Yeiks Please read this

lapax33 · 01-02-2008, 08:41 AM

Great idea of the site and am sure ur very popular. i was looking to submit a hijack this log, and gave up
First i had to register (??!!!)
then read instructions to do a post,
search for th thread,
read instructions , on what not post!!!! all in red
go through the 5 glorious simply(??????) laid out instructions on each page.
and finally reached the 5 th page, which was more than ENOUGH for me,
im hassled enough already with the peskey trojan that refuses to go,

thus i simply chucked the idea and instead thought of writing this,

Yr reg page has a field that asks if you were referd to the site by a member , please count me out , really!
its just tooooo long and complicated , i don't suppose i will get a reply to this, but please make the experience a little simpler, IF possible
with that said,
happy nu yr
and all the best

dai · 01-02-2008, 09:33 AM

nearly all sites require registration for posting
there is nothing simple in dealing with hijack logs and cleaning infections
simply follow the 5 steps here
http://www.techsupportforum.com/showthread.php?t=15968

**Done_Fishin** · 01-02-2008, 10:47 AM

After going through whatever hassle you have had to try & remove the trojan & failed .. it should be child's play to register and follow a few simple but laborious instructions in order to get get good professional help FREE OF CHARGE ..

however you are quite right .. it is much easier to PAY someone else to do it for you and even easier to make ctrl - alt - del, boot into a Win Install CD , remove all partitions (Nuke & Boot), create new partitions, re-install windows and hope that your problem has just gone away along with all your hard work.
Have fun. Been there done that ..

lapax33 · 01-02-2008, 02:17 PM

dai and done fishin i thank you for amazingly fast reply.
as for ur thought about ctrl alt del and reloading win , Naaaaah never its the thing i just hate , cos its the easiest to do, My current system (touch wood) has not gone down for a whole 2 years now.
i follow all inst to keep it running at its best with the updates and the rest, its just with this "winnt/temp/startdrv.exe am at loss so i have resorted to someone who can help.
i have as suggested posted the startup.txt and the main.txt file for some one to have a look and help if possible.
regards

below are the txt files
StartupList report, 02/01/2008, 20:09:22
StartupList version: 1.52.2
Started from : D:\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v5.00 SP1 (5.00.2920.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINNT\system32\crypserv.exe
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Huawei\MT882\dslagent.exe
D:\WINNT\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[D:\Documents and Settings\vs-y1\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[D:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup]
Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
DSLAGENTEXE = D:\Program Files\Huawei\MT882\dslagent.exe
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
AVP = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = ctfmon.exe
H/PC Connection Agent = "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
Yahoo! Pager = "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = D:\WINNT\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = D:\WINNT\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "D:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "D:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINNT\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = D:\WINNT\system32\Rundll32.exe D:\WINNT\system32\mscories.dll,Install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from D:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from D:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=D:\WINNT\system32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

D:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
D:\WINNT\Explorer\Explorer.exe: not present
D:\WINNT\System\Explorer.exe: not present
D:\WINNT\System32\Explorer.exe: not present
D:\WINNT\Command\Explorer.exe: not present
D:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in D:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Enterra Download Manager Helper - D:\Program Files\Enterra\Download Manager\edm.dll - {2956DD50-4F3E-4C20-81D1-FF36435FF288}
(no name) - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll - {CC7E636D-39AA-49b6-B511-65413DA137A1}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
Uniblue SpyEraser Nag.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://D:\WINNT\Java\classes\dajava.cab
OSD = D:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://D:\WINNT\Java\classes\xmldso.cab
OSD = D:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Microsoft Office Template and Media Control]
InProcServer32 = D:\PROGRA~1\MICROS~2\OFFICE11\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[PCPitstop Utility]
InProcServer32 = D:\WINNT\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[Citrix ICA Client]
InProcServer32 = D:\Progra~1\Citrix\icaweb32\WFICA.OCX
CODEBASE = http://a516.g.akamai.net/f/516/25175...at-no-eula.cab

[Windows Live Safety Center Base Module]
InProcServer32 = D:\WINNT\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onecare.live.com/res...scbase4009.cab

[WUWebControl Class]
InProcServer32 = D:\WINNT\System32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/wind...?1192043159109

[MUWebControl Class]
InProcServer32 = D:\WINNT\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/micr...?1192600554218

[XML DOM Document 4.0]
InProcServer32 = D:\WINNT\system32\msxml4.dll
CODEBASE = file://D:\TempEI4\EI40_1\msxml4.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab

[mhLabel Class]
InProcServer32 = D:\WINNT\Downloaded Program Files\mhLbl.dll
CODEBASE = http://pcpitstop.com/mhLbl.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.co...365.5068055556

[Java Plug-in 1.6.0_03]
InProcServer32 = D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab

[Shockwave Flash Object]
InProcServer32 = D:\WINNT\System32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: D:\WINNT\System32\rnr20.dll
NameSpace #2: D:\WINNT\System32\winrnr.dll
Protocol #1: D:\WINNT\system32\msafd.dll
Protocol #2: D:\WINNT\system32\msafd.dll
Protocol #3: D:\WINNT\system32\msafd.dll
Protocol #4: D:\WINNT\system32\rsvpsp.dll
Protocol #5: D:\WINNT\system32\rsvpsp.dll
Protocol #6: D:\WINNT\system32\msafd.dll
Protocol #7: D:\WINNT\system32\msafd.dll
Protocol #8: D:\WINNT\system32\msafd.dll
Protocol #9: D:\WINNT\system32\msafd.dll
Protocol #10: D:\WINNT\system32\msafd.dll
Protocol #11: D:\WINNT\system32\msafd.dll
Protocol #12: D:\WINNT\system32\msafd.dll
Protocol #13: D:\WINNT\system32\msafd.dll
Protocol #14: D:\WINNT\system32\msafd.dll
Protocol #15: D:\WINNT\system32\msafd.dll
Protocol #16: D:\WINNT\system32\msafd.dll
Protocol #17: D:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: D:\WINNT\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Kaspersky Anti-Virus 6.0: "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: D:\WINNT\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
.NET Runtime Optimization Service v2.0.50727_X86: D:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Crypkey License: crypserv.exe (autostart)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: D:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IIS Admin Service: D:\WINNT\system32\inetsrv\inetinfo.exe (autostart)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (disabled)
Iomega App Services: "D:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "D:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Kl1: system32\drivers\kl1.sys (system)
Klif: \??\D:\WINNT\system32\drivers\klif.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
Machine Debug Manager: "D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: D:\WINNT\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: D:\WINNT\System32\msdtc.exe (manual start)
FTP Publishing Service: D:\WINNT\system32\inetsrv\inetinfo.exe (autostart)
Windows Installer: D:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NetworkX: \SystemRoot\system32\ckldrv.sys (system)
Network Monitor Driver: System32\DRIVERS\NMnt.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft USB Open Host Controller Driver: System32\DRIVERS\openhci.sys (manual start)
OsaFsLoc: \SystemRoot\system32\drivers\OsaFsLoc.sys (system)
Office Source Engine: "D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
PORTMON: \??\F:\pRogs\SysinternalsS\PORTMSYS.SYS (manual start)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA Modem): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (manual start)
WAN Miniport (PPP over Ethernet Protocol): System32\DRIVERS\RMSPPPOE.SYS (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS NT Driver: System32\DRIVERS\Rtnic.sys (manual start)
Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
runtime: \??\D:\WINNT\System32\drivers\runtime.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Simple Mail Transport Protocol (SMTP): D:\WINNT\system32\inetsrv\inetinfo.exe (autostart)
Sony Memory Stick Driver(SONYPVM1): system32\DRIVERS\SONYPVM1.SYS (system)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
STIrUsb.sys SigmaTel USB-IrDA Adapter: system32\DRIVERS\stirusb.sys (manual start)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
TSP: \??\D:\WINNT\system32\drivers\klif.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start)
usbscan: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Huawei Remote USB Network Device Driver: System32\DRIVERS\usb8023k.sys (manual start)
utblfilt: System32\drivers\utblfilt.sys (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
World Wide Web Publishing Service: D:\WINNT\system32\inetsrv\inetinfo.exe (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Winacpci: System32\DRIVERS\winacpci.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: D:\WINNT\system32\mspmspsv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll
WebCheck: D:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 31,854 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
-------------------------------------------x-----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:46, on 02/01/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINNT\system32\crypserv.exe
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Huawei\MT882\dslagent.exe
D:\WINNT\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\PROGRA~1\MOZILL~2\FIREFOX.EXE
D:\Program Files\Iomega\Iomega HotBurn Pro\Iomega HotBurn Format.exe
E:\Dld v06\HJTInstall.exe
D:\Trend Micro\HijackThis\HijackThis.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\WINNT\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Enterra Download Manager Helper - {2956DD50-4F3E-4C20-81D1-FF36435FF288} - D:\Program Files\Enterra\Download Manager\edm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Enterra Download Manager - {B5147546-9359-4D9B-8B36-F54C54555799} - D:\Program Files\Enterra\Download Manager\edm.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [startdrv] D:\WINNT\Temp\startdrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Enterra Download Manager - res://D:\Program Files\Enterra\Download Manager\edm.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enterra Download Manager - {1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://D:\Program Files\Enterra\Download Manager\edm.dll/3002 (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O15 - Trusted Zone: http://www.visualstimuli.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192043159109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192600554218
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\TempEI4\EI40_1\msxml4.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A611D24D-DA7A-4266-A527-6212ED07F37C}: NameServer = 218.248.240.79 218.248.240.135
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BBSHGP - Kaspersky Lab - (no file)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7469 bytes

**Done_Fishin** · 01-02-2008, 02:38 PM

Well Thanks for that wonderful list that you have supplied .. but you're talking to the wrong people in the wrong area, this is Comments & Announcements.. you need our security team and you need to do as dai says .. follow the 5 steps .. but you knew that didn't you!

Likewise by trying to circumvent our rules like this doesn't help .. neither will us moving this thread to the hijackthis area.. since it's quite normal for our overloaded staff to pick up the threads on a "by date" basis when NO REPLIES have been made already .. otherwise they would spend more time asking everyone if anyone was dealing with a new thread than actually working.

Please follow the advice you have been given, create a new thread in the hijackthis area and one of our specialists will take a look at your problem as soon as they are free.

Have a great 2008
Happy New Year from all of us in TSF

D_F

**grumpygit** · 01-02-2008, 03:35 PM

Is this the same problem that you have already posted in the HJT section?

http://www.techsupportforum.com/secu...ll-not-go.html

**Done_Fishin** · 01-02-2008, 04:01 PM

Looks like it, GG .. but it seems that he wants to complain about our rules on how to get help .. strange though how many thousands of people have sought help without complaint - apart from how long it takes to get a response - which is due to the fact that our guys are overworked and it takes a long time to sift through all the info that they are given looking for the needle in the haystack that will ultimately clean up somebody else's infected PC.

**Horse** · 01-02-2008, 10:30 PM

I have deleted all the nonsense from his post and bumped it.

lapax33 · 01-02-2008, 11:41 PM

Apologizes for the post in the wrong area.
Did not mean to offend or peev any body, i am humbled by the fact you all take time from ur busy work to help clean up someone "elses" pc.

As in my first post the very fact of the "details" being confusing,
i have ended up where i have. ill try and see if can do it right this time.

"bump" by horse am unable to understand its context

**forcifer** · 01-03-2008, 10:18 AM

he moved it to the top of the list of threads, i believe

01-02-2008, 08:41 AM	#1 (permalink)
lapax33 Registered User Join Date: Jan 2008 Posts: 5 OS: win2000 sp 4	Yeiks Please read this Great idea of the site and am sure ur very popular. i was looking to submit a hijack this log, and gave up First i had to register (??!!!) then read instructions to do a post, search for th thread, read instructions , on what not post!!!! all in red go through the 5 glorious simply(??????) laid out instructions on each page. and finally reached the 5 th page, which was more than ENOUGH for me, im hassled enough already with the peskey trojan that refuses to go, thus i simply chucked the idea and instead thought of writing this, Yr reg page has a field that asks if you were referd to the site by a member , please count me out , really! its just tooooo long and complicated , i don't suppose i will get a reply to this, but please make the experience a little simpler, IF possible with that said, happy nu yr and all the best

01-02-2008, 09:33 AM	#2 (permalink)
dai Manager, Hardware Forums Join Date: Jul 2004 Location: west australia Posts: 56,630 OS: win 7 32x 64x rtm	Re: Yeiks Please read this nearly all sites require registration for posting there is nothing simple in dealing with hijack logs and cleaning infections simply follow the 5 steps here http://www.techsupportforum.com/showthread.php?t=15968 __________________

01-02-2008, 10:47 AM	#3 (permalink)
Done_Fishin Moderator Hardware Team Join Date: Oct 2006 Location: Brit living in Greece Posts: 7,515 OS: WinME, WinXP Pro SP3, Win7 Beta, Ubuntu 9.04 & Netbook Remix & CD2USB, Mepis 6.5, Fedora 10 My System	Re: Yeiks Please read this After going through whatever hassle you have had to try & remove the trojan & failed .. it should be child's play to register and follow a few simple but laborious instructions in order to get get good professional help FREE OF CHARGE .. however you are quite right .. it is much easier to PAY someone else to do it for you and even easier to make ctrl - alt - del, boot into a Win Install CD , remove all partitions (Nuke & Boot), create new partitions, re-install windows and hope that your problem has just gone away along with all your hard work. Have fun. Been there done that .. __________________ . . I'm not old!! I'm age impaired .. D_F I DON'T PLAY GAMES How to mark your thread as solved HDD DIAG UTILS TSF's Photographer's Corner

01-02-2008, 02:17 PM	#4 (permalink)
lapax33 Registered User Join Date: Jan 2008 Posts: 5 OS: win2000 sp 4	Re: Yeiks Please read this dai and done fishin i thank you for amazingly fast reply. as for ur thought about ctrl alt del and reloading win , Naaaaah never its the thing i just hate , cos its the easiest to do, My current system (touch wood) has not gone down for a whole 2 years now. i follow all inst to keep it running at its best with the updates and the rest, its just with this "winnt/temp/startdrv.exe am at loss so i have resorted to someone who can help. i have as suggested posted the startup.txt and the main.txt file for some one to have a look and help if possible. regards below are the txt files StartupList report, 02/01/2008, 20:09:22 StartupList version: 1.52.2 Started from : D:\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v5.00 SP1 (5.00.2920.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\System32\Ati2evxx.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINNT\system32\crypserv.exe D:\WINNT\System32\svchost.exe D:\PROGRA~1\Iomega\System32\AppServices.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINNT\system32\MSTask.exe D:\WINNT\system32\stisvc.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\mspmspsv.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\inetsrv\inetinfo.exe D:\WINNT\system32\Ati2evxx.exe D:\WINNT\Explorer.EXE D:\Program Files\Huawei\MT882\dslagent.exe D:\WINNT\RTHDCPL.EXE D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINNT\system32\ctfmon.exe D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE D:\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [D:\Documents and Settings\vs-y1\Start Menu\Programs\Startup] No files Shell folders AltStartup: Folder not found User shell folders Startup: Folder not found User shell folders AltStartup: Folder not found Shell folders Common Startup: [D:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup] Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: Folder not found User shell folders Common Startup: Folder not found User shell folders Alternate Common Startup: Folder not found -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = D:\WINNT\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] Registry key not found [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] Registry value not found [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon DSLAGENTEXE = D:\Program Files\Huawei\MT882\dslagent.exe RTHDCPL = RTHDCPL.EXE Alcmtr = ALCMTR.EXE AVP = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce No values found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx No values found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = ctfmon.exe H/PC Connection Agent = "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" Yahoo! Pager = "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce No values found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] No values found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = D:\WINNT\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = D:\WINNT\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = "D:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = "D:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{6A5110B5-E14B-4268-A065-EF89FF33C325}] * StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINNT\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = D:\WINNT\system32\Rundll32.exe D:\WINNT\system32\mscories.dll,Install [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps Registry key not found -------------------------------------------------- Load/Run keys from D:\WINNT\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from D:\WINNT\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=D:\WINNT\system32\sstext3d.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Checking for EXPLORER.EXE instances: D:\WINNT\Explorer.exe: PRESENT! C:\Explorer.exe: not present D:\WINNT\Explorer\Explorer.exe: not present D:\WINNT\System\Explorer.exe: not present D:\WINNT\System32\Explorer.exe: not present D:\WINNT\Command\Explorer.exe: not present D:\WINNT\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in D:\WINNT - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Enterra Download Manager Helper - D:\Program Files\Enterra\Download Manager\edm.dll - {2956DD50-4F3E-4C20-81D1-FF36435FF288} (no name) - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll - {CC7E636D-39AA-49b6-B511-65413DA137A1} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job Uniblue SpeedUpMyPC Nag.job Uniblue SpeedUpMyPC.job Uniblue SpyEraser Nag.job Uniblue SpyEraser.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://D:\WINNT\Java\classes\dajava.cab OSD = D:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://D:\WINNT\Java\classes\xmldso.cab OSD = D:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd [Microsoft Office Template and Media Control] InProcServer32 = D:\PROGRA~1\MICROS~2\OFFICE11\IEAWSDC.DLL CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab [PCPitstop Utility] InProcServer32 = D:\WINNT\Downloaded Program Files\PCPitstop.dll CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB [Citrix ICA Client] InProcServer32 = D:\Progra~1\Citrix\icaweb32\WFICA.OCX CODEBASE = http://a516.g.akamai.net/f/516/25175...at-no-eula.cab [Windows Live Safety Center Base Module] InProcServer32 = D:\WINNT\Downloaded Program Files\wlscBase.dll CODEBASE = http://cdn.scan.onecare.live.com/res...scbase4009.cab [WUWebControl Class] InProcServer32 = D:\WINNT\System32\wuweb.dll CODEBASE = http://www.update.microsoft.com/wind...?1192043159109 [MUWebControl Class] InProcServer32 = D:\WINNT\system32\muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1192600554218 [XML DOM Document 4.0] InProcServer32 = D:\WINNT\system32\msxml4.dll CODEBASE = file://D:\TempEI4\EI40_1\msxml4.cab [Java Plug-in 1.6.0_03] InProcServer32 = D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [mhLabel Class] InProcServer32 = D:\WINNT\Downloaded Program Files\mhLbl.dll CODEBASE = http://pcpitstop.com/mhLbl.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.co...365.5068055556 [Java Plug-in 1.6.0_03] InProcServer32 = D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = D:\WINNT\System32\Macromed\Flash\Flash9d.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: D:\WINNT\System32\rnr20.dll NameSpace #2: D:\WINNT\System32\winrnr.dll Protocol #1: D:\WINNT\system32\msafd.dll Protocol #2: D:\WINNT\system32\msafd.dll Protocol #3: D:\WINNT\system32\msafd.dll Protocol #4: D:\WINNT\system32\rsvpsp.dll Protocol #5: D:\WINNT\system32\rsvpsp.dll Protocol #6: D:\WINNT\system32\msafd.dll Protocol #7: D:\WINNT\system32\msafd.dll Protocol #8: D:\WINNT\system32\msafd.dll Protocol #9: D:\WINNT\system32\msafd.dll Protocol #10: D:\WINNT\system32\msafd.dll Protocol #11: D:\WINNT\system32\msafd.dll Protocol #12: D:\WINNT\system32\msafd.dll Protocol #13: D:\WINNT\system32\msafd.dll Protocol #14: D:\WINNT\system32\msafd.dll Protocol #15: D:\WINNT\system32\msafd.dll Protocol #16: D:\WINNT\system32\msafd.dll Protocol #17: D:\WINNT\system32\msafd.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart) Alerter: %SystemRoot%\System32\services.exe (manual start) Application Management: %SystemRoot%\system32\services.exe (manual start) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ATI Smart: D:\WINNT\system32\ati2sgag.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) Kaspersky Anti-Virus 6.0: "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (autostart) Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start) Computer Browser: %SystemRoot%\System32\services.exe (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) CD-ROM Driver: System32\DRIVERS\cdrom.sys (system) Indexing Service: D:\WINNT\System32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start) .NET Runtime Optimization Service v2.0.50727_X86: D:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) Crypkey License: crypserv.exe (autostart) DHCP Client: %SystemRoot%\System32\services.exe (autostart) Disk Driver: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Logical Disk Manager Driver: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart) Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\services.exe (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: D:\WINNT\System32\svchost.exe -k netsvcs (manual start) Fax Service: %systemroot%\system32\faxsvc.exe (manual start) Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start) Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start) Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start) Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart) i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system) IIS Admin Service: D:\WINNT\system32\inetsrv\inetinfo.exe (autostart) Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start) Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system) Iomega Activity Disk2: "" (disabled) Iomega App Services: "D:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) iPod Service: "D:\Program Files\iPod\bin\iPodService.exe" (manual start) IPSEC driver: System32\DRIVERS\ipsec.sys (manual start) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system) Kl1: system32\drivers\kl1.sys (system) Klif: \??\D:\WINNT\system32\drivers\klif.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\services.exe (autostart) Workstation: %SystemRoot%\System32\services.exe (autostart) TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart) Machine Debug Manager: "D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) Messenger: %SystemRoot%\System32\services.exe (disabled) NetMeeting Remote Desktop Sharing: D:\WINNT\System32\mnmsrvc.exe (manual start) Mouse Class Driver: System32\DRIVERS\mouclass.sys (system) Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start) BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: D:\WINNT\System32\msdtc.exe (manual start) FTP Publishing Service: D:\WINNT\system32\inetsrv\inetinfo.exe (autostart) Windows Installer: D:\WINNT\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: System32\DRIVERS\netbios.sys (system) NetBios over Tcpip: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (manual start) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start) NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NetworkX: \SystemRoot\system32\ckldrv.sys (system) Network Monitor Driver: System32\DRIVERS\NMnt.sys (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) Microsoft USB Open Host Controller Driver: System32\DRIVERS\openhci.sys (manual start) OsaFsLoc: \SystemRoot\system32\drivers\OsaFsLoc.sys (system) Office Source Engine: "D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Parallel class driver: System32\DRIVERS\parallel.sys (manual start) Parallel port driver: System32\DRIVERS\parport.sys (system) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart) PORTMON: \??\F:\pRogs\SysinternalsS\PORTMSYS.SYS (manual start) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Protected Storage: %SystemRoot%\system32\services.exe (autostart) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (IrDA Modem): System32\DRIVERS\rasirda.sys (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Registry Service: %SystemRoot%\system32\regsvc.exe (manual start) WAN Miniport (PPP over Ethernet Protocol): System32\DRIVERS\RMSPPPOE.SYS (manual start) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start) Realtek 10/100/1000 NIC Family all in one NDIS NT Driver: System32\DRIVERS\Rtnic.sys (manual start) Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start) runtime: \??\D:\WINNT\System32\drivers\runtime.sys (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart) RunAs Service: %SystemRoot%\system32\services.exe (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Serial port driver: System32\DRIVERS\serial.sys (system) Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Simple Mail Transport Protocol (SMTP): D:\WINNT\system32\inetsrv\inetinfo.exe (autostart) Sony Memory Stick Driver(SONYPVM1): system32\DRIVERS\SONYPVM1.SYS (system) Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Srv: System32\DRIVERS\srv.sys (manual start) STIrUsb.sys SigmaTel USB-IrDA Adapter: system32\DRIVERS\stirusb.sys (manual start) Still Image Service: %systemroot%\system32\stisvc.exe (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Software Bus Driver: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system) Telnet: %SystemRoot%\system32\tlntsvr.exe (disabled) Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart) TSP: \??\D:\WINNT\system32\drivers\klif.sys (manual start) Microcode Update Driver: System32\DRIVERS\update.sys (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start) USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start) usbscan: system32\DRIVERS\usbscan.sys (manual start) USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start) Huawei Remote USB Network Device Driver: System32\DRIVERS\usb8023k.sys (manual start) utblfilt: System32\drivers\utblfilt.sys (manual start) Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Windows Time: %SystemRoot%\System32\services.exe (manual start) World Wide Web Publishing Service: D:\WINNT\system32\inetsrv\inetinfo.exe (autostart) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) Winacpci: System32\DRIVERS\winacpci.sys (manual start) Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart) WMDM PMSP Service: D:\WINNT\system32\mspmspsv.exe (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart) Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: Registry value not found -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll WebCheck: D:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run Registry key not found -------------------------------------------------- End of report, 31,854 bytes Report generated in 0.250 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only -------------------------------------------x----------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:46, on 02/01/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000) Boot mode: Normal Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\System32\Ati2evxx.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINNT\system32\crypserv.exe D:\WINNT\System32\svchost.exe D:\PROGRA~1\Iomega\System32\AppServices.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINNT\system32\MSTask.exe D:\WINNT\system32\stisvc.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\mspmspsv.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\inetsrv\inetinfo.exe D:\WINNT\system32\Ati2evxx.exe D:\WINNT\Explorer.EXE D:\Program Files\Huawei\MT882\dslagent.exe D:\WINNT\RTHDCPL.EXE D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINNT\system32\ctfmon.exe D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE D:\PROGRA~1\MOZILL~2\FIREFOX.EXE D:\Program Files\Iomega\Iomega HotBurn Pro\Iomega HotBurn Format.exe E:\Dld v06\HJTInstall.exe D:\Trend Micro\HijackThis\HijackThis.exe D:\WINNT\system32\NOTEPAD.EXE D:\WINNT\system32\taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Enterra Download Manager Helper - {2956DD50-4F3E-4C20-81D1-FF36435FF288} - D:\Program Files\Enterra\Download Manager\edm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx O3 - Toolbar: Enterra Download Manager - {B5147546-9359-4D9B-8B36-F54C54555799} - D:\Program Files\Enterra\Download Manager\edm.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\Huawei\MT882\dslagent.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [startdrv] D:\WINNT\Temp\startdrv.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download by Enterra Download Manager - res://D:\Program Files\Enterra\Download Manager\edm.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute Lite Edition\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute Lite Edition\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Enterra Download Manager - {1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://D:\Program Files\Enterra\Download Manager\edm.dll/3002 (file missing) O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O15 - Trusted Zone: http://www.visualstimuli.net O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192043159109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192600554218 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\TempEI4\EI40_1\msxml4.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A611D24D-DA7A-4266-A527-6212ED07F37C}: NameServer = 218.248.240.79 218.248.240.135 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: BBSHGP - Kaspersky Lab - (no file) O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe -- End of file - 7469 bytes

01-02-2008, 02:38 PM	#5 (permalink)
Done_Fishin Moderator Hardware Team Join Date: Oct 2006 Location: Brit living in Greece Posts: 7,515 OS: WinME, WinXP Pro SP3, Win7 Beta, Ubuntu 9.04 & Netbook Remix & CD2USB, Mepis 6.5, Fedora 10 My System	Re: Yeiks Please read this Well Thanks for that wonderful list that you have supplied .. but you're talking to the wrong people in the wrong area, this is Comments & Announcements.. you need our security team and you need to do as dai says .. follow the 5 steps .. but you knew that didn't you! Likewise by trying to circumvent our rules like this doesn't help .. neither will us moving this thread to the hijackthis area.. since it's quite normal for our overloaded staff to pick up the threads on a "by date" basis when NO REPLIES have been made already .. otherwise they would spend more time asking everyone if anyone was dealing with a new thread than actually working. Please follow the advice you have been given, create a new thread in the hijackthis area and one of our specialists will take a look at your problem as soon as they are free. Have a great 2008 Happy New Year from all of us in TSF D_F __________________ . . I'm not old!! I'm age impaired .. D_F I DON'T PLAY GAMES How to mark your thread as solved HDD DIAG UTILS TSF's Photographer's Corner

01-02-2008, 03:35 PM	#6 (permalink)
grumpygit T-Shirt Winner Join Date: Oct 2006 Location: hertford, england Posts: 4,746 OS: win xp pro sp3 My System Blog Entries: 2	Re: Yeiks Please read this Is this the same problem that you have already posted in the HJT section? http://www.techsupportforum.com/secu...ll-not-go.html __________________ Grumpygit

01-02-2008, 04:01 PM	#7 (permalink)
Done_Fishin Moderator Hardware Team Join Date: Oct 2006 Location: Brit living in Greece Posts: 7,515 OS: WinME, WinXP Pro SP3, Win7 Beta, Ubuntu 9.04 & Netbook Remix & CD2USB, Mepis 6.5, Fedora 10 My System	Re: Yeiks Please read this Looks like it, GG .. but it seems that he wants to complain about our rules on how to get help .. strange though how many thousands of people have sought help without complaint - apart from how long it takes to get a response - which is due to the fact that our guys are overworked and it takes a long time to sift through all the info that they are given looking for the needle in the haystack that will ultimately clean up somebody else's infected PC. __________________ . . I'm not old!! I'm age impaired .. D_F I DON'T PLAY GAMES How to mark your thread as solved HDD DIAG UTILS TSF's Photographer's Corner

01-02-2008, 10:30 PM	#8 (permalink)
Horse General Manager (Administrator) Join Date: Oct 2003 Location: Durban South Africa Posts: 4,297 OS: WIN XP PRO My System Blog Entries: 1	Re: Yeiks Please read this I have deleted all the nonsense from his post and bumped it. __________________ Know where you're going in life. You may already be there

01-02-2008, 11:41 PM	#9 (permalink)
lapax33 Registered User Join Date: Jan 2008 Posts: 5 OS: win2000 sp 4	Re: Yeiks Please read this Apologizes for the post in the wrong area. Did not mean to offend or peev any body, i am humbled by the fact you all take time from ur busy work to help clean up someone "elses" pc. As in my first post the very fact of the "details" being confusing, i have ended up where i have. ill try and see if can do it right this time. "bump" by horse am unable to understand its context

01-03-2008, 10:18 AM	#10 (permalink)
forcifer ole' Join Date: Nov 2005 Location: Kansas City kansas Posts: 3,628 OS: Vista Premium 32 My System Blog Entries: 1	Re: Yeiks Please read this he moved it to the top of the list of threads, i believe