|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
04-30-2007, 07:16 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 170
OS: WINXP HE
 |
Unknown problem! please help!
hi everyone
I am having some sort of weird problems, and im not sure if it's some kind of spyware or similar, but anyway, everytime i startup my pc i get win32 error message with 2 options( send error or dont send), then i click on send error, and after that ( not directly) my desktop bar and other windows pages change to classic style, and sometimes classic combined with winxp style.  then i go to appearance and i change it back to winxp style, and goes back to normal. and theres something else, everytime i go to activate my windows fire wall i get the following nessage"windows firewall cant be displayed. Do you want to start the ICS Service?" then i choose yes and then i get the following message" windows cannot start ICS Service" so briefly i cant access my windows fire wall. I really dont know whats going on  , and i really would like to see the solution of this. and thanx for any help.
__________________
1010011 1101101 1101001 1101100 1100101 |
|
     |
|
04-30-2007, 03:20 PM
|
#2 (permalink) |
|
Manager, Microsoft Support
Join Date: Jan 2005
Location: Pennsylvania
Posts: 12,523
OS: 98SE/WinXP Home/WinXP Pro
Blog Entries: 1
|
Re: Unknown problem! please help!
Look over the First Steps at Removing Malware
__________________
 .jpg) Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM 
|
|
|
|
|
05-01-2007, 12:01 AM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 170
OS: WINXP HE
|
Re: Unknown problem! please help!
 im really tired of scanning my computer, i have done the five steps 2 weeks ago because i was trying to solve it my self, and also i have done other online scanning + cleaned up manythings in computer and the results were excellent for one week and now it seems the problem missed me and joined me again, and the stupid thing is i havnt saved any scanning log :-(.actually im not gonnna go thru all of these again especially the scan process takes too much time on my computer, so just what do you recommend me to do including doing the the five steps? I guess my anti virus program gave me a message that " nkit.dll" is infected.
__________________
1010011 1101101 1101001 1101100 1100101 |
|
|
|
|
05-01-2007, 04:09 AM
|
#4 (permalink) | |
|
Manager, Microsoft Support
Join Date: Jan 2005
Location: Pennsylvania
Posts: 12,523
OS: 98SE/WinXP Home/WinXP Pro
Blog Entries: 1
|
Re: Unknown problem! please help!
Quote:
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM
|
|
|
|
|
|
05-02-2007, 04:32 AM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 170
OS: WINXP HE
|
Re: Unknown problem! please help!
hi again
I've done the 5 steps. looks like im infected with "nkit.dll" but none of the antivirus softwares fixed it.
__________________
1010011 1101101 1101001 1101100 1100101 |
|
|
|
|
05-02-2007, 04:36 AM
|
#6 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 170
OS: WINXP HE
|
Re: Unknown problem! please help!
i have done an extra online scan as you see and called emsi scan.
and here's the deckard's one: and thanx for any help :-) Deckard's System Scanner v20070426.43 Run by Sleiman Hassan on 2007-05-02 at 20:35:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-05-02 20:35:03 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.0.5730.11) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\alg.exe C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sleiman Hassan\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &D&ownload &with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: iPod Service - Apple Inc. - "C:\Program Files\iPod\bin\iPodService.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe" O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RoxMediaDB - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe -- Files created between 2007-04-02 and 2007-05-02 ----------------------------- 2017-03-25 13:48:03 0 d-------- C:\Program Files\Common Files\HP 2007-05-02 16:59:48 0 d-------- C:\ie-spyad_zo 2007-05-02 16:56:59 0 d-------- C:\Program Files\SpywareBlaster 2007-05-02 15:35:02 47 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys 2007-05-02 15:35:01 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware> 2007-05-02 15:29:58 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-02 15:29:51 0 d-------- C:\WINDOWS\LastGood 2007-05-02 14:57:36 0 d-------- C:\Program Files\Lavasoft 2007-05-01 16:15:47 0 d-------- C:\Program Files\Trojancheck 6 2007-04-28 16:01:11 0 d-------- C:\WINDOWS\McAfee.com 2007-04-26 18:11:22 0 d-------- C:\Program Files\XoftSpySE 2007-04-25 08:04:37 7551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys 2007-04-25 06:21:01 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\My Games 2007-04-23 10:12:19 208229 --a------ C:\WINDOWS\rootkit.dll 2007-04-23 10  36 208229 --a------ C:\WINDOWS\shdef.exe2007-04-23 10 21 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys2007-04-23 02:08:45 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application> 2007-04-23 02:08:44 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application> 2007-04-23 02:08:44 28672 --a------ C:\WINDOWS\CMIRmDriver.dll 2007-04-23 02:08:44 0 d-------- C:\Program Files\C-Media 3D Audio 2007-04-23 02:05:37 0 d-------- C:\Program Files\Intel 2007-04-23 02:03:22 0 d-------- C:\WINDOWS\system32\Tools 2007-04-22 21:26:28 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\AVS Video Converter 2007-04-22 21:18:38 0 d-------- C:\Program Files\MagicDVDRipper 2007-04-22 21:10:10 0 d-------- C:\Documents and Settings\All Users\Pegasys Inc 2007-04-22 21:08:55 0 d-------- C:\Documents and Settings\All Users\TMPGEncDVDAuthor3 2007-04-22 21:07:41 53248 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9> 2007-04-22 21:07:41 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD> 2007-04-22 21:07:41 118784 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9> 2007-04-22 21:03:31 0 d-------- C:\Program Files\Pegasys Inc 2007-04-22 20:59:56 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Pegasys Inc 2007-04-22 20:30:15 0 d-------- C:\Program Files\AC3Filter 2007-04-22 20:28:41 129024 --a------ C:\WINDOWS\UNWISE.EXE 2007-04-22 20:28:41 0 d-------- C:\audio 2007-04-22 17:21:02 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DivX 2007-04-22 17:13:26 0 d-------- C:\Program Files\DivX 2007-04-22 17:07:44 0 d-------- C:\Program Files\Xvid 2007-04-22 16:50:38 0 d-------- C:\Program Files\Easy Video Splitter 2007-04-22 03:49:40 0 d-------- C:\Program Files\AVI MPEG Splitter 2007-04-22 03:48:53 0 d-------- C:\Boilsoft ASF Converter 2007-04-20 13:32:42 0 d-------- C:\Program Files\Symbian OS Tools 2007-04-20 13:32:42 0 d-------- C:\Program Files\Common Files\Symbian 2007-04-20 05:31:48 0 d-------- C:\Program Files\vso 2007-04-20 02:59:22 0 d-------- C:\Program Files\Common Files\ATI Technologies 2007-04-20 02:53:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\VersionTracker Pro 2007-04-20 02:46:20 0 d-------- C:\Program Files\AviSynth 2.5 2007-04-19 10:05:58 0 d-------- C:\Program Files\dvdSanta 2007-04-19 06:33:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2007-04-19 06:33:22 0 d-------- C:\Program Files\TechSmith 2007-04-19 06:32:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-19 02:02:31 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Nokia Multimedia Player 2007-04-18 03:21:23 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Image Zone Express 2007-04-15 09:44:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2007-04-15 07:39:45 0 d-------- C:\Program Files\Sonic 2007-04-15 07:39:27 0 d-------- C:\Program Files\Common Files\Sonic Shared 2007-04-15 06:58:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe 2007-04-15 06:58:47 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite 2007-04-15 06:58:41 0 d-------- C:\Documents and Settings\Guest\Application Data\Real 2007-04-15 06:58:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities 2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo 2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Recent 2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood 2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\NetHood 2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\My Documents 2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings 2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\Favorites 2007-04-15 06:58:04 0 d-------- C:\Documents and Settings\Guest\Desktop 2007-04-15 06:58:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies 2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data 2007-04-15 06:58:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft 2007-04-15 06:58:03 0 d--h----- C:\Documents and Settings\Guest\Templates 2007-04-15 06:58:03 0 dr------- C:\Documents and Settings\Guest\Start Menu 2007-04-15 06:58:03 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT 2007-04-14 08:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2007-04-11 10:09:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Google 2007-04-11 10:08:30 0 d-------- C:\Program Files\Google 2007-04-10 09:39:31 0 d-------- C:\Program Files\GameSpy Arcade 2007-04-08 21:54:22 2634 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-08 21:47:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-04-08 20:27:05 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Lavasoft 2007-04-08 17:33:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2007-04-08 17:28:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-04-08 17:28:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-04-08 17:28:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-04-08 17:28:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-04-08 17:28:56 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-04-08 17:28:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2007-04-08 17:00:49 0 d-------- C:\Program Files\Common Files\PC Tools 2007-04-08 17:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2007-04-08 16:37:24 0 d-------- C:\Program Files\Spyware Doctor 2007-04-08 16:37:24 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Tools 2007-04-05 13:59:49 0 d-------- C:\Downloads 2007-04-05 13:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2007-04-05 13:48:51 0 d-------- C:\Program Files\Common Files\PCSuite 2007-04-05 13:48:47 0 d-------- C:\Program Files\Common Files\Nokia 2007-04-05 13:48:20 0 d-------- C:\Program Files\DIFX 2007-04-05 13:48:08 0 d-------- C:\Program Files\PC Connectivity Solution 2007-04-05 13:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations -- Find3M Report --------------------------------------------------------------- 2017-03-25 14:36:54 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Help 2017-03-25 13:25:41 0 d-------- C:\Program Files\HP 2007-05-02 15:51:11 0 d-------- C:\Program Files\iTunes 2007-04-28 17:54:58 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Vso 2007-04-26 20:14:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Ahead 2007-04-23 02:04:55 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-21 11:25:20 0 d-------- C:\Program Files\Java 2007-04-21 04:38:08 0 d-------- C:\Program Files\Nokia 2007-04-20 12:58:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Suite 2007-04-20 08:07:46 781 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\NMM-MetaData.db 2007-04-20 05:27:01 0 d-------- C:\Program Files\CloneDVD 2007-04-19 14:41:51 34 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.log 2007-04-19 14:41:46 47360 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2007-04-19 14:41:46 1144 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.inf 2007-04-19 14:41:46 1074 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.cat 2007-04-15 07:39:47 0 d-------- C:\Program Files\Roxio 2007-04-15 07:39:10 0 d-------- C:\Program Files\Common Files\Roxio Shared 2007-04-12 10:46:03 0 d-------- C:\Program Files\MSN Messenger 2007-04-11 10:08:06 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-08 16:33:13 0 d-------- C:\Program Files\MTV Networks 2007-03-31 20:46:42 26 --a------ C:\WINDOWS\system32\kakle.dll 2007-03-31 20:46:38 196608 --a------ C:\WINDOWS\system32\maag.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL> 2007-03-31 20:46:38 1212416 --a------ C:\WINDOWS\system32\ckll.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL> 2007-03-31 20:46:38 1245184 --a------ C:\WINDOWS\system32\bkll.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL> 2007-03-31 20:46:37 1986560 --a------ C:\WINDOWS\system32\akll.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL> 2007-03-31 20:46:37 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module> 2007-03-31 20:46:37 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module> 2007-03-31 20:46:37 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module> 2007-03-31 20:46:37 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module> 2007-03-31 20:46:25 0 d-------- C:\Program Files\Real_SC 2007-03-30 22:00:26 0 d-------- C:\Program Files\Online Services 2007-03-30 18:26:06 0 d-------- C:\Program Files\Windows Media Connect 2 2007-03-30 17:34:55 0 d-------- C:\Program Files\Ahead 2007-03-25 18:08:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Adobe 2007-03-25 18:07:51 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-24 04:56:44 0 d-------- C:\Program Files\3D Space Tour 2007-03-22 21:45:33 14 --a------ C:\WINDOWS\system32\systeminfo3.dll 2007-03-22 21:45:33 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DVDXStudio 2007-03-19 23:30:13 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Apple Computer 2007-03-19 23:28:53 0 d-------- C:\Program Files\iPod 2007-03-19 23:28:23 0 d-------- C:\Program Files\QuickTime 2007-03-19 23:27:33 0 d-------- C:\Program Files\Apple Software Update 2007-03-19 21:54:42 0 d-------- C:\Program Files\Wtm CD Protect 2007-03-18 23:19:52 0 d-------- C:\Program Files\CRS-MegaDev 2007-03-18 22:05:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Real 2007-03-18 22:01:34 0 d-------- C:\Program Files\Common Files\xing shared 2007-03-18 22:01:32 0 d-------- C:\Program Files\Common Files\Real 2007-03-18 22:01:16 0 d-------- C:\Program Files\Real 2007-03-18 21:42:26 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Dev-Cpp 2007-03-17 16:31:42 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Leadertech 2007-03-16 16:15:58 0 d-------- C:\Program Files\PowerISO 2007-03-16 11:39:29 0 d-------- C:\Program Files\MSXML 4.0 2007-03-15 16:52:03 0 d-------- C:\Program Files\WinAVIVideoConverter 2007-03-14 16:49:44 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Datalayer 2007-03-14 15:42:36 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\HP 2007-03-14 15:41:05 110045 --a------ C:\WINDOWS\hpoins08.dat 2007-03-14 15:29:57 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-03-14 13:02:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Roxio 2007-03-14 01:21:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Sun 2007-03-14 01:19:30 0 d-------- C:\Program Files\Common Files\Java 2007-03-13 16:09:44 0 d-------- C:\Program Files\Winamp 2007-03-13 03:53:43 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-13 03:53:41 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-03-13 03:53:12 62 --ahs---- C:\Documents and Settings\Sleiman Hassan\Application Data\desktop.ini 2007-03-12 23:43:59 0 d-------- C:\Program Files\Microsoft Works 2007-03-12 23:43:49 0 d-------- C:\Program Files\MSBuild 2007-03-12 23:31:16 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-12 23:31:15 0 d-------- C:\Program Files\Nero 2007-03-12 20:26:10 0 d-------- C:\Program Files\ATI Technologies 2007-03-12 20:22:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-12 20:03:49 0 d-------- C:\Program Files\Messenger 2007-03-12 16:58:59 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Macromedia 2007-03-12 16:36:26 0 d-------- C:\Program Files\Trend Micro 2007-03-12 16:27:30 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Identities 2007-03-12 16:08:29 0 d-------- C:\Program Files\microsoft frontpage 2007-03-12 16:07:04 0 d--h----- C:\Program Files\WindowsUpdate 2007-03-12 16 06 0 d-------- C:\Program Files\Common Files\MSSoap2007-03-12 16:05:57 0 d-------- C:\Program Files\Movie Maker 2007-03-12 16:05:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-12 16:04:37 0 d-------- C:\Program Files\MSN Gaming Zone -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [x] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\"" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "RegistryMechanic"="" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" "icq lite"="C:\\WINDOWS\\scvhost.exe" "Update Checker"="C:\\WINDOWS\\scvhost.exe" "AntiVir"="C:\\WINDOWS\\scvhost.exe" @="C:\\WINDOWS\\scvhost.exe" "shdef"="C:\\WINDOWS\\shdef.exe" "Windows Update"="C:\\WINDOWS\\scvhost.exe" "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "msconfig"="C:\\WINDOWS\\scvhost.exe" "icq lite"="C:\\WINDOWS\\scvhost.exe" "Update Checker"="C:\\WINDOWS\\scvhost.exe" "AntiVir"="C:\\WINDOWS\\scvhost.exe" @="C:\\WINDOWS\\scvhost.exe" "Windows Update"="C:\\WINDOWS\\scvhost.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-05-02 at 20:35:38 ---------
__________________
1010011 1101101 1101001 1101100 1100101 Last edited by Ried : 05-02-2007 at 06:41 AM. |
|
|
|
|
05-02-2007, 04:36 AM
|
#7 (permalink) |
|
Manager, Microsoft Support
Join Date: Jan 2005
Location: Pennsylvania
Posts: 12,523
OS: 98SE/WinXP Home/WinXP Pro
Blog Entries: 1
|
Re: Unknown problem! please help!
I am moving this to the Hijackthis Log Help forum, plz be patient at this time. An analyst will be with you with instructions a.s.a.p.
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM
Last edited by Geekgirl : 05-02-2007 at 04:39 AM. |
|
|
|
|
05-02-2007, 06:52 AM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Unknown problem! please help!
Hello 4u111,
Your system is infested with rootkits--please refrain from attempting any futher fixing on your end and follow these instructions. This will take more than 1 round to erradicate, so please be sure to continue to post logs that are requested. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** Do not run it yet. ------------------------------------------------------------------ Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix) -------------------------------------------------------------------- Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Open the extracted SDFix folder and double click RunThis.bat to start the script.
You should now be in Normal Mode... Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: C:\SDFix\Report.txt C:\ComboFix.txt New HijackThis log |
|
|
|
|
05-02-2007, 09:42 AM
|
#9 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 170
OS: WINXP HE
|
Re: Unknown problem! please help!
hi thanx for helping me. here are the results: SDFix: Version 1.81 Run by Sleiman Hassan - Thu 05/03/2007 - 1:19:30.09 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\offlog.txt - Deleted Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\\BitComet\\BitComet.exe"="D:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "D:\\Windows.old\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Windows.old\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service" "D:\\games 1\\civ\\Conquests\\Civ3Conquests.exe"="D:\\games 1\\civ\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests" "D:\\games 1\\counter strike\\SteamApps\\dodger350\\counter-strike\\hl.exe"="D:\\games 1\\counter strike\\SteamApps\\dodger350\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\SDFix\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\Program Files\CRS-MegaDev\MegaTrainer XL\mfc71.dll C:\Program Files\CRS-MegaDev\MegaTrainer XL\mfc71u.dll C:\Program Files\CRS-MegaDev\MegaTrainer XL\msvcr71.dll C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Windows Media Player\mplayer2.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\Tools\All.exe C:\WINDOWS\system32\Tools\Change.exe C:\WINDOWS\system32\Tools\CheckPath.exe C:\WINDOWS\system32\Tools\Counter.exe C:\WINDOWS\system32\Tools\DelFolders.exe C:\WINDOWS\system32\Tools\DirectSetup.exe C:\WINDOWS\system32\Tools\RegClean.exe C:\WINDOWS\system32\Tools\Regexe.exe C:\WINDOWS\system32\Tools\Restart.exe C:\WINDOWS\system32\Tools\RunRegexe.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished "Sleiman Hassan" - 07-05-03 1:28:56 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Sleiman Hassan\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Spyware Doctor\Cracked\_desktop.ini C:\DOCUME~1\SLEIMA~1\Desktop\internet.lnk ((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 )))))))))))))))))))))))))))))))))) 2007-05-03 01:20 380,416 --a------ C:\WINDOWS\system32\rstrui.exe 2007-05-02 17:05 <DIR> d-------- C:\Deckard 2007-05-02 16:59 <DIR> d-------- C:\ie-spyad_zo 2007-05-02 16:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-02 15:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-05-02 14:57 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-01 16:15 <DIR> d-------- C:\Program Files\Trojancheck 6 2007-04-28 16:01 <DIR> d-------- C:\WINDOWS\McAfee.com 2007-04-26 18:11 <DIR> d-------- C:\Program Files\XoftSpySE 2007-04-25 08:04 7,551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys 2007-04-25 06:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\My Games 2007-04-23 10:12 208,229 --a------ C:\WINDOWS\rootkit.dll 2007-04-23 10:06 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-04-23 10:06 208,229 --a------ C:\WINDOWS\shdef.exe 2007-04-23 02:08 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll 2007-04-23 02:08 266,240 --a------ C:\WINDOWS\CMIUninstall.exe 2007-04-23 02:08 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe 2007-04-23 02:08 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2007-04-23 02:05 69,504 -ra------ C:\WINDOWS\system32\drivers\Rtlnic51.sys 2007-04-23 02:05 <DIR> d-------- C:\Program Files\Intel 2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\Tools 2007-04-22 21:26 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\AVS Video Converter 2007-04-22 21:18 <DIR> d-------- C:\Program Files\MagicDVDRipper 2007-04-22 21:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pegasys Inc 2007-04-22 21:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\TMPGEncDVDAuthor3 2007-04-22 21:07 53,248 --a------ C:\WINDOWS\system32\GenSvcInst.exe 2007-04-22 21:07 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS 2007-04-22 21:07 118,784 --a------ C:\WINDOWS\system32\bgsvcgen.exe 2007-04-22 21:03 <DIR> d-------- C:\Program Files\Pegasys Inc 2007-04-22 20:59 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Pegasys Inc 2007-04-22 20:30 <DIR> d-------- C:\Program Files\AC3Filter 2007-04-22 20:28 129,024 --a------ C:\WINDOWS\UNWISE.EXE 2007-04-22 20:28 <DIR> d-------- C:\audio 2007-04-22 17:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\DivX 2007-04-22 17:13 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-04-22 17:13 <DIR> d-------- C:\Program Files\DivX 2007-04-22 17:07 <DIR> d-------- C:\Program Files\Xvid 2007-04-22 16:50 <DIR> d-------- C:\Program Files\Easy Video Splitter 2007-04-22 03:49 <DIR> d-------- C:\Program Files\AVI MPEG Splitter 2007-04-22 03:48 <DIR> d-------- C:\Boilsoft ASF Converter 2007-04-21 03:57 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-04-21 03:57 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-04-21 03:57 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2007-04-21 03:57 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-04-21 03:57 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys 2007-04-21 03:57 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2007-04-20 13:32 <DIR> d-------- C:\Program Files\Symbian OS Tools 2007-04-20 13:32 <DIR> d-------- C:\Program Files\Common Files\Symbian 2007-04-20 05:31 <DIR> d-------- C:\Program Files\vso 2007-04-20 02:59 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies 2007-04-20 02:53 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\VersionTracker Pro 2007-04-20 02:46 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-04-19 10:05 <DIR> d-------- C:\Program Files\dvdSanta 2007-04-19 06:33 <DIR> d-------- C:\Program Files\TechSmith 2007-04-19 06:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith 2007-04-19 06:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-19 05:47 258,352 --a------ C:\WINDOWS\system32\Unicows.dll 2007-04-19 02:02 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Nokia Multimedia Player 2007-04-18 03:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Image Zone Express 2007-04-15 09:44 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-04-15 07:39 <DIR> d-------- C:\Program Files\Sonic 2007-04-15 07:39 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2007-04-15 06:58 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT 2007-04-15 06:58 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real 2007-04-15 06:58 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\PC Suite 2007-04-14 08:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia 2007-04-11 10:09 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Google 2007-04-11 10:08 <DIR> d-------- C:\Program Files\Google 2007-04-10 09:39 <DIR> d-------- C:\Program Files\GameSpy Arcade 2007-04-08 21:54 2,634 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-08 21:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-04-08 20:27 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Lavasoft 2007-04-08 17:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools 2007-04-08 17:28 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-08 17:00 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2007-04-08 17:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools 2007-04-08 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-04-08 16:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-08 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-04-08 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-04-08 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-04-08 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-04-08 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-04-08 16:37 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\PC Tools 2007-04-05 13:59 <DIR> d-------- C:\Downloads 2007-04-05 13:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite 2007-04-05 13:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-04-05 13:48 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2007-04-05 13:48 <DIR> d-------- C:\Program Files\DIFX 2007-04-05 13:48 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-04-05 13:48 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-04-05 13:47 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-04-05 13:47 8,320 --a------ C:\WINDOWS\system32\drivers\nm |
