|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
07-15-2008, 04:14 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2005
Posts: 37
OS: windows xp
|
Bombarded by Popups
Hello guys, my computer is getting bombarded by popups and I'm hoping that, in your infinite techie wisdom, you folks can help. I've removed as much of the malware as I can by myself and I followed the full 5 step process detailed on the main page with one notable exception. When I attempt to use the Panda ActiveScan, the page fails to load and I get the following message:
"An error occurred while processing your request. Reference #97.1d76d140.1216163257.ce80cb4 " I don't know what that means. If it's important, please let me know. Here's the hijackthis log. Thanks in advance! Deckard's System Scanner v20071014.68 Run by AnazuraionSama on 2008-07-15 15:59:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 57: 2008-07-15 22:59:15 UTC - RP57 - Deckard's System Scanner Restore Point 56: 2008-07-15 22:43:15 UTC - RP56 - Software Distribution Service 3.0 55: 2008-07-15 22:41:12 UTC - RP55 - Software Distribution Service 3.0 54: 2008-07-15 20:36:25 UTC - RP54 - Removed Ad-Aware 53: 2008-07-15 17:09:34 UTC - RP53 - Removed Netflix Movie Viewer -- First Restore Point -- 1: 2008-07-15 17:04:05 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-15 16:00:17 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\AnazuraionSama\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll O2 - BHO: (no name) - {77244082-D27E-416C-9661-FAD640973FCE} - C:\WINDOWS\system32\khfDtRKe.dll O2 - BHO: (no name) - {8AE2401F-F0D1-4D0F-AB9E-D25AE4AFF4C2} - C:\Documents and Settings\AnazuraionSama\Local Settings\Temporary Internet Files\Content.IE5\S9E3EXQH\3077ahntdksr[1].dll O2 - BHO: (no name) - {AFF5B470-6B4F-421F-A077-CD5F5F865267} - C:\WINDOWS\system32\rqRLfFyX.dll O2 - BHO: {6f8b9c96-7bc5-ce6a-1a84-929b992120ec} - {ce021299-b929-48a1-a6ec-5cb769c9b8f6} - C:\WINDOWS\system32\qrctso.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...8f/wvc1dmo.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4DA36D1-D065-439B-934C-A730B4BEED9E}: NameServer = 68.87.69.146,68.87.85.98 O20 - Winlogon Notify: khfDtRKe - C:\WINDOWS\system32\khfDtRKe.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 8062 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Audio Controller Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_810F1043&REV_60\3&61AAA01&0&8D Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_810F1043&REV_60\3&61AAA01&0&8D Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-07-09 18:02:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-15 and 2008-07-15 ----------------------------- 2008-07-15 15:51:54 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-15 15:51:34 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2008-07-15 15:51:32 0 d-------- C:\Program Files\SpywareBlaster 2008-07-15 15:41:22 0 d-------- C:\WINDOWS\LastGood 2008-07-15 15:23:05 0 d-------- C:\ie-spyad_zo 2008-07-15 13:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-14 23:18:43 102400 --a------ C:\WINDOWS\system32\qrctso.dll 2008-07-14 23:18:41 102400 --a------ C:\WINDOWS\system32\vksxkyqg.dll 2008-07-13 23:18:58 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-13 23:18:46 0 d-------- C:\Documents and Settings\AnazuraionSama\Application Data\Mozilla 2008-07-13 23:10:32 103424 --a------ C:\WINDOWS\system32\soxwgp.dll 2008-07-13 23:10:30 103424 --a------ C:\WINDOWS\system32\qthowirn.dll 2008-07-13 23:10:22 91648 --a------ C:\WINDOWS\system32\wyeokkkk.dll 2008-07-13 10:55:20 91648 --a------ C:\WINDOWS\system32\uifgcmil.dll 2008-07-13 10:54:21 723017 --ahs---- C:\WINDOWS\system32\XyFfLRqr.ini2 2008-07-13 10:54:15 320000 --a------ C:\WINDOWS\system32\rqRLfFyX.dll 2008-07-13 10:49:11 25088 --a------ C:\WINDOWS\system32\khfDtRKe.dll 2008-07-13 10:49:11 25088 --a------ C:\WINDOWS\system32\fcccbxuT.dll 2008-06-30 12:28:17 26260 --a------ C:\WINDOWS\DIIUnin.dat 2008-06-30 12:28:13 2829 --a------ C:\WINDOWS\DIIUnin.pif 2008-06-30 12:28:12 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller> -- Find3M Report --------------------------------------------------------------- 2008-07-15 16:00:32 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-15 15:36:06 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80651102}.dat 2008-07-15 15:36:06 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80651102}.dat 2008-07-15 13:36:40 0 d-------- C:\Program Files\Common Files 2008-07-15 13:36:35 0 d-------- C:\Program Files\Lavasoft 2008-07-15 13:25:32 0 d-------- C:\Documents and Settings\AnazuraionSama\Application Data\Azureus 2008-07-15 10  22 0 d-------- C:\Program Files\support.com2008-07-13 23:27:43 0 d-------- C:\Documents and Settings\AnazuraionSama\Application Data\Adobe 2008-07-13 21:50:33 0 d-------- C:\Program Files\DivX 2008-07-08 00:51:58 0 d-------- C:\Program Files\Azureus 2008-06-30 12:43:48 21840 --a----ct C:\WINDOWS\system32\SIntfNT.dll 2008-06-30 12:43:48 17212 --a----ct C:\WINDOWS\system32\SIntf32.dll 2008-06-30 12:43:48 12067 --a----ct C:\WINDOWS\system32\SIntf16.dll 2008-06-30 12:37:28 0 d-------- C:\Program Files\Norton 360 2008-06-10 17:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-06-10 17:03:26 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-06-10 17:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-06-10 17:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-10 17:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-10 17:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-29 01:47:21 0 d-------- C:\Documents and Settings\AnazuraionSama\Application Data\AdobeUM 2008-05-28 00:08:40 0 d-------- C:\Program Files\Real 2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-21 14:09:39 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 04/27/2008 01:34 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77244082-D27E-416C-9661-FAD640973FCE}] 07/13/2008 10:49 AM 25088 --a------ C:\WINDOWS\system32\khfDtRKe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE2401F-F0D1-4D0F-AB9E-D25AE4AFF4C2}] 07/15/2008 10:08 AM 91648 --a------ C:\Documents and Settings\AnazuraionSama\Local Settings\Temporary Internet Files\Content.IE5\S9E3EXQH\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFF5B470-6B4F-421F-A077-CD5F5F865267}] 07/13/2008 10:54 AM 320000 --a------ C:\WINDOWS\system32\rqRLfFyX.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce021299-b929-48a1-a6ec-5cb769c9b8f6}] 07/14/2008 11:18 PM 102400 --a------ C:\WINDOWS\system32\qrctso.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WINDVDPatch"="CTHELPER.EXE" [07/02/2002 06:56 PM C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [10/04/2001 01:00 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM] "nwiz"="nwiz.exe" [10/22/2006 01:22 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/24/2008 09:35 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 12:37 PM] "osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 07:50 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2/19/2008 7:41:22 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{77244082-D27E-416C-9661-FAD640973FCE}"= C:\WINDOWS\system32\khfDtRKe.dll [07/13/2008 10:49 AM 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDtRKe] khfDtRKe.dll 07/13/2008 10:49 AM 25088 C:\WINDOWS\system32\khfDtRKe.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRLfFyX [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa313ae1-da5e-11dc-8038-000ea662c9b9}] AutoRun\command- G:\WD_Windows_Tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcef23ad-3e5a-11dc-8014-000ea662c9b9}] AutoRun\command- H:\WDSetup.exe *Newly Created Service* - COMHOST -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8784 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-15 16:02:23 ------------ |
|
     |
|
| Thread Tools | |
|
|
