|
|
|
hijack this log
|
|
|
lmac222
Member
|
28. November 2006 @ 07:59 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 12:53:02 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - D:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...902/mcfscan.cab
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
thanks for any help
the thing thats irritating is the constant pop ups, it wont do it while im away or idle from my computer, but rest assure i move the mouse and do some surfing bam here they come
on another note, is it possible for a virus to block a port from my router?
i got a program i play games with that has a port and its set up correctly within my router, but as soon as i try to connect or host a game the program encounters an error and closes? I figure step 1 though is get rid of this virus/viruses
ty for any help.
|
|
Advertisement
|
 |
|
|
|
lmac222
Member
|
1. December 2006 @ 08:09 |
Link to this message
|
|
please any help
|
Member
|
1. December 2006 @ 08:43 |
Link to this message
|
|
Hello Imac222 I'm studying your log right now and will be back to you a.s.a.p.
|
Member
|
1. December 2006 @ 09:07 |
Link to this message
|
Hi Again Imac222 Let's Continue.
1. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall PuritySCAN By OIN, OuterInfo, OIN or similar.
Please Download Combofix.exe
And save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply.
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Also just copy and paste your HJT log.
|
|
lmac222
Member
|
1. December 2006 @ 09:19 |
Link to this message
|
is this what ya needed?
Lightning - 06-12-01 14:13:24.06 Service Pack 2
ComboFix 06.11.27W - Running from: "D:\Documents and Settings\Lightning\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\WINDOWS\system32\components
D:\Program Files\Common Files\{3CB6E935-0AA8-1033-0704-051220010001}
D:\Program Files\Common Files\{BCB6E935-0AA8-1033-0704-051220010001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\FNTS~1
D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\ICROSO~1
D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\MBOLS~1
D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\SSTEM3~1
D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\YSTEM~1
D:\QooBox\Purity\Program Files\ICROSO~1
D:\QooBox\Purity\Program Files\MCROSO~1
D:\QooBox\Purity\Program Files\YMBOLS~1
D:\QooBox\Purity\Program Files\Common Files\SEMBLY~1
D:\QooBox\Purity\Program Files\YMBOLS~1\scanregw.exe
D:\QooBox\Purity\Program Files\YMBOLS~1\?ymbols
D:\QooBox\Purity\WINDOWS\CROSOF~1.NET
D:\QooBox\Purity\WINDOWS\CROSOF~1.NET\w?nword.exe
D:\QooBox\Purity\WINDOWS\system32\RACLE~1
((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))
2006-12-01 13:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-01 13:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-01 13:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL
2006-12-01 13:54 <DIR> d-------- D:\Program Files\AIM6
2006-12-01 12:53 <DIR> d-------- D:\Program Files\Trillian
2006-12-01 12:02 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\.gaim
2006-12-01 11:35 <DIR> d-------- D:\Program Files\Common Files\GTK
2006-11-28 22:05 <DIR> dr-h----- D:\$VAULT$.AVG
2006-11-28 20:34 88,340 --a------ D:\WINDOWS\system32\ocxbvwoc.exe
2006-11-28 20:28 88,340 --a------ D:\WINDOWS\system32\qofkicey.exe
2006-11-28 20:28 132,116 --a------ D:\WINDOWS\system32\hnxtctdk.dll
2006-11-28 20:28 <DIR> d-------- D:\Program Files\VSAdd-in
2006-11-28 17:03 126,996 --a------ D:\WINDOWS\system32\hxtjmvbx.dll
2006-11-28 13:13 <DIR> d-------- D:\Program Files\Lavasoft
2006-11-28 13:13 <DIR> d-------- D:\Program Files\Adware Away
2006-11-27 23:56 <DIR> d-------- D:\WINDOWS\McAfee.com
2006-11-27 23:48 <DIR> d-------- D:\Program Files\ToniArts
2006-11-27 22:33 88,340 --a------ D:\WINDOWS\system32\dwhemvoi.exe
2006-11-27 22:03 3,968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
2006-11-27 22:03 18,240 --a------ D:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-27 22:03 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\AVG7
2006-11-27 22:02 816,672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2006-11-27 22:02 4,224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-27 22:02 28,416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-27 22:02 <DIR> d-------- D:\Program Files\Grisoft
2006-11-27 22:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-27 22:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2006-11-27 22:01 88,340 --a------ D:\WINDOWS\system32\gggviyne.exe
2006-11-27 21:56 88,340 --a------ D:\WINDOWS\system32\janvgngn.exe
2006-11-27 21:56 132,116 --a------ D:\WINDOWS\system32\imeybwkh.dll
2006-11-27 20:59 88,340 --a------ D:\WINDOWS\system32\xkbqnklr.exe
2006-11-27 20:54 88,340 --a------ D:\WINDOWS\system32\gsmvmklo.exe
2006-11-27 20:53 132,116 --a------ D:\WINDOWS\system32\vbwfeunx.dll
2006-11-27 17:18 88,340 --a------ D:\WINDOWS\system32\edxdiqqu.exe
2006-11-27 17:02 88,340 --a------ D:\WINDOWS\system32\jkbvsrvu.exe
2006-11-27 16:57 88,340 --a------ D:\WINDOWS\system32\gxjefbqv.exe
2006-11-27 16:57 132,116 --a------ D:\WINDOWS\system32\rqcinhso.dll
2006-11-27 16:39 88,340 --a------ D:\WINDOWS\system32\qdtnqpwd.exe
2006-11-27 16:33 88,340 --a------ D:\WINDOWS\system32\gridvebm.exe
2006-11-27 16:33 132,116 --a------ D:\WINDOWS\system32\xmmxglbw.dll
2006-11-27 16:24 88,340 --a------ D:\WINDOWS\system32\ciomwadp.exe
2006-11-27 13:19 88,340 --a------ D:\WINDOWS\system32\wisvqrqc.exe
2006-11-27 13:19 42,516 --a------ D:\WINDOWS\system32\akfymbrl.dll
2006-11-26 19:27 <DIR> d--hs---- D:\Config.Msi
2006-11-26 19:26 110,612 --a------ D:\WINDOWS\system32\nlcsxkca.exe
2006-11-26 19:25 60,436 --a------ D:\WINDOWS\system32\hiljahet.dll
2006-11-26 19:25 110,612 --a------ D:\WINDOWS\system32\akwyladp.exe
2006-11-24 21:55 132,116 --a------ D:\WINDOWS\system32\omwvpsqn.dll
2006-11-23 23:17 38,420 --a------ D:\WINDOWS\system32\mkpucgdi.dll
2006-11-22 23:43 132,116 --a------ D:\WINDOWS\system32\hckbkian.dll
2006-11-22 22:41 132,116 --a------ D:\WINDOWS\system32\hwravluw.dll
2006-11-22 21:46 132,116 --a------ D:\WINDOWS\system32\djfcenge.dll
2006-11-21 22:24 132,116 --a------ D:\WINDOWS\system32\mtafrexd.dll
2006-11-12 21:34 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\çasks
2006-11-07 18:05 <DIR> d-------- D:\Program Files\MySpace
2006-11-01 23:03 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\Lavasoft
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 14:15 -------- d-------- D:\Program Files\Common Files
2006-12-01 13:55 -------- d-------- D:\Program Files\Common Files\AOL
2006-12-01 13:49 -------- d-------- D:\Program Files\Mozilla Firefox
2006-12-01 12:48 -------- d-------- D:\Program Files\AIM95
2006-12-01 12:15 -------- d-------- D:\Documents and Settings\Lightning\Application Data\.gaim
2006-12-01 12:06 -------- d-------- D:\Documents and Settings\Lightning\Application Data\uTorrent
2006-11-28 20:34 -------- d-------- D:\Documents and Settings\Lightning\Application Data\Aim
2006-11-28 20:30 -------- d-------- D:\Program Files\AIM
2006-11-27 23:48 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-11-25 22:02 -------- d-------- D:\Documents and Settings\Lightning\Application Data\Vso
2006-11-20 20:30 2 --a------ D:\WINDOWS\system32\wnscpsv.exe
2006-11-18 22:39 -------- d-------- D:\Program Files\Lx_cats
2006-11-15 03:01 -------- d-------- D:\Program Files\Internet Explorer
2006-11-02 13:20 -------- d-------- D:\Program Files\AviSynth 2.5
2006-10-31 23:00 -------- d-------- D:\Program Files\Spybot - Search & Destroy
2006-10-31 22:36 -------- d-------- D:\Program Files\VSToolbar
2006-10-29 12:35 -------- d-------- D:\Program Files\PeerGuardian2
2006-10-19 22:37 0 ---hs---- D:\WINDOWS\system32\xxyyaxy.dll
2006-10-19 22:04 -------- d-------- D:\Program Files\ISOpen
2006-10-19 22:04 -------- d-------- D:\Program Files\Acoustica CD Label Maker
2006-10-18 19:21 461 --a------ D:\Program Files\INSTALL.LOG
2006-10-18 12:58 -------- d-------- D:\Program Files\Common Files\Softwin
2006-10-18 09:14 -------- d-------- D:\Program Files\Common Files\Symantec Shared
2006-10-18 08:15 -------- d-------- D:\Program Files\Common Files\Real
2006-10-18 08:14 -------- d-------- D:\Program Files\Yahoo!
2006-10-18 08:12 -------- d-------- D:\Program Files\Viewpoint
2006-10-18 08:12 -------- d-------- D:\Program Files\Gabest
2006-10-14 15:22 -------- d-------- D:\Documents and Settings\Lightning\Application Data\FunWebProducts
2006-10-13 07:35 65536 --a------ D:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ D:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ D:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ D:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-12 15:19 -------- d-------- D:\Documents and Settings\Lightning\Application Data\Acoustica
2006-10-10 12:40 143380 --a------ D:\WINDOWS\system32\foieolvi.exe
2006-10-05 22:04 -------- d-------- D:\Program Files\McAfee.com
2006-10-05 22:03 -------- d-------- D:\Program Files\McAfee
2006-10-05 14:39 -------- d-------- D:\Documents and Settings\Lightning\Application Data\McAfee.com Personal firewall
2006-10-05 00:46 -------- d---s---- D:\Documents and Settings\Lightning\Application Data\Microsoft
2006-10-04 21:24 -------- d-------- D:\Program Files\Electronic Arts
2006-10-04 21:14 -------- d-------- D:\Program Files\EA SPORTS
2006-10-04 19:37 93696 --a------ D:\WINDOWS\system32\ysetaed.dll
2006-10-04 19:37 72704 --a------ D:\WINDOWS\system32\qttbfte.dll
2006-10-02 20:19 81920 --a------ D:\Documents and Settings\Lightning\Application Data\ezpinst.exe
2006-10-02 20:19 7176 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.cat
2006-10-02 20:19 47360 --a------ D:\WINDOWS\system32\drivers\pcouffin.sys
2006-10-02 20:19 47360 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.sys
2006-10-02 20:19 34308 --a------ D:\WINDOWS\system32\BASSMOD.dll
2006-10-02 20:19 34 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.log
2006-10-02 20:19 1144 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.inf
2006-10-02 20:19 -------- d-------- D:\Program Files\vso
2006-09-13 00:01 1084416 --a------ D:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"D:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DeadAIM"="\"rundll32.exe\" \"D:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Lightning^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="D:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Lightning^Start Menu^Programs^Startup^neoDVDplus5.lnk]
"path"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\neoDVDplus5.lnk"
"backup"="D:\\WINDOWS\\pss\\neoDVDplus5.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\MEDIOS~1\\NEODVD~1\\neoTasks.exe "
"item"="neoDVDplus5"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Lightning^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="D:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="D:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvdeb"
"hkey"="HKLM"
"command"="rundll32.exe D:\\WINDOWS\\system32\\drvdeb.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dwewl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="d?dplay"
"hkey"="HKCU"
"command"="\"D:\\Documents and Settings\\Lightning\\My Documents\\??mbols\\d?dplay.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="D:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPActiveDetection"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\CA\\eTrust EZ Armor\\eTrust PestPatrol\\PPActiveDetection.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezprint"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="D:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCGCATS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXCGtime"
"hkey"="HKLM"
"command"="rundll32 D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxcgmon"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MWSBAR"
"hkey"="HKLM"
"command"="rundll32 D:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\MWSBAR.DLL,S"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pg2"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\PeerGuardian2\\pg2.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="D:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeperUI"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uuwd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="scanregw"
"hkey"="HKCU"
"command"="\"D:\\PROGRA~1\\YMBOLS~1\\scanregw.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="D:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbjsjtv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="j?vaw"
"hkey"="HKCU"
"command"="D:\\Program Files\\Common Files\\??sembly\\j?vaw.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="D:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ysetaed.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ysetaed"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\rundll32.exe D:\\WINDOWS\\system32\\ysetaed.dll,llnjymf"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odcmig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-01 14:16:41.00
D:\ComboFix.txt ... 06-12-01 14:16
|
|
lmac222
Member
|
1. December 2006 @ 09:20 |
Link to this message
|
|
btw would this be any reason why i cant connect on aim
ive redld it several times
dld trillian
gaim
all those chat things wont connect to anything, it does let me however connect thru my yahoo chatting messenger
|
Member
|
1. December 2006 @ 09:24 |
Link to this message
|
Please Post a New HjT Log
|
|
lmac222
Member
|
1. December 2006 @ 09:25 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 2:25:42 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
D:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\akfymbrl.dll
O2 - BHO: (no name) - {38714ACE-FDC4-4121-9034-34F400431FF1} - D:\WINDOWS\system32\hnxtctdk.dll
O2 - BHO: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O2 - BHO: (no name) - {6270CEEB-6E6A-B968-B21F-0144D03A6EED} - D:\WINDOWS\system32\qttbfte.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8EC9B360-7FD4-48C1-A80A-25AACF4C3AFC} - D:\WINDOWS\addins\odcmig.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\dooktjda.dll (file missing)
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...902/mcfscan.cab
O20 - Winlogon Notify: odcmig - D:\WINDOWS\addins\odcmig.dll (file missing)
O20 - Winlogon Notify: opnlkli - opnlkli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
Member
|
1. December 2006 @ 09:39 |
Link to this message
|
Okay, Let's continue :)
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
Please post a New HjT-Logfile , vundofix.txt + Smitfraudfix textfile.
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 09:42
|
|
lmac222
Member
|
1. December 2006 @ 10:19 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 3:18:13 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\notepad.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\akfymbrl.dll
O2 - BHO: (no name) - {38714ACE-FDC4-4121-9034-34F400431FF1} - D:\WINDOWS\system32\hnxtctdk.dll
O2 - BHO: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O2 - BHO: (no name) - {6270CEEB-6E6A-B968-B21F-0144D03A6EED} - D:\WINDOWS\system32\qttbfte.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8EC9B360-7FD4-48C1-A80A-25AACF4C3AFC} - D:\WINDOWS\addins\odcmig.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\dooktjda.dll (file missing)
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...902/mcfscan.cab
O20 - Winlogon Notify: odcmig - D:\WINDOWS\addins\odcmig.dll (file missing)
O20 - Winlogon Notify: opnlkli - opnlkli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
SmitFraudFix v2.126
Scan done at 15:17:19.23, Fri 12/01/2006
Run from D:\Documents and Settings\Lightning\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32
D:\WINDOWS\system32\ot.ico FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Lightning
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Lightning\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\LIGHTN~1\FAVORI~1
D:\DOCUME~1\LIGHTN~1\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 2:51:25 PM 12/1/2006
Listing files found while scanning....
D:\WINDOWS\system32\qttbfte.dll
D:\WINDOWS\system32\foieolvi.exe
D:\WINDOWS\addins\odcmig.dll
D:\WINDOWS\addins\gimcdo.ini
D:\WINDOWS\addins\gimcdo.bak1
D:\WINDOWS\addins\gimcdo.bak2
D:\WINDOWS\addins\gimcdo.ini2
D:\WINDOWS\addins\gimcdo.tmp
Beginning removal...
Attempting to delete D:\WINDOWS\system32\qttbfte.dll
D:\WINDOWS\system32\qttbfte.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\foieolvi.exe
D:\WINDOWS\system32\foieolvi.exe Has been deleted!
Attempting to delete D:\WINDOWS\addins\gimcdo.ini
D:\WINDOWS\addins\gimcdo.ini Has been deleted!
Attempting to delete D:\WINDOWS\addins\gimcdo.bak1
D:\WINDOWS\addins\gimcdo.bak1 Has been deleted!
Attempting to delete D:\WINDOWS\addins\gimcdo.bak2
D:\WINDOWS\addins\gimcdo.bak2 Has been deleted!
Attempting to delete D:\WINDOWS\addins\gimcdo.ini2
D:\WINDOWS\addins\gimcdo.ini2 Has been deleted!
Attempting to delete D:\WINDOWS\addins\gimcdo.tmp
D:\WINDOWS\addins\gimcdo.tmp Has been deleted!
Performing Repairs to the registry.
Done!
im going to work now, so ill be on later 2night 2 see my next step
and again i totally appreciate all your help
|
|
lmac222
Member
|
1. December 2006 @ 16:01 |
Link to this message
|
|
ok im back, whats the word
|
Member
|
6. December 2006 @ 09:08 |
Link to this message
|
HI Imac! I'm really sorry for the long wait, Thank you for your patience.
Let's get your system cleaned up! ;)
Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':
R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\akfymbrl.dll
O2 - BHO: (no name) - {38714ACE-FDC4-4121-9034-34F400431FF1} - D:\WINDOWS\system32\hnxtctdk.dll
O2 - BHO: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
O2 - BHO: (no name) - {6270CEEB-6E6A-B968-B21F-0144D03A6EED} - D:\WINDOWS\system32\qttbfte.dll (file missing)
O2 - BHO: (no name) - {8EC9B360-7FD4-48C1-A80A-25AACF4C3AFC} - D:\WINDOWS\addins\odcmig.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\dooktjda.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: odcmig - D:\WINDOWS\addins\odcmig.dll (file missing)
O20 - Winlogon Notify: opnlkli - opnlkli.dll (file missing)
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
D:\WINDOWS\system32\qofkicey.exe
D:\WINDOWS\system32\hnxtctdk.dll
D:\WINDOWS\system32\hxtjmvbx.dll
D:\WINDOWS\system32\dwhemvoi.exe
D:\WINDOWS\system32\gggviyne.exe
D:\WINDOWS\system32\janvgngn.exe
D:\WINDOWS\system32\imeybwkh.dll
D:\WINDOWS\system32\xkbqnklr.exe
D:\WINDOWS\system32\gsmvmklo.exe
D:\WINDOWS\system32\vbwfeunx.dll
D:\WINDOWS\system32\edxdiqqu.exe
D:\WINDOWS\system32\jkbvsrvu.exe
D:\WINDOWS\system32\gxjefbqv.exe
D:\WINDOWS\system32\rqcinhso.dll
D:\WINDOWS\system32\qdtnqpwd.exe
D:\WINDOWS\system32\gridvebm.exe
D:\WINDOWS\system32\xmmxglbw.dll
D:\WINDOWS\system32\ciomwadp.exe
D:\WINDOWS\system32\wisvqrqc.exe
D:\WINDOWS\system32\akfymbrl.dll
D:\WINDOWS\system32\nlcsxkca.exe
D:\WINDOWS\system32\hiljahet.dll
D:\WINDOWS\system32\akwyladp.exe
D:\WINDOWS\system32\omwvpsqn.dll
D:\WINDOWS\system32\mkpucgdi.dll
D:\WINDOWS\system32\hckbkian.dll
D:\WINDOWS\system32\hwravluw.dll
D:\WINDOWS\system32\djfcenge.dll
D:\WINDOWS\system32\mtafrexd.dll
D:\WINDOWS\system32\wnscpsv.exe
D:\WINDOWS\system32\xxyyaxy.dll
D:\WINDOWS\system32\foieolvi.exe
D:\WINDOWS\system32\ysetaed.dll
D:\WINDOWS\system32\qttbfte.dll
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Select Delete on Reboot
then Click on the Single File button.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox,
Click here. to download and run missingfilesetup.exe. Then try Killbox again.
Backup your registry
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window.
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
Quote:
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dwewl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbjsjtv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ysetaed.dll]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uuwd]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
Please Post a Fresh HjT-Log
|
|
lmac222
Member
|
6. December 2006 @ 09:31 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 2:30:41 PM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\AIM95\aim.exe
D:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...902/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
and btw ive using 2 hard drives, with my system files being on D..so anywhere u made mention to C: or whatever i did D: im assuming this is correct?
|
Member
|
12. December 2006 @ 08:52 |
Link to this message
|
Open HijackThis, scan and when complete, remove the following entrie by checking the box to the left and clicking 'fix checked':
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
Click on the below link to begin the Kaspersky Online scanner program.
Kaspersky On-line Scanner
When you are prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files
When the files finish downloading click on NEXT
Now click on Scan Settings
In Scan Settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This program will start and scan your system.
Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
When the scan has completed, it will display whether your system has been infected or not
Click on the Save as Text button:
Save the file to your desktop or another folder where you can locate it later.
Attach this file to your next message.
|
Member
|
12. December 2006 @ 08:52 |
Link to this message
|
|
Please Let me know in your next reply how things are now.
This message has been edited since posting. Last time this message was edited on 12. December 2006 @ 08:58
|
|
lmac222
Member
|
12. December 2006 @ 18:20 |
Link to this message
|
|
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 12, 2006 11:17:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/12/2006
Kaspersky Anti-Virus database records: 236282
Scan Settings
Scan using the following antivirus database
standard
Scan Archives
true
Scan Mail Bases
true
Scan Target
My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects
105797
Number of viruses found
2
Number of infected objects
4 / 0
Number of suspicious objects
0
Duration of the scan process
03:00:12
Infected Object Name
Virus Name
Last Action
C:\eaef4e277531e170b398fb\i386\update\update.exe
Object is locked
skipped
C:\System Volume Information\MountPointManagerRemoteDatabase
Object is locked
skipped
C:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0078677.exe
Object is locked
skipped
C:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP265\change.log
Object is locked
skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log
Object is locked
skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck
Object is locked
skipped
D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\cert8.db
Object is locked
skipped
D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\history.dat
Object is locked
skipped
D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\key3.db
Object is locked
skipped
D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\parent.lock
Object is locked
skipped
D:\Documents and Settings\Lightning\Cookies\index.dat
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_001_
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_002_
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_003_
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_MAP_
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\History\History.IE5\index.dat
Object is locked
skipped
D:\Documents and Settings\Lightning\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped
D:\Documents and Settings\Lightning\NTUSER.DAT
Object is locked
skipped
D:\Documents and Settings\Lightning\NTUSER.DAT.LOG
Object is locked
skipped
D:\Documents and Settings\LocalService\Cookies\index.dat
Object is locked
skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Object is locked
skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped
D:\Documents and Settings\LocalService\NTUSER.DAT
Object is locked
skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG
Object is locked
skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT
Object is locked
skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG
Object is locked
skipped
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-12-12.11-44-38.log
Object is locked
skipped
D:\QooBox\Purity\Program Files\YMBOLS~1\scanregw.exe
Object is locked
skipped
D:\System Volume Information\MountPointManagerRemoteDatabase
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP205\A0078659.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP205\A0078660.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079659.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079660.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079705.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079706.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079726.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079727.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079746.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079747.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0080743.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0080744.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081755.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081756.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081826.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081827.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0081867.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0081868.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082132.exe
Infected: Trojan-Downloader.Win32.Zlob.avy
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082133.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082167.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082231.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP209\A0083231.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP211\A0083316.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP212\A0083359.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP212\A0084317.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP213\A0085317.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP213\A0085326.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP215\A0086330.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP215\A0087328.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP216\A0087368.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP216\A0087385.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP216\A0088367.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP217\A0090367.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP217\A0091367.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP217\A0092367.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP218\A0092408.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP219\A0093088.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP219\A0093410.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP219\A0094367.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP220\A0096366.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP221\A0098381.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP222\A0099381.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP222\A0100381.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0101387.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0101392.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0102381.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0103381.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP226\A0103446.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP227\A0104448.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP228\A0104558.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP228\A0104582.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP228\A0104603.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP229\A0104617.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP229\A0104628.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP229\A0104629.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104727.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104737.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104747.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104754.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104764.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0105791.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP236\A0109356.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP238\A0110387.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116419.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116441.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116450.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116454.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116472.exe
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116482.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116488.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116507.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116515.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP252\A0118858.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP252\A0118859.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP254\A0119322.dll
Infected: Trojan-Downloader.Win32.Busky.gen
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP255\A0120387.dll
Object is locked
skipped
D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP265\change.log
Object is locked
skipped
D:\VundoFix Backups\qttbfte.dll.bad
Infected: Trojan-Downloader.Win32.Busky.gen
skipped
D:\WINDOWS\CSC\00000001
Object is locked
skipped
D:\WINDOWS\Debug\PASSWD.LOG
Object is locked
skipped
D:\WINDOWS\SchedLgU.Txt
Object is locked
skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Object is locked
skipped
D:\WINDOWS\Sti_Trace.log
Object is locked
skipped
D:\WINDOWS\system32\CatRoot2\edb.log
Object is locked
skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb
Object is locked
skipped
D:\WINDOWS\system32\config\AppEvent.Evt
Object is locked
skipped
D:\WINDOWS\system32\config\default
Object is locked
skipped
D:\WINDOWS\system32\config\default.LOG
Object is locked
skipped
D:\WINDOWS\system32\config\SAM
Object is locked
skipped
D:\WINDOWS\system32\config\SAM.LOG
Object is locked
skipped
D:\WINDOWS\system32\config\SecEvent.Evt
Object is locked
skipped
D:\WINDOWS\system32\config\SECURITY
Object is locked
skipped
D:\WINDOWS\system32\config\SECURITY.LOG
Object is locked
skipped
D:\WINDOWS\system32\config\software
Object is locked
skipped
D:\WINDOWS\system32\config\software.LOG
Object is locked
skipped
D:\WINDOWS\system32\config\SysEvent.Evt
Object is locked
skipped
D:\WINDOWS\system32\config\system
Object is locked
skipped
D:\WINDOWS\system32\config\system.LOG
Object is locked
skipped
D:\WINDOWS\system32\h323log.txt
Object is locked
skipped
D:\WINDOWS\system32\hiljahet.dll
Object is locked
skipped
D:\WINDOWS\system32\hxtjmvbx.dll
Object is locked
skipped
D:\WINDOWS\system32\mkpucgdi.dll
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Object is locked
skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Object is locked
skipped
D:\WINDOWS\system32\ysetaed.dll
Infected: Trojan-Downloader.Win32.Busky.gen
skipped
D:\WINDOWS\wiadebug.log
Object is locked
skipped
D:\WINDOWS\wiaservc.log
Object is locked
skipped
D:\WINDOWS\WindowsUpdate.log
Object is locked
skipped
Scan process completed.
|
Member
|
13. December 2006 @ 19:36 |
Link to this message
|
Search the following file, and delete (if found)
D:\WINDOWS\system32\ysetaed.dll
And empty this folder: C:\VundoFix Backups
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware
Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Safe surfing ;)
|
|
bkf
Suspended due to non-functional email address
|
14. December 2006 @ 00:02 |
Link to this message
|
|
Speuge9: That is a great list. Thanks for taking the time to post it.
|
Member
|
16. December 2006 @ 11:46 |
Link to this message
|
|
Thank you Bkf :)
@Imac222 How is your computer working for you now? Any problems?
|
|
Advertisement
|
|
|
|
lmac222
Member
|
16. December 2006 @ 12:21 |
Link to this message
|
running good now my man
thanks for all the help
quick question not really pertaining this
I run a program to play a video game online, not sure if you have ever heard of it.......its called nesticle. Anyways i connect/host to servers to play. When i disable my router it all works fine, but when enabled It sometimes encounters an error as soon as i hit start/connect server....sometimes it will let me play about 5 minutes but everytime it says the same thing
like theres an issue with the port number or something
heres a post that might show ya more in detail what the error looks like http://www.knobbe.org/phpBB2/viewtopic.php?t=8486&highlight=
ive reset my router and everything, no dice
|
|
