Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 31.8.2025 / 21:33
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt and combofix logs - need help
Show topics
 
Forums
Forums
HJT and ComboFix Logs - Need Help
  Jump to:
 
Posted Message
lukerb
Newbie
_ 		29. April 2007 @ 15:05 _ Link to this message    Send private message to this user   
I went to two other forums and I'm not getting any replies...
Hijackthis Log:
Quote:
:[quote]Logfile of HijackThis v1.99.1
Scan saved at 7:57:05 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim6\anotify.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\drv\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\mm\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151677017\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [iSnooze] C:\Program Files\iSnooze\iSnooze.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US aol/imApp
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: LoopBe1 Monitor.lnk = C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe
O4 - Global Startup: Microsoft firewall Client Management.lnk = ?
O4 - Global Startup: UltraMon.lnk = C:\util\UltraMon\UltraMon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\O...L.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlin...nkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - pmoserver/connectcompu...nshelp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/m...0733599617
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/...asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com/down...loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ProtonMedia.local
O17 - HKLM\Software\..\Telephony: DomainName = ProtonMedia.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ProtonMedia.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ProtonMedia.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ProtonMedia.local
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ProtonMedia.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Antispyware Client Agent - Trend Micro, Inc. - C:\Program Files\Trend Micro\tmasea\tmasca.exe
O23 - Service: Antispyware Engine Agent - Trend Micro, Inc. - C:\Program Files\Trend Micro\tmasea\tmasea.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

I went to hijackthislogs.com and followed these instructions (direct quote from website)
Quote:
1. Download combofix.exe from one of the links below:

www.techsupportforum.c...mboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were

quarantined. When you are done you can delete this folder - QooBox.

Next.........

Please download and install the 30 day trial version of AVG Anti-Spyware 7.5 here:
www.ewido.net/en/download/

After it's installed...Check for updates:
Double click on the AVG Anti-Spyware 7.5 icon in the system tray or on the desktop> this will bring up

the main program if it's not already up.

On the Main Page click the Update Tab and then Start Update.
Download and install any updates if available.

Select the Scanner icon at the top of the screen, then select the Settings tab.
Once in the Settings screen click on Recommended actions and then select Quarantine.
Under Reports
Select Automatically generate report after every scan
Un-Select Only if threats were found


Next,

Click on start, run and copy and paste this command inside the run box. You may be prompt for a cd if the files are not stored on your harddisk.

"sfc /scannow"

After that scan has completed, run the check disk command at the run box. You will be prompt that your volume is locked and if you want to run on your next reboot, chose the option yes.

"chkdsk /F"

Reboot

* Run Disk Defragmenter
o Disk Defragmenter can be opened a number of different ways. The most common methods are listed below.
o Start | All Programs | Accessories | System Tools | Disk Defragmenter
o Start | Run | and type dfrg.msc in the Open line. Click OK
o Start | Administrative Tools | Computer Management. Expand Storage and select Disk Defragmenter
o The first two methods take you to a standalone window containing Disk Defragmenter.

I did that... and heres the combofix log i was asked to post:
ComboFix Log:
Quote:
"Luke" - 07-04-28 9:06:26 Service Pack 2 [SAFE MODE]
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Administrator\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


2007-04-23 20:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-23 20:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-23 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-04-23 19:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\acccore
2007-04-23 19:46 <DIR> d-------- C:\Program Files\AIM6
2007-04-23 19:41 <DIR> d-------- C:\Program Files\OpenArena
2007-04-23 19:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenArena
2007-04-23 07:02 <DIR> d-------- C:\Program Files\a-squared Free
2007-04-22 20:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-22 11:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Systweak
2007-04-22 11:25 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-04-22 10:52 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-21 23:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Registry Booster
2007-04-21 19:09 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-21 19:09 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-04-21 19:09 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-04-21 19:09 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-04-21 19:09 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-04-21 18:56 <DIR> d-------- C:\Program Files\nerds.de
2007-04-21 18:55 <DIR> d-------- C:\Program Files\eJamming
2007-04-21 18:35 <DIR> d-------- C:\Program Files\IObit
2007-04-21 18:17 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-04-21 18:15 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-04-21 18:10 <DIR> d-------- C:\Program Files\Abexo
2007-04-21 18:07 <DIR> d-------- C:\Program Files\CCleaner
2007-04-21 18:02 <DIR> d-------- C:\Program Files\3B Software
2007-04-21 15:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IMVU
2007-04-21 15:55 <DIR> d-------- C:\Program Files\IMVU
2007-04-20 20:29 <DIR> d-------- C:\Program Files\Innovative Solutions
2007-04-20 20:26 149,248 --a------ C:\WINDOWS\system32\RegCompact.dll
2007-04-20 20:06 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-04-20 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-20 19:39 552 --a------ C:\WINDOWS\system32\d3d8caps.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-04-23 19:46 -------- d-------- C:\Program Files\viewpoint
2007-04-23 15:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-22 22:33 -------- d-------- C:\Program Files\microsoft firewall client 2004
2007-04-22 11:48 -------- d-------- C:\Program Files\aim
2007-04-22 10:53 -------- d--h----- C:\Program Files\installshield installation information
2007-04-21 18:07 -------- d-------- C:\Program Files\yahoo!
2007-04-21 08:28 1024 -r-h----- C:\WINDOWS\system32\ntiembed.dll
2007-04-21 08:22 288 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000000-00000000-0000000a-00001102-00000002-80651102}.dat
2007-04-21 08:22 288 --a------ C:\WINDOWS\system32\dvcstate-{00000000-00000000-0000000a-00001102-00000002-80651102}.dat
2007-03-07 20:59 -------- d-------- C:\Program Files\alwil software


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="C:\\drv\\Creative\\SBLive\\PROGRAM\\AD GJDet.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"RemoteControl"="C:\\mm\\PowerDVD\\PDVDServ.ex e"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,2 5,5c,73,79,\
"Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1151677017\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp. exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"iSnooze"="C:\\Program Files\\iSnooze\\iSnooze.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"location"="Common Startup"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
"location"="Common Startup"
"command"="C:\\drv\\MSI\\CORECE~1\\CORECE~1.EX E "
"item"="CoreCenter"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DigiCell.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\DigiCell\\DigiCell.e xe "
"item"="DigiCell"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="winampa"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\E]
Shell\AutoRun\command E:\atisetup.exe
Shell\launch\command E:\atisetup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\LEGACY_DCFS2K

************************************************** ******************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, www.gmer.net
Rootkit scan 2007-04-28 09:09:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


************************************************** ******************

Completion time: 07-04-28 9:10:01
C:\ComboFix-quarantined-files.txt ... 07-04-28 09:10
C:\ComboFix2.txt ... 07-04-23 20:31

Help would be nice!
[ + quote]
Luke
Fredil
Member
_ 		1. May 2007 @ 16:57 _ Link to this message    Send private message to this user   
Why are you posting this here? If you got that in a reply on a thread on AfterDawn, find that thread and reply to it. Don't make a new thread. If you posted on another forum, make a reply on that other forum.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt and combofix logs - need help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork