Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 11:35
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help! my cd-drives have been disabled... hijackthis log included
Show topics
 
Forums
Forums
HELP! My cd-drives have been disabled... HijackThis Log included
  Jump to:
 
Posted Message
fred_82k
Newbie
_ 		29. April 2006 @ 10:16 _ Link to this message    Send private message to this user   
how you guys doing..
so about a few weeks ago, both my DVD drive and CDRW drive disappeared from My Computer. i havent been able to use them ever since. ive tried NUMEROUS spyware/trojan/virus scans but nothing seems to work...
im not a computer whiz or anything, but i know quite a bit still, so if there is anyone out there who can help me, i will forever be in ur debt.. just guide me thru this whole thing.. coz i need my cd drives

Thanx

oh and i dunno if this will help or not.. but heres my HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:22:57 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AirLink101\WlanUtility\tiwlan.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Fareed Cheema\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B91E7DA-0139-CAF2-705A-DC5942CF0C87} - (no file)
O2 - BHO: (no name) - {7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} - (no file)
O2 - BHO: (no name) - {AA1830CA-C235-C43E-1196-378BC88F9E50} - (no file)
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - (no file)
O2 - BHO: Class - {CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} - C:\WINDOWS\system32\addnc.dll
O2 - BHO: (no name) - {D3DE3C64-DB27-44BB-D909-411EDCA14227} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mszf.exe] C:\WINDOWS\system32\mszf.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [atlno32.exe] C:\WINDOWS\atlno32.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [7.tmp] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\7.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [7.tmp.exe] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\7.tmp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.1.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		29. April 2006 @ 22:16 _ Link to this message    Send private message to this user   
Ok you still got some infections.

Cleaning instructions:

Print these instructions, Internet Explorer must be closed during the cleaning process.

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html

Move HijackThis into its own folder C:\HJT

Download Intermute CWShredder -> http://cwshredder.net/bin/CWShredder.exe
Save it to your desktop but DO NOT run it yet..

Download About:Buster -> http://www.malwarebytes.org/AboutBuster.zip
Save it to your desktop but DO NOT run it yet..

Download Ewido -> http://www.ewido.net/en/download
Install it and update it, but DO NOT run a scan yet.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Restart your computer to the safe mode (press F8 button when computer is starting and choose the safe mode)

In safe mode, run CWShredder and press Fix

Run AboutBuster
-> Begin Removal
-> OK
-> Yes
-> OK
-> Exit
-> OK.
Scan twice. Logfile "AB Logfile.txt" is automatically saved to AboutBuster's directory (the same directory where AboutBuster.exe is saved)

Fix the following entries with HijackThis, if found (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2B91E7DA-0139-CAF2-705A-DC5942CF0C87} - (no file)
O2 - BHO: (no name) - {7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} - (no file)
O2 - BHO: (no name) - {AA1830CA-C235-C43E-1196-378BC88F9E50} - (no file)
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - (no file)
O2 - BHO: (no name) - {D3DE3C64-DB27-44BB-D909-411EDCA14227} - (no file)
O2 - BHO: Class - {CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} - C:\WINDOWS\system32\addnc.dll
O4 - HKLM\..\Run: [mszf.exe] C:\WINDOWS\system32\mszf.exe
O4 - HKLM\..\Run: [atlno32.exe] C:\WINDOWS\atlno32.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [7.tmp] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\7.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [7.tmp.exe] C:\DOCUME~1\FAREED~1\LOCALS~1\Temp\7.tmp.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

Delete these files if found:
C:\WINDOWS\system32\addnc.dll
C:\WINDOWS\system32\mszf.exe
C:\WINDOWS\atlno32.exe

Run ATF Cleaner -> Check select all -> Press Empty selected

Run a scan with Ewido, clean what it finds and save the log.

Restart your computer normally.

Post the following logs to here:
-> a new HijackThis log
-> About:Buster log
-> Ewido's log
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 29. April 2006 @ 22:22
fred_82k
Newbie
_ 		1. May 2006 @ 07:00 _ Link to this message    Send private message to this user   
my cd-drives still dont work...
here are the logs you asked me to post up...

HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 12:25:48 PM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fareed Cheema\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B91E7DA-0139-CAF2-705A-DC5942CF0C87} - (no file)
O2 - BHO: (no name) - {7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} - (no file)
O2 - BHO: (no name) - {AA1830CA-C235-C43E-1196-378BC88F9E50} - (no file)
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - (no file)
O2 - BHO: (no name) - {CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} - (no file)
O2 - BHO: (no name) - {D3DE3C64-DB27-44BB-D909-411EDCA14227} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe





ABOUT BUSTER LOG


AboutBuster 6.01
Scan started on [4/30/2006] at [12:18:00 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:cyprwa
Removed Stream! C:\WINDOWS\clock.avi:vziwzl
Removed Stream! C:\WINDOWS\Rhododendron.bmp:cjyvsx
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:vjjjuh
Removed Stream! C:\WINDOWS\setupapi.log.0.old:ezdbhp
Removed Stream! C:\WINDOWS\Uninstall.ico:hpogfj
Removed Stream! C:\WINDOWS\vbaddin.ini:zqylht
Removed Stream! C:\WINDOWS\_default.pif:bxauoc
Removed Stream! C:\WINDOWS\_default.pif:demizu
Removed Stream! C:\WINDOWS\_default.pif:mrghvn
Removed Stream! C:\WINDOWS\_default.pif:nhrfb
Removed Stream! C:\WINDOWS\_default.pif:vwfwbe
Removed Stream! C:\WINDOWS\_default.pif:xtjasi
-------------------------------------------------------------
Removed File! : C:\WINDOWS\apigy.exe
Removed File! : C:\WINDOWS\appie.dll
Removed File! : C:\WINDOWS\appsg.exe
Removed File! : C:\WINDOWS\appxr.exe
Removed File! : C:\WINDOWS\appyf.exe
Removed File! : C:\WINDOWS\d3nv.exe
Removed File! : C:\WINDOWS\d3ws.exe
Removed File! : C:\WINDOWS\itoik.dat
Removed File! : C:\WINDOWS\javadg.dll
Removed File! : C:\WINDOWS\mfcvc.exe
Removed File! : C:\WINDOWS\mswj.exe
Removed File! : C:\WINDOWS\msxb.exe
Removed File! : C:\WINDOWS\msyy.exe
Removed File! : C:\WINDOWS\netdg32.exe
Removed File! : C:\WINDOWS\nethu32.exe
Removed File! : C:\WINDOWS\netjd32.exe
Removed File! : C:\WINDOWS\ntcn.exe
Removed File! : C:\WINDOWS\rnjnm.dat
Removed File! : C:\WINDOWS\sysqy32.exe
Removed File! : C:\WINDOWS\winrb32.exe
Removed File! : C:\WINDOWS\wintj32.exe
Removed File! : C:\WINDOWS\winww32.exe
Removed File! : C:\WINDOWS\xawgk.dat
Removed File! : C:\WINDOWS\ytara.txt
Removed File! : C:\WINDOWS\yyigq.txt
Removed File! : C:\WINDOWS\system32\addhp32.dll.bak
Removed File! : C:\WINDOWS\system32\addnc.dll.bak
Removed File! : C:\WINDOWS\system32\apijf.exe
Removed File! : C:\WINDOWS\system32\apiuo.exe
Removed File! : C:\WINDOWS\system32\apixe.dll
Removed File! : C:\WINDOWS\system32\apiyy.dll.bak
Removed File! : C:\WINDOWS\system32\apptp32.exe
Removed File! : C:\WINDOWS\system32\appvh32.exe
Removed File! : C:\WINDOWS\system32\crst.exe
Removed File! : C:\WINDOWS\system32\cryl.exe
Removed File! : C:\WINDOWS\system32\d3ev.exe
Removed File! : C:\WINDOWS\system32\d3jy.dll
Removed File! : C:\WINDOWS\system32\ieet32.exe
Removed File! : C:\WINDOWS\system32\iehq.exe
Removed File! : C:\WINDOWS\system32\ipqd.dll
Removed File! : C:\WINDOWS\system32\ipzp32.dll
Removed File! : C:\WINDOWS\system32\mfcew32.exe
Removed File! : C:\WINDOWS\system32\mshb.exe
Removed File! : C:\WINDOWS\system32\syson32.exe
Removed File! : C:\WINDOWS\system32\syspy.exe
Removed File! : C:\WINDOWS\system32\syssh32.exe
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
------------------------------------------------------



EWIDO LOG

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:39:44 PM, 4/30/2006
+ Report-Checksum: AD19649C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0DC9678A-0260-8CEB-0563-594D9FB02903} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{251F1678-C6A5-89D9-D60F-44823539572A} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{3EB3C3B8-C6A3-A391-CE99-432056782D22} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{4B49C233-41E6-542A-7DCB-BB3C0869BABE} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{68761E0C-A678-2B1F-4293-E427E94D1A2D} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{6E3BDCC0-A228-DCB8-7E88-ECF18F0D9B1C} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{6F8F6D52-E43E-F6A7-3704-C2291FA9AAF6} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{73374308-91E6-5E66-411F-8EDBA399652C} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{77115206-4277-3228-99E2-2B93995F46A4} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{8EDA2BD3-6A45-E3A2-BF45-6B2B79D7BCFF} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{B85FFBF7-B2D8-D30A-8289-46564A899064} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{E0AB80CE-D9B6-AA3C-04B0-CAB826F2291F} -> Adware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-854245398-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87} -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-854245398-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-854245398-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA1830CA-C235-C43E-1196-378BC88F9E50} -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-854245398-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C72B4089-65FD-6816-11BF-DEB6F68FAA46} -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-854245398-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-854245398-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3DE3C64-DB27-44BB-D909-411EDCA14227} -> Adware.CoolWebSearch : Cleaned without backup
:mozilla.14:C:\Documents and Settings\Fareed Cheema\Application Data\Mozilla\Firefox\Profiles\2xzcg3wd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.20:C:\Documents and Settings\Fareed Cheema\Application Data\Mozilla\Firefox\Profiles\2xzcg3wd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.33:C:\Documents and Settings\Fareed Cheema\Application Data\Mozilla\Firefox\Profiles\2xzcg3wd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned without backup
:mozilla.43:C:\Documents and Settings\Fareed Cheema\Application Data\Mozilla\Firefox\Profiles\2xzcg3wd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
:mozilla.67:C:\Documents and Settings\Fareed Cheema\Application Data\Mozilla\Firefox\Profiles\2xzcg3wd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.68:C:\Documents and Settings\Fareed Cheema\Application Data\Mozilla\Firefox\Profiles\2xzcg3wd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
C:\ntdetect.hta -> Downloader.Inor.cj : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\int_ver34.ocx.tcf -> Dialer.VB.j : Cleaned without backup
C:\WINDOWS\system32\winrun.exe.tcf -> Downloader.Small.bnz : Cleaned without backup


::Report End
[ + quote]

This message has been edited since posting. Last time this message was edited on 1. May 2006 @ 07:04
JaPK
Senior Member
_ 		1. May 2006 @ 10:09 _ Link to this message    Send private message to this user   
Ok, please post a new HijackThis log to here. (the previous one was taken before Ewido scan)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
fred_82k
Newbie
_ 		1. May 2006 @ 10:22 _ Link to this message    Send private message to this user   
heres the HjT log now


Logfile of HijackThis v1.99.1
Scan saved at 2:22:05 PM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AirLink101\WlanUtility\tiwlan.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fareed Cheema\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B91E7DA-0139-CAF2-705A-DC5942CF0C87} - (no file)
O2 - BHO: (no name) - {7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} - (no file)
O2 - BHO: (no name) - {AA1830CA-C235-C43E-1196-378BC88F9E50} - (no file)
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - (no file)
O2 - BHO: (no name) - {CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} - (no file)
O2 - BHO: (no name) - {D3DE3C64-DB27-44BB-D909-411EDCA14227} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
[ + quote]
JaPK
Senior Member
_ 		1. May 2006 @ 10:57 _ Link to this message    Send private message to this user   
Ok, we'll just have to clean it manually then....

Press Start
-> Run
-> Write this to the field: regedit.exe
-> Press OK

At first, you should take a backup of your registry:
-> (In regedit) select My Computer right-click it and press Export
-> Name it to RegBackup and save it to the C:\

Then go: (in regedit)
->HKEY_LOCAL_MACHINE
->Software
->Microsoft
->Windows
->CurrentVersion
->Explorer
->Browser Helper Objects

-> Search the following entries and delete those:
{2B91E7DA-0139-CAF2-705A-DC5942CF0C87}
{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39}
(AA1830CA-C235-C43E-1196-378BC88F9E50}
{C72B4089-65FD-6816-11BF-DEB6F68FAA46}
{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7}
{D3DE3C64-DB27-44BB-D909-411EDCA14227}
-> Close Regedit

Post a new HjT log.

Have you deleted Trendmicro antivirus & firewall ?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
fred_82k
Newbie
_ 		1. May 2006 @ 11:36 _ Link to this message    Send private message to this user   
no i havent deleted trend micro firewall, but ive disabled it...

and i tried to delete thos registry keys but theres an error message
"error while deleting key"

i dunno what to do...
[ + quote]
JaPK
Senior Member
_ 		2. May 2006 @ 09:43 _ Link to this message    Send private message to this user   
Hi fred_82k and sorry for the delay.

Ok we'll have to use a stronger tool....

1. Download Avenger -> http://swandog46.geekstogo.com/avenger.zip and unzip it to desktop
2. Copy all text in quote box below to Notepad (starting from
registry keys to delete:)

Quote:
registry keys to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{AA1830CA-C235-C43E-1196-378BC88F9E50}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C72B4089-65FD-6816-11BF-DEB6F68FAA46}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D3DE3C64-DB27-44BB-D909-411EDCA14227}
Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

3. Now, open The Avenger
->"Below Script file to execute" select "Input Script Manually".
->Now click magnifying glass which opens a new window "View/edit script".
-> Paste the text you earlier copied to Notepad here
-> Click Done.
-> Now click green light in order to start script.
-> Click "Yes" .

4.Avenger will do the following
-> Reboot your computer.
-> While booting, it will open a dos prompt, it's normal
-> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
-> Avenger has created a backup here -> C:\avenger\backup.zip.

5. Copy/paste contents of avenger.txt along with a fresh HjT-log.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
fred_82k
Newbie
_ 		2. May 2006 @ 09:59 _ Link to this message    Send private message to this user   
NO LUCK!!


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ubycuvfp

*******************

Script file located at: \??\C:\Program Files\hansogmg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{AA1830CA-C235-C43E-1196-378BC88F9E50} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{AA1830CA-C235-C43E-1196-378BC88F9E50} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C72B4089-65FD-6816-11BF-DEB6F68FAA46} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C72B4089-65FD-6816-11BF-DEB6F68FAA46} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D3DE3C64-DB27-44BB-D909-411EDCA14227} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D3DE3C64-DB27-44BB-D909-411EDCA14227} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 1:57:30 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AirLink101\WlanUtility\tiwlan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fareed Cheema\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B91E7DA-0139-CAF2-705A-DC5942CF0C87} - (no file)
O2 - BHO: (no name) - {7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} - (no file)
O2 - BHO: (no name) - {AA1830CA-C235-C43E-1196-378BC88F9E50} - (no file)
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - (no file)
O2 - BHO: (no name) - {CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} - (no file)
O2 - BHO: (no name) - {D3DE3C64-DB27-44BB-D909-411EDCA14227} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
[ + quote]
JaPK
Senior Member
_ 		2. May 2006 @ 10:09 _ Link to this message    Send private message to this user   
Ok sorry, my bad :).

Do this (with the right script)

1. Copy all text in quote box below to Notepad (starting from
registry keys to delete:)

Quote:
registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA1830CA-C235-C43E-1196-378BC88F9E50}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C72B4089-65FD-6816-11BF-DEB6F68FAA46}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3DE3C64-DB27-44BB-D909-411EDCA14227}
Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

2. Now, open The Avenger
->"Below Script file to execute" select "Input Script Manually".
->Now click magnifying glass which opens a new window "View/edit script".
-> Paste the text you earlier copied to Notepad here
-> Click Done.
-> Now click green light in order to start script.
-> Click "Yes" .

3.Avenger will do the following
-> Reboot your computer.
-> While booting, it will open a dos prompt, it's normal
-> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
-> Avenger has created a backup here -> C:\avenger\backup.zip.

4. Copy/paste contents of avenger.txt along with a fresh HjT-log.

And enable your trend micro firewall and install an antivirus.

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
fred_82k
Newbie
_ 		2. May 2006 @ 10:25 _ Link to this message    Send private message to this user   
ok so that worked.. BUT my i still cant see my CD drives..
here are the new logs:




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\chgdefyq

*******************

Script file located at: \??\C:\jpbqnhdg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B91E7DA-0139-CAF2-705A-DC5942CF0C87} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FBC95AC-6D1C-802E-7EA2-D15AD4E37E39} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA1830CA-C235-C43E-1196-378BC88F9E50} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C72B4089-65FD-6816-11BF-DEB6F68FAA46} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFF78A19-61ED-E7F1-ECDE-FD6257174BC7} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3DE3C64-DB27-44BB-D909-411EDCA14227} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




Logfile of HijackThis v1.99.1
Scan saved at 2:25:17 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\AirLink101\WlanUtility\tiwlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fareed Cheema\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
[ + quote]

This message has been edited since posting. Last time this message was edited on 2. May 2006 @ 10:26
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		2. May 2006 @ 10:32 _ Link to this message    Send private message to this user   
Ok, you're clean now and we can focus on the cd drive problem :)

But you should enable/install a firewall and install an antivirus...

Did you install/remove any software when the drives disappeared?

Or did you install some new components to your pc?

Or did you change some settings (eg. bios)?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help! my cd-drives have been disabled... hijackthis log included
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork