Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blackcare,darksma X And Others


  • This topic is locked This topic is locked
26 replies to this topic

#1 Lisa876_1

Lisa876_1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 30 June 2007 - 04:28 PM

ogfile of HijackThis v1.99.1
Scan saved at 5:10:37 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\gyouwouh.dll",forkonce
O4 - HKCU\..\Run: [NVIEW] 2.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182665172921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182836403031
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

I hope I did that right.I got trojans up the butt.I really hope you guys can help me

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 01 July 2007 - 01:08 PM

Can you rename HijackThis.exe to Analyse.exe ?
Rightclick Hijackthis.exe and choose rename.
Then reboot and after reboot, doubleclick Analyse.exe and post the log it creates in your next reply (this will be a hijackthislog ofcourse).

#3 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 04 July 2007 - 11:53 PM

Here is my new hijack log after I renamed it

Logfile of HijackThis v1.99.1
Scan saved at 12:35:24 AM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {083462C7-E250-4BB9-85CA-7E00D90C67C8} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {1C3899C4-B3E8-4682-9B4C-45635FDC99A1} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\afdsjeba.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C00190EA-8626-4EAB-900D-87238CF234FA} - C:\WINDOWS\System32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {DBF1A3C3-5BD7-416D-BC8F-6A41850C7AA0} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kwjoblum.dll",forkonce
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] 2.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182665172921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182836403031
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\System32\ddcyv.dll (file missing)
O20 - Winlogon Notify: gebabbb - gebabbb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 05 July 2007 - 07:12 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

#5 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 05 July 2007 - 06:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:03:15 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {083462C7-E250-4BB9-85CA-7E00D90C67C8} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {1C3899C4-B3E8-4682-9B4C-45635FDC99A1} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C00190EA-8626-4EAB-900D-87238CF234FA} - C:\WINDOWS\System32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {DBF1A3C3-5BD7-416D-BC8F-6A41850C7AA0} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] 2.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182665172921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182836403031
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\System32\ddcyv.dll (file missing)
O20 - Winlogon Notify: gebabbb - gebabbb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe



"Owner" - 2007-07-05 19:13:05 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-05 18:40 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-05 18:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 05:10 630,200 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-05 05:10 108,392 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-03 16:39 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-07-03 16:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-07-03 16:22 <DIR> d-------- C:\Program Files\Nero
2007-07-03 16:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-03 16:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-02 17:58 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-07-02 17:58 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-07-02 08:49 6,369 ---hs---- C:\WINDOWS\system32\rqstv.bak1
2007-07-02 03:17 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-07-02 03:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-07-02 03:06 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-06-30 15:41 1,891,473 ---hs---- C:\WINDOWS\system32\cfhkj.bak2
2007-06-30 01:30 6,409 ---hs---- C:\WINDOWS\system32\cfhkj.bak1
2007-06-28 05:41 3,022 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-28 05:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-28 05:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-28 05:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-28 05:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-27 18:53 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-06-27 18:53 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-06-27 18:53 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-06-27 18:53 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-06-27 18:53 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-06-27 18:53 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-06-27 18:53 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-06-27 17:21 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-27 14:38 <DIR> d-------- C:\VundoFix Backups
2007-06-26 20:21 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-06-26 20:21 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-06-26 20:21 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-06-26 20:21 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-06-26 20:21 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-06-26 20:21 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-06-26 20:20 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-06-26 20:19 <DIR> d-------- C:\Program Files\Sygate
2007-06-26 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-26 14:35 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-26 10:49 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-06-26 10:49 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-06-26 10:49 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-06-26 10:49 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-06-26 10:49 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-06-26 10:48 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-06-26 10:45 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-06-26 10:45 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-06-26 10:45 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-06-26 10:45 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-06-26 10:45 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-06-26 10:45 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-06-26 10:45 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-06-26 10:45 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-06-26 10:45 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-06-26 10:45 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-06-26 10:45 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-06-26 10:45 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-06-26 10:44 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-06-26 10:44 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-06-26 10:43 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-06-26 10:42 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-06-26 10:42 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-06-26 10:42 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-06-26 10:42 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-06-26 10:42 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-06-26 10:42 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-06-26 10:42 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-06-26 10:42 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-06-26 10:42 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-06-26 10:42 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-06-26 10:42 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-06-26 10:42 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-06-26 10:42 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-06-26 10:42 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-06-26 10:42 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-06-26 10:42 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-06-26 10:41 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-06-26 10:41 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-26 10:41 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-06-26 10:41 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-06-26 10:41 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-06-26 10:41 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-06-26 10:40 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-06-26 10:38 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-06-26 10:38 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-06-26 10:38 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-06-26 10:37 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-06-26 10:37 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-06-26 10:37 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-06-26 10:37 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-06-26 10:37 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-06-26 10:36 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-06-26 10:36 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-06-26 10:35 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-06-26 10:35 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-06-26 10:35 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-06-26 10:35 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-06-26 10:35 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 07:14:35 -------- d-----w C:\Program Files\PokerStars
2007-06-28 18:09:55 -------- d-----w C:\Program Files\Messenger
2007-06-28 02:20:56 -------- d-----w C:\Program Files\MSN Messenger
2007-06-28 01:27:26 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-28 00:52:07 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-27 23:52:28 -------- d-----w C:\Program Files\CA
2007-06-27 21:47:07 -------- d-----w C:\Program Files\Movie Maker
2007-06-27 21:45:25 -------- d-----w C:\Program Files\Windows NT
2007-06-24 04:10:11 -------- d-----w C:\Program Files\Common Files\Real
2007-06-24 04:09:51 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Real
2007-06-24 03:21:49 -------- d-----w C:\Program Files\Yahoo!
2007-06-24 03:14:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-19 17:28:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-19 08:15:08 -------- d-----w C:\Program Files\Common Files\LogiShrd
2007-05-26 11:46:46 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim
2007-05-24 16:51:06 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-17 21:16:47 116,264 ----a-w C:\WINDOWS\UnVet32.exe
2007-05-17 21:16:46 112,168 ----a-w C:\WINDOWS\AVShlExt.dll
2007-05-17 01:20:49 -------- d--h--r C:\DOCUME~1\Owner\APPLIC~1\yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 07:45:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-13 23:45:10 -------- d-----w C:\Program Files\MySpace
2007-05-07 01:51:13 -------- d-----w C:\Program Files\MSXML 6.0
2007-05-07 01:48:07 -------- d-----w C:\Program Files\MSBuild
2007-05-07 01:33:27 -------- d-----w C:\Program Files\Reference Assemblies
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-03-20 16:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 09:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{083462C7-E250-4BB9-85CA-7E00D90C67C8}]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3899C4-B3E8-4682-9B4C-45635FDC99A1}]
C:\WINDOWS\system32\gebcb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 15:33 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 19:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C00190EA-8626-4EAB-900D-87238CF234FA}]
C:\WINDOWS\System32\ddcyv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBF1A3C3-5BD7-416D-BC8F-6A41850C7AA0}]
C:\WINDOWS\system32\pmnlj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-27 20:16]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-06-27 20:16]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-06-27 20:16]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-03-09 10:31]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="2.exe" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
C:\WINDOWS\System32\ddcyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebabbb]
gebabbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr]
C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc]

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-28 01:01:02 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 7 53 PM.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 19:20:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-05 19:23:00
C:\ComboFix-quarantined-files.txt ... 2007-07-05 19:22

--- E O F ---

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 06 July 2007 - 11:03 AM

I also need you to post the Vundofix log (my bad):

Please post the contents of C:\vundofix.txt.

#7 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 06 July 2007 - 08:30 PM

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 3:38:03 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\System32\ddcyv.dll
C:\WINDOWS\System32\vycdd.bak1
C:\WINDOWS\System32\vycdd.bak2
C:\WINDOWS\System32\vycdd.ini
C:\WINDOWS\System32\vycdd.ini2
C:\WINDOWS\System32\vycdd.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\System32\ddcyv.dll
C:\WINDOWS\System32\ddcyv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\vycdd.bak1
C:\WINDOWS\System32\vycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\vycdd.bak2
C:\WINDOWS\System32\vycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\vycdd.ini
C:\WINDOWS\System32\vycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\vycdd.ini2
C:\WINDOWS\System32\vycdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\vycdd.tmp
C:\WINDOWS\System32\vycdd.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:56:54 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\System32\ddcyv.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\System32\vycdd.bak1
C:\WINDOWS\System32\vycdd.ini
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\vycdd.bak1
C:\WINDOWS\System32\vycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\vycdd.ini
C:\WINDOWS\System32\vycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:24:52 PM 6/27/2007

Listing files found while scanning....


VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 1:09:02 AM 6/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\System32\ddcyv.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcy.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:29:02 AM 7/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\afdsjeba.dll
C:\WINDOWS\System32\ddcyv.dll
C:\windows\system32\gkyeejsq.dll
C:\windows\system32\gyouwouh.dll
C:\windows\system32\huowuoyg.ini
C:\WINDOWS\system32\kwjoblum.dll
C:\windows\system32\mulbojwk.ini
C:\windows\system32\qsjeeykg.ini

Beginning removal...

Attempting to delete C:\windows\system32\gkyeejsq.dll
C:\windows\system32\gkyeejsq.dll Has been deleted!

Attempting to delete C:\windows\system32\gyouwouh.dll
C:\windows\system32\gyouwouh.dll Has been deleted!

Attempting to delete C:\windows\system32\huowuoyg.ini
C:\windows\system32\huowuoyg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kwjoblum.dll
C:\WINDOWS\system32\kwjoblum.dll Has been deleted!

Attempting to delete C:\windows\system32\mulbojwk.ini
C:\windows\system32\mulbojwk.ini Has been deleted!

Attempting to delete C:\windows\system32\qsjeeykg.ini
C:\windows\system32\qsjeeykg.ini Has been deleted!

Performing Repairs to the registry.
Done!


I have been trying to remove the trojans by myself a couple weeks now.I know Spybot S&D keeps finding Smitfraud toolbar 888 That was the beginning of the problems.

#8 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 06 July 2007 - 08:58 PM

Spybot isn't showing smitfraud no more.Spybot is showing advertising.com,avenue a,inc,blackcore,bluestreak,fastclick,hitbox,mediaplex,tradedoubler,zedo I dunno if this helps or not

#9 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 07 July 2007 - 04:38 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Please click: Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:
PokerStars

Then reboot your computer.

Step #2

Please run a search (start -> search) for this file: 2.exe

If you found it please submit it to Jotti:Step #3

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\tmp.reg

Folder::
C:\Program Files\PokerStars

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{083462C7-E250-4BB9-85CA-7E00D90C67C8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3899C4-B3E8-4682-9B4C-45635FDC99A1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C00190EA-8626-4EAB-900D-87238CF234FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBF1A3C3-5BD7-416D-BC8F-6A41850C7AA0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebabbb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


Posted Image



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please post the log from the ComboFix scan located at C:\ComboFix.txt together with a new hijackthislog

Edited by didom, 07 July 2007 - 04:39 AM.


#10 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 07 July 2007 - 04:51 PM

I was just wondering why I gotta remove pokerstars?I like playing it.Would I be able to re-install it or is that what is mising my computer up?Never mind

Edited by Lisa876_1, 07 July 2007 - 05:26 PM.


#11 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 08 July 2007 - 04:26 AM

Well, there are different opinions about this program. Some say it is either malware, installs malware, or is bundled with malware. Others say it is clean. It's up to you if you delete it or not.

When you're not deleting it, the CFScript will become:
File::
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\tmp.reg

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{083462C7-E250-4BB9-85CA-7E00D90C67C8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3899C4-B3E8-4682-9B4C-45635FDC99A1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C00190EA-8626-4EAB-900D-87238CF234FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBF1A3C3-5BD7-416D-BC8F-6A41850C7AA0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebabbb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr]


#12 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 09 July 2007 - 12:00 PM

I have like 80 files that gor 2.exe Did ya want all of them scanned and the results posted?

#13 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 09 July 2007 - 02:23 PM

Mm, wait a sec.

Please run Notepad and copy the following text into a new file:

attrib /s 2.exe > files.txt
notepad files.txt

Save the file as export.bat and make sure the "Save as type" field says "All files". Save it to your C drive C:\ .
This is how the batch must look afterwards: Posted Image

Double-Click on the file export.bat in , a small DOS type window should open and close immediately.
After this, there would be a file called files.txt in the same location where export.bat was present. Open the files.txt and post it's contents here.

Edited by didom, 09 July 2007 - 02:25 PM.


#14 Lisa876_1

Lisa876_1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 09 July 2007 - 05:46 PM

File not found - 2.exe

When should I do step 3?I appreciate this help.Thank you.

#15 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 09 July 2007 - 05:52 PM

What are the directions you found '2.exe' in?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users