThis v1.99.1
Scan saved at 12:51:06 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\avs\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\avs\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {00000000-0000-455E-B215-1E7E0940BBF8} - C:\Program Files\u8dg75so\u8dg75so.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 0 - {2B7F0FEE-EBD6-40C4-92BF-D3712B12BFD1} - C:\Program Files\Common Files\quca.dll (file missing)
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\iiffede.dll (file missing)
O2 - BHO: (no name) - {4836C4C5-5199-4568-B166-5DD78510FCC9} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\guwfdbts.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ture] c:\windows\system32\ture.exe /nocomm
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [aol] "C:\Program Files\avs\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwintndv.exe CHD003
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwintndv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...712640OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130918894546
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: iiffede - iiffede.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\avs\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:51 AM

Posted 24 May 2007 - 06:31 AM

Hello,

Do you see now why it is so important to have a working Antivirus and Firewall? The Antivirus was able to delete most already.
Let's deal with the leftovers now.

I see that you, during the install of Active VirusShield, you didn't uncheck the Security Toolbar as instructed in my previous post.
So that's why you have to uninstall the Security Toolbar. It's a standalone uninstaller and won't uninstall your Active Virusshield since they are not really related with eachother.

So go to start > controlpanel > software and uninstall "Security Toolbar" or "AOL Security Toolbar".
Also uninstall "Acceleration Software Antivirus" and "Blubster" if still present. Because Blubster is bundled with Spyware.

Then reboot.

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {00000000-0000-455E-B215-1E7E0940BBF8} - C:\Program Files\u8dg75so\u8dg75so.dll (file missing)
O2 - BHO: 0 - {2B7F0FEE-EBD6-40C4-92BF-D3712B12BFD1} - C:\Program Files\Common Files\quca.dll (file missing)
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\iiffede.dll (file missing)
O2 - BHO: (no name) - {4836C4C5-5199-4568-B166-5DD78510FCC9} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\guwfdbts.dll (file missing)
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ture] c:\windows\system32\ture.exe /nocomm
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwintndv.exe CHD003
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwintndv.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...712640OneCC.cab
O20 - Winlogon Notify: iiffede - iiffede.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Roshimbo

Roshimbo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 24 May 2007 - 08:46 PM

aol toolbar uninstalled, then rebooted, then ran hijackthis and checked off the ones you posted except 2 that weren't there anymore, then ran combofix. the combofix log follows, then the hijack this log.



"Austin Jones" - 2007-05-24 19:24:06 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Austin Jones\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\DOCUME~1\AUSTIN~1\Desktop.\internet explorer.lnk"
"C:\Temp\tn3"

Purity Folders:

C:\WINDOWS\FNTS~1



((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


2007-05-24 19:26 <DIR> d-------- C:\Temp\tn3
2007-05-23 23:17 930 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-23 18:09 1,502,941 ---hs---- C:\WINDOWS\system32\jjkmp.ini2
2007-05-23 17:06 <DIR> d-------- C:\DOCUME~1\AUSTIN~1\APPLIC~1\Comodo
2007-05-23 17:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-05-23 17:02 <DIR> d-------- C:\Program Files\Comodo
2007-05-23 16:56 1,532,055 ---hs---- C:\WINDOWS\system32\jjkmp.bak2
2007-05-23 16:55 2,834,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-23 16:55 14,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-23 16:55 <DIR> d-------- C:\Program Files\avs
2007-05-23 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-22 18:24 <DIR> d-------- C:\DOCUME~1\AUSTIN~1\.housecall6.6
2007-05-22 16:55 1,498,259 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\TQ0
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\T2
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-21 18:43 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-21 18:43 <DIR> d-------- C:\Temp\0b9
2007-05-21 18:43 <DIR> d-------- C:\Temp
2007-05-11 00:56 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-23 04:44:43 -------- d-----w C:\Program Files\Creative
2007-05-20 01:50:36 -------- d-----w C:\Program Files\Warcraft III
2007-05-18 05:30:01 9,910 ----a-w C:\DOCUME~1\AUSTIN~1\APPLIC~1\wklnhst.dat
2007-05-17 22:43:38 -------- d-----w C:\DOCUME~1\AUSTIN~1\APPLIC~1\Morpheus
2007-05-17 21:12:00 -------- d-----w C:\Program Files\Morpheus
2007-05-05 18:33:04 -------- d-----w C:\Program Files\Full Tilt Poker
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-09 07:35:46 -------- d-----w C:\Program Files\World of Warcraft
2007-03-31 21:41:32 66,270 ----a-w C:\WINDOWS\War3Unin.dat
2007-03-19 23:34:15 -------- d-----w C:\Program Files\PokerRoom.com
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-07 16:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 14:02]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 03:03]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-07-31 15:32]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 17:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-08-01 04:00]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 03:00]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 10:49]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2000-05-11 03:00]
"ATIPTA"="atiptaxx.exe" [2006-02-21 18:05 C:\WINDOWS\system32\atiptaxx.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2004-11-19 20:15]
"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2004-11-19 20:15]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\mouse32a.exe" [2006-02-25 00:30]
"CTAVTray"="C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE" [2000-09-01 03:00]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"aol"="C:\Program Files\avs\avp.exe" [2006-05-30 11:13]
"@"="" []
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-23 17:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 14:17]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 13:37]
"Steam"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"CTAVTray"=C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Common Files\rtele.html



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070524-192234-917
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjj]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmkjj.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"



backup-20070524-192233-865
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mllji]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\mllji.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"



backup-20070524-192233-280
O20 - Winlogon Notify: iiffede - iiffede.dll (file missing)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iiffede]
"Asynchronous"=dword:00000001
"DllName"="iiffede.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"



backup-20070524-192233-482
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...712640OneCC.cab

??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070524-192233-427
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

???????????????????????????????????????????4??????????????????????????????????4???=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??

backup-20070524-192233-343
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

???????????????????????????????????????????4??????????????????????????????????4???=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??

backup-20070524-192233-898
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT

backup-20070524-192233-389
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe

backup-20070524-192233-373
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k

backup-20070524-192233-652
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwintndv.exe CHD003

backup-20070524-192233-913
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwintndv.exe

backup-20070524-192233-705
O4 - HKLM\..\Run: [ture] c:\windows\system32\ture.exe /nocomm

backup-20070524-192233-239
O2 - BHO: (no name) - {4836C4C5-5199-4568-B166-5DD78510FCC9} - C:\WINDOWS\system32\pmkjj.dll (file missing)

backup-20070524-192233-896
R3 - URLSearchHook: (no name) - <default> - (no file)

backup-20070524-192233-416
O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\iiffede.dll (file missing)

backup-20070524-192233-602
O2 - BHO: 0 - {2B7F0FEE-EBD6-40C4-92BF-D3712B12BFD1} - C:\Program Files\Common Files\quca.dll (file missing)

backup-20070524-192233-506
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\guwfdbts.dll (file missing)

backup-20070524-192233-207
O2 - BHO: (no name) - {00000000-0000-455E-B215-1E7E0940BBF8} - C:\Program Files\u8dg75so\u8dg75so.dll (file missing)

backup-20070524-192233-979
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
Contents of the 'Scheduled Tasks' folder
2005-12-05 03:15:34 C:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 19:29:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@???@?? C???????@?????????@?B???A???????A?P ????B???@?????P?????@?? ????????A~??????????@?'?????????????????B?????\ ????????????????????????????B
CTAVTray = C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE??s$?????A~????$???Z?A~????*?A~???? ?a?4?a???????????????????????????@?????????????????d???????W?D~???sx??s@????????P2?D??sh??s$??????????s????(????&?s?????P2??P2?????(????B?s?<2? @@????? @@??P2??B?s??
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
CTAVTray = C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI?A~????$???Z?A~????*?A~???? ?a?4?a???????????????????????????@?????????????????d???????W?D~???sx??s@????????P2?D??sh??s$??????????s????(????&?s?????P2??P2?????(????B?s?<2? @@????? @@??P2??B?s??

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

Completion time: 2007-05-24 19:31:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-24 19:31

--- E O F ---

hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 7:41:00 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\avs\avp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\avs\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [aol] "C:\Program Files\avs\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130918894546
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\avs\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:51 AM

Posted 25 May 2007 - 03:31 AM

Hi,

Your HijackThislog looks clean again, but we're not finished yet. Let's deal with the rest now and perform next steps in the right order..

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select everything you find in there (except for "My current home page") and press the delete button on the right.
Hit ok below > apply in previous window.

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Then, Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.bak1

Folder::
C:\WINDOWS\system32\TQ0
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T2
C:\WINDOWS\system32\T1QaSQ
C:\WINDOWS\system32\pog
C:\Temp


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you will see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Roshimbo

Roshimbo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 28 May 2007 - 09:50 PM

Just wanted to say thanks for all the help so far. My computer seems pretty sluggish, but AVS isn't reporting the trojans constantly when my computer is on anymore and the popups stopped. Any idea why things might slow down by these fixes?

Also I'm getting asked if I want to make Internet Explorer my default browser 1 in 3 times I open it up. Assumed it may be caused by the changes we've made so far.



"Austin Jones" - 2007-05-28 20:34:06 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Austin Jones\"
Command switches used :: ""C:\Documents and Settings\Austin Jones\Desktop\combofix-do.txt""


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe"
"C:\Temp\0b9\tmpTF.log"
"C:\Temp\tn3"
"C:\WINDOWS\system32\TQ0"
"C:\WINDOWS\system32\T6"
"C:\WINDOWS\system32\T4"
"C:\WINDOWS\system32\T3"
"C:\WINDOWS\system32\T2"
"C:\WINDOWS\system32\T1QaSQ"
"C:\WINDOWS\system32\pog"
"C:\Temp"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-24 19:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-23 23:17 930 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-23 18:09 1,502,941 ---hs---- C:\WINDOWS\system32\jjkmp.ini2
2007-05-23 17:06 <DIR> d-------- C:\DOCUME~1\AUSTIN~1\APPLIC~1\Comodo
2007-05-23 17:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-05-23 17:02 <DIR> d-------- C:\Program Files\Comodo
2007-05-23 16:56 1,532,055 ---hs---- C:\WINDOWS\system32\jjkmp.bak2
2007-05-23 16:55 25,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-23 16:55 2,935,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-23 16:55 <DIR> d-------- C:\Program Files\avs
2007-05-23 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-22 18:24 <DIR> d-------- C:\DOCUME~1\AUSTIN~1\.housecall6.6
2007-05-22 16:55 1,498,259 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-05-11 00:56 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-29 02:23:05 -------- d-----w C:\Program Files\Yahoo!
2007-05-25 05:27:34 -------- d-----w C:\Program Files\Warcraft III
2007-05-23 04:44:43 -------- d-----w C:\Program Files\Creative
2007-05-18 05:30:01 9,910 ----a-w C:\DOCUME~1\AUSTIN~1\APPLIC~1\wklnhst.dat
2007-05-17 22:43:38 -------- d-----w C:\DOCUME~1\AUSTIN~1\APPLIC~1\Morpheus
2007-05-17 21:12:00 -------- d-----w C:\Program Files\Morpheus
2007-05-05 18:33:04 -------- d-----w C:\Program Files\Full Tilt Poker
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-09 07:35:46 -------- d-----w C:\Program Files\World of Warcraft
2007-03-31 21:41:32 66,270 ----a-w C:\WINDOWS\War3Unin.dat
2007-03-19 23:34:15 -------- d-----w C:\Program Files\PokerRoom.com
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 14:02]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 03:03]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-07-31 15:32]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 17:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-08-01 04:00]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 03:00]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 10:49]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2000-05-11 03:00]
"ATIPTA"="atiptaxx.exe" [2006-02-21 18:05 C:\WINDOWS\system32\atiptaxx.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2004-11-19 20:15]
"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2004-11-19 20:15]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\mouse32a.exe" [2006-02-25 00:30]
"CTAVTray"="C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE" [2000-09-01 03:00]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"aol"="C:\Program Files\avs\avp.exe" [2006-05-30 11:13]
"@"="" []
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-23 17:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 14:17]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 13:37]
"Steam"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"CTAVTray"=C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=


Contents of the 'Scheduled Tasks' folder
2005-12-05 03:15:34 C:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 20:36:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@???@?? C???????@?????????@?B???A???????A?P ????B???@?????P?????@?? ????????A~??????????@?-?????????????????B?????\ ????????????????????????????B
CTAVTray = C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE??s$?????A~????$???Z?A~????*?A~??????a???a???????????????????????????@?????????????????d???????W?D~???sx??s@????????P2?D??sh??s$??????????s????(????&?s?????P2??P2?????(????B?s?<2? @@????? @@??P2??B?s??
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
CTAVTray = C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI?A~????$???Z?A~????*?A~??????a???a???????????????????????????@?????????????????d???????W?D~???sx??s@????????P2?D??sh??s$??????????s????(????&?s?????P2??P2?????(????B?s?<2? @@????? @@??P2??B?s??

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]

Completion time: 2007-05-28 20:38:09
C:\ComboFix-quarantined-files.txt ... 2007-05-28 20:37
C:\ComboFix2.txt ... 2007-05-24 19:31

--- E O F ---

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:51 AM

Posted 29 May 2007 - 12:45 AM

Hello,

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next files:

C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\winpfz32.sys

Concerning the sluggisch system. Read next:
Help! My computer is slow!

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Roshimbo

Roshimbo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 02 June 2007 - 04:01 PM

Hello, just wanted to say thanks for all of the help and information. Got it all cleared up now and haven't had anything horrendous pop up in my anti-virus scans in the past 2 days. Much appreciated and I'll recommend this site to everyone I know :flowers:

:thumbsup:

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:51 AM

Posted 02 June 2007 - 04:03 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:51 AM

Posted 04 June 2007 - 05:55 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users