Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Firefox Hijacked
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 09-26-2006, 03:52 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 8
OS: xp


Firefox Hijacked
When I open Firefox it keeps getting hijack by something call winantivirus

Here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 11:44:46, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\DOCUME~1\Dave\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Cheers
Wilidshome
Willidshome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 09-26-2006, 07:16 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home


Before you do anything else, create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


I'd like you to rename HijackThis.exe to bunny.exe.
  • Navigate to C:\hjt\HijackThis.exe (or whereever you have HJT located now)
  • Right click on HijackThis.exe
  • Select 'Rename'
  • Type in bunny.exe
  • Press Enter.

Please post a new HijackThis log with the renamed executable
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-27-2006, 12:42 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 8
OS: xp


Here is a New Log

Logfile of HijackThis v1.99.1
Scan saved at 08:42:08, on 27/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave\My Documents\Installed\ElivisLives\ElvisLives.exe
** ELVISLIVES IS WHAT I RENAMED HIJACK THIS TO **

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {313E76EF-4AC1-4174-9F5A-6210B32AD8DF} - C:\WINDOWS\system32\jkkji.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {85B75BBE-C184-47FA-BE59-E7D85B3E96DF} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9F75427-139B-4A82-B143-62A57ABC897E} - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Cheers
Last edited by Willidshome; 09-27-2006 at 12:45 AM. Reason: Added Extra Information
Willidshome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-27-2006, 02:18 AM   #4 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 8
OS: xp


I have since put Hijackinto a folder on the C Drive as Stated.
Willidshome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-27-2006, 06:32 AM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
  • See this link for a tutorial

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


1. Download this file from one of these locations:

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe


* IMPORTANT !!! Place it on your Desktop.


2. Go to Start -> Run and then paste in this single line command & click OK
"%userprofile%\desktop\combofix.exe" /v jkkji winzwr32


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

3. When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-27-2006, 07:41 AM   #6 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 8
OS: xp


Here is the Combo Log:

Dave - 06-09-27 15:34:38.48 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Dave\desktop"
Command switches used :: /v jkkji winzwr32

((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


2006-09-27 11:03 56 --ahs---- C:\redir.sys
2006-09-26 08:51 970,752 --a------ C:\WINDOWS\system32\VchReg.dll
2006-09-25 16:28 45,525 --a------ C:\WINDOWS\system32\hdgcynuc.dll
2006-09-25 16:28 143,380 --a------ C:\WINDOWS\system32\urutiaxa.exe
2006-09-25 16:05 589,876 ---hs---- C:\WINDOWS\system32\vturq.dll
2006-09-25 15:37 589,876 ---hs---- C:\WINDOWS\system32\ddccc.dll
2006-09-25 15:23 589,876 ---hs---- C:\WINDOWS\system32\ddcyw.dll
2006-09-25 15:15 69 --a------ C:\jswudopx.bat
2006-09-25 15:15 589,876 ---hs---- C:\WINDOWS\system32\jkhhe.dll
2006-09-25 15:15 20,480 --a------ C:\jswudopx.exe
2006-09-25 15:15 0 --a------ C:\oorwopjo.exe
2006-09-25 15:09 0 --a------ C:\dlkvnr.exe
2006-09-25 14:56 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-09-24 16:49 65,536 --------- C:\WINDOWS\system32\adistres.dll
2006-09-24 16:49 20,584 --------- C:\WINDOWS\system32\PdfPorts.dll
2006-09-24 16:49 101,200 --------- C:\WINDOWS\system32\pdfshell.dll
2006-09-24 14:39 210,944 --------- C:\WINDOWS\system32\Msvcrt10.dll
2006-09-23 14:24 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-23 14:23 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-22 13:43 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-22 13:43 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-09-22 13:43 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-19 16:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-19 16:18 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-09-19 16:18 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-09-19 16:18 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-09-19 16:18 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-09-19 16:18 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-09-15 11:23 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2006-09-09 17:46 973,312 --a------ C:\WINDOWS\system32\Redemption.dll
2006-09-09 17:46 962,560 --a------ C:\WINDOWS\system32\MagicCtl.dll
2006-09-09 17:46 90,112 --a------ C:\WINDOWS\system32\gmnamfld.dll
2006-09-09 17:46 81,920 --a------ C:\WINDOWS\system32\ANSSLPLUS.dll
2006-09-09 17:46 73,728 --a------ C:\WINDOWS\system32\GMSigMan.dll
2006-09-09 17:46 65,536 --a------ C:\WINDOWS\system32\GMMesCom.dll
2006-09-09 17:46 512,000 --a------ C:\WINDOWS\system32\gmgrpman.dll
2006-09-09 17:46 487,424 --a------ C:\WINDOWS\system32\infCB.dll
2006-09-09 17:46 45,056 --a------ C:\WINDOWS\system32\GMPaths.dll
2006-09-09 17:46 385,592 --a------ C:\WINDOWS\system32\XceedBkp.dll
2006-09-09 17:46 348,160 --a------ C:\WINDOWS\system32\ANPOP.dll
2006-09-09 17:46 299,008 --a------ C:\WINDOWS\system32\GMAccMan.dll
2006-09-09 17:46 282,624 --a------ C:\WINDOWS\system32\AOSMTPEX.dll
2006-09-09 17:46 282,624 --a------ C:\WINDOWS\system32\AOSMTP.dll
2006-09-09 17:46 258,048 --a------ C:\WINDOWS\system32\GMMailer.dll
2006-09-09 17:46 24,576 --a------ C:\WINDOWS\system32\snEUps.dll
2006-09-09 17:46 167,936 --a------ C:\WINDOWS\system32\infgdbcb.dll
2006-09-09 17:46 159,823 --a------ C:\WINDOWS\system32\emmsg.dll
2006-09-09 17:46 159,744 --a------ C:\WINDOWS\system32\dwStg.dll
2006-09-09 17:46 151,638 --a------ C:\WINDOWS\system32\empop3.dll
2006-09-09 17:46 151,552 --a------ C:\WINDOWS\system32\HexValidEmail.dll
2006-09-09 17:46 122,880 --a------ C:\WINDOWS\system32\snEU.exe
2006-09-09 17:46 102,400 --a------ C:\WINDOWS\system32\HexDns.dll
2006-09-09 17:46 1,011,712 --a------ C:\WINDOWS\system32\chilkatxml.dll
2006-09-09 16:12 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-09-09 16:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-09 16:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-09 16:12 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-09 08:53 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-09-09 08:41 99,576 --a------ C:\WINDOWS\system32\MabryObj.dll
2006-09-09 08:41 57,856 --a------ C:\WINDOWS\system32\azip32.dll
2006-09-09 08:41 32,768 --a------ C:\WINDOWS\system32\Base64.dll
2006-09-09 08:41 279,800 --a------ C:\WINDOWS\system32\FTPx.dll
2006-09-09 08:41 241,664 --a------ C:\WINDOWS\system32\dzgtactx.dll
2006-09-09 02:00 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-09 02:00 0 -rahs---- C:\MSDOS.SYS
2006-09-09 02:00 0 -rahs---- C:\IO.SYS
2006-09-09 02:00 0 --a------ C:\CONFIG.SYS
2006-09-09 02:00 0 --a------ C:\AUTOEXEC.BAT
2006-09-09 01:58 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-09 01:58 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-09 01:58 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-09 01:58 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-09 01:58 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-09 01:58 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-09 01:58 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-09 01:58 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-09 01:58 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-09 01:58 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-09 01:58 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-09 01:58 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-09 01:58 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-09 01:58 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-09 01:58 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-09 01:58 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-09 01:58 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-09 01:58 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-09 01:58 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-09 01:58 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-09 01:58 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-09 01:57 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-09 01:57 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-09 01:57 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-09 01:57 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-09 01:57 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-09 01:57 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-09 01:57 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-09 01:57 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-09 01:57 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-09 01:57 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-09 01:57 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-09 01:57 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-09 01:57 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-09 01:57 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-09 01:57 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-09 01:57 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-09 01:57 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-09 01:57 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-09 01:57 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-09 01:57 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-09 01:57 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-09 01:57 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-09 01:56 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-09 01:56 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-09 01:56 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-09 01:56 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-09 01:56 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-09 01:56 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-09 01:56 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-09 01:56 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-09 01:56 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-09 01:56 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-09 01:56 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-09 01:56 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-09 01:56 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-09 01:56 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-09 01:56 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-09 01:56 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-09 01:56 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-09 01:56 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-09 01:56 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-09 01:56 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-09 01:56 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-09 01:56 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-09 01:56 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-09 01:56 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-09 01:56 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-09 01:56 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-09 01:56 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-09 01:56 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-09 01:56 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-09 01:56 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-09 01:56 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-09 01:56 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-09 01:56 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-09 01:56 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-09 01:56 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-09 01:56 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-09 01:56 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-09 01:56 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-09 01:56 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-09 01:56 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-09 01:56 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-09 01:56 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-09 01:56 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-09 01:56 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-09 01:56 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-09 01:56 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-09 01:56 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-09 01:56 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-09 01:56 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-09 01:56 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-09 01:56 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-09 01:56 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-09 01:56 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-09 01:56 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-09 01:56 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-09 01:56 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-09 01:56 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-09 01:56 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-09 01:56 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-09 01:56 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-09 01:56 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-09 01:56 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-09 01:56 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-09 01:56 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-09 01:56 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-09 01:56 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-09 01:56 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-09 01:56 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-09 01:56 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-09 01:56 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-09 01:56 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-09 01:56 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-09 01:56 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-09 01:56 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-09 01:56 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-09 01:55 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-09 01:55 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-09 01:55 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-09 01:55 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-08 21:24 90,112 --------- C:\WINDOWS\Updreg.EXE
2006-09-08 21:24 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2006-09-08 21:24 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2006-09-08 21:24 53,552 --------- C:\WINDOWS\CTCCW.DLL
2006-09-08 21:24 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2006-09-08 21:24 24,976 --------- C:\WINDOWS\CTRES.DLL
2006-09-08 21:24 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2006-09-08 21:24 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2006-09-08 21:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-08 21:23 20,480 --a------ C:\WINDOWS\INRES.DLL
2006-09-08 21:22 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2006-09-08 21:22 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2006-09-08 21:22 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2006-09-08 21:22 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2006-09-08 21:22 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2006-09-08 21:22 57,344 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2006-09-08 21:22 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2006-09-08 21:22 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2006-09-08 21:22 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2006-09-08 21:22 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2006-09-08 21:22 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2006-09-08 21:22 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2006-09-08 21:22 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
2006-09-08 21:22 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2006-09-08 21:22 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2006-09-08 21:22 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2006-09-08 21:22 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2006-09-08 21:22 176,128 --a------ C:\WINDOWS\READREG.EXE
2006-09-08 21:22 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2006-09-08 21:22 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2006-09-08 21:22 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2006-09-08 21:22 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
2006-09-08 21:22 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2006-09-08 21:22 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL
2006-09-08 21:20 73,728 --------- C:\WINDOWS\system32\CTDrmRes.dll
2006-09-08 21:20 62,976 --------- C:\WINDOWS\system32\CTDetres.dll
2006-09-08 21:20 54,784 --------- C:\WINDOWS\system32\Inetwh32.dll
2006-09-08 21:20 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2006-09-08 21:20 331,776 --a------ C:\WINDOWS\system32\CTMedEng.DLL
2006-09-08 21:20 28,672 --------- C:\WINDOWS\system32\CTIntRes.dll
2006-09-08 21:20 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-09-08 21:20 24,576 --------- C:\WINDOWS\system32\CTMERes.DLL
2006-09-08 21:20 163,840 --a------ C:\WINDOWS\system32\CTDRMUI.dll
2006-09-08 21:20 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2006-09-08 21:19 41,984 --------- C:\WINDOWS\CTRegRun.exe
2006-09-08 21:18 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2006-09-08 21:02 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-08 20:52 983,107 --a------ C:\WINDOWS\system32\lxbxgf.dll
2006-09-08 20:52 94,208 --a------ C:\WINDOWS\system32\lxbxinsr.dll
2006-09-08 20:52 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-09-08 20:52 86,016 --a------ C:\WINDOWS\system32\lxbxcub.dll
2006-09-08 20:52 741,376 --a------ C:\WINDOWS\system32\lxbxhbn3.dll
2006-09-08 20:52 69,632 --a------ C:\WINDOWS\system32\lxbxcu.dll
2006-09-08 20:52 667,648 --a------ C:\WINDOWS\system32\lxbxcomc.dll
2006-09-08 20:52 634,880 --a------ C:\WINDOWS\system32\lxbxpmui.dll
2006-09-08 20:52 512,000 --a------ C:\WINDOWS\system32\lxbxhbn1.dll
2006-09-08 20:52 483,328 --a------ C:\WINDOWS\system32\lxbxlmpm.dll
2006-09-08 20:52 462,848 --a------ C:\WINDOWS\system32\lxbxcoms.exe
2006-09-08 20:52 401,408 --a------ C:\WINDOWS\system32\lxbxcomm.dll
2006-09-08 20:52 40,960 --a------ C:\WINDOWS\system32\lxbxvs.dll
2006-09-08 20:52 372,736 --a------ C:\WINDOWS\system32\lxbxutil.dll
2006-09-08 20:52 372,736 --a------ C:\WINDOWS\system32\lxbxcfg.exe
2006-09-08 20:52 356,352 --a------ C:\WINDOWS\system32\lxbxih.exe
2006-09-08 20:52 32,768 --a------ C:\WINDOWS\system32\lxbxcur.dll
2006-09-08 20:52 172,032 --a------ C:\WINDOWS\system32\lxbxinsb.dll
2006-09-08 20:52 139,264 --a------ C:\WINDOWS\system32\lxbxprox.dll
2006-09-08 20:52 131,072 --a------ C:\WINDOWS\system32\lxbxjswr.dll
2006-09-08 20:52 131,072 --a------ C:\WINDOWS\system32\lxbxins.dll
2006-09-08 20:52 114,688 --a------ C:\WINDOWS\system32\lxbxpplc.dll
2006-09-08 20:52 1,146,880 --a------ C:\WINDOWS\system32\lxbxserv.dll
2006-09-08 20:52 1,089,536 --a------ C:\WINDOWS\system32\lxbxusb1.dll
2006-09-08 20:51 65,536 --a------ C:\WINDOWS\system32\lxbxcfg.dll
2006-09-08 19:29 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-09-08 19:29 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-09-08 19:29 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-09-08 19:29 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-09-08 19:28 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-09-08 19:27 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-09-08 19:27 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-09-08 19:22 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2006-09-08 19:22 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2006-09-08 19:22 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2006-09-08 19:22 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2006-09-08 19:22 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2006-09-08 19:22 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2006-09-08 19:22 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2006-09-08 19:22 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2006-09-08 19:22 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2006-09-08 19:22 56,320 --a------ C:\WINDOWS\system32\convlog.exe
2006-09-08 19:22 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2006-09-08 19:22 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2006-09-08 19:22 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2006-09-08 19:22 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2006-09-08 19:22 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2006-09-08 19:22 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2006-09-08 19:22 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2006-09-08 19:22 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2006-09-08 19:22 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2006-09-08 19:22 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2006-09-08 19:22 14,336 --a------ C:\WINDOWS\system32\iisreset.exe
2006-09-08 19:22 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2006-09-08 19:22 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2006-09-08 19:22 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2006-09-08 19:22 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2006-09-08 19:22 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2006-09-08 19:22 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2006-09-08 19:20 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-08 18:55 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-09-08 18:50 4,529,408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-08 18:49 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-08 18:48 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-08 18:48 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-08 18:48 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-08 18:48 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-08 18:48 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-08 18:48 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-08 18:48 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-08 18:48 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-08 18:48 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-08 18:48 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-08 18:48 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-08 18:30 57,344 --------- C:\WINDOWS\system32\mfc70enu.dll
2006-09-08 18:29 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2006-09-08 18:29 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-09-08 18:29 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-09-08 18:26 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 15:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-27 15:29 -------- d-------- C:\Program Files\HijackThis
2006-09-27 15:23 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-27 15:18 -------- d-------- C:\Program Files\Common Files
2006-09-27 15:09 -------- d-------- C:\Documents and Settings\Dave\Application Data\MailWasherPro
2006-09-27 14:53 -------- d-------- C:\Documents and Settings\Dave\Application Data\Adobe
2006-09-27 11:04 -------- d-------- C:\Documents and Settings\Dave\Application Data\Sonic
2006-09-27 11:03 -------- d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2006-09-27 10:59 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-09-27 10:59 -------- d-------- C:\Program Files\Common Files\Sonic
2006-09-27 10:58 -------- d-------- C:\Program Files\Sonic
2006-09-26 17:19 -------- d-------- C:\Program Files\CleanUp!
2006-09-25 15:03 -------- d-------- C:\Program Files\WinMediaCodec
2006-09-25 14:56 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-25 14:56 -------- d-------- C:\Program Files\Adobe
2006-09-25 14:41 -------- d-------- C:\Program Files\WebPosition 4
2006-09-24 17:04 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-24 16:48 -------- d-------- C:\Documents and Settings\Dave\Application Data\InterTrust
2006-09-24 16:46 -------- d-------- C:\Documents and Settings\Dave\Application Data\Leadertech
2006-09-24 16:45 -------- d-------- C:\Documents and Settings\Dave\Application Data\AdobeUM
2006-09-24 16:45 -------- d-------- C:\Documents and Settings\Dave\Application Data\AdobeAUM
2006-09-24 16:35 -------- d-------- C:\Program Files\Yahoo!
2006-09-24 13:01 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 11:27 1557 --a------ C:\Documents and Settings\Dave\Application Data\AdobeDLM.log
2006-09-24 11:27 0 --a------ C:\Documents and Settings\Dave\Application Data\dm.ini
2006-09-22 12:03 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-22 12:03 -------- d-------- C:\Program Files\DeepSilver
2006-09-20 14:58 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-20 13:31 -------- d-------- C:\Program Files\WinRAR
2006-09-19 16:16 -------- d---s---- C:\Documents and Settings\Dave\Application Data\Microsoft
2006-09-19 16:16 -------- d-------- C:\Program Files\MSN Messenger
2006-09-19 16:16 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-19 13:54 -------- d-------- C:\Documents and Settings\Dave\Application Data\Sun
2006-09-19 13:53 -------- d-------- C:\Program Files\Java
2006-09-19 13:51 -------- d-------- C:\Program Files\Common Files\Java
2006-09-16 13:49 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-09-16 13:49 -------- d-------- C:\Documents and Settings\Dave\Application Data\teamspeak2
2006-09-15 11:23 -------- d-------- C:\Program Files\QuickTime
2006-09-10 14:47 -------- d-------- C:\Documents and Settings\Dave\Application Data\Macromedia
2006-09-09 17:46 673546 --a------ C:\Documents and Settings\Dave\Application Data\unins000.exe
2006-09-09 17:46 18546 --a------ C:\Documents and Settings\Dave\Application Data\unins000.dat
2006-09-09 17:46 -------- d-------- C:\Program Files\GroupMail 5
2006-09-09 16:12 -------- d-------- C:\Program Files\Ipswitch
2006-09-09 16:12 -------- d-------- C:\Documents and Settings\Dave\Application Data\Ipswitch
2006-09-09 16:11 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-09 09:39 -------- d-------- C:\Documents and Settings\Dave\Application Data\McAfee
2006-09-09 02:00 -------- d-------- C:\Program Files\xerox
2006-09-09 02:00 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-09 01:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-09 01:58 -------- d-------- C:\Program Files\NetMeeting
2006-09-09 01:58 -------- d-------- C:\Program Files\Movie Maker
2006-09-09 01:58 -------- d-------- C:\Program Files\Common Files\Services
2006-09-09 01:58 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-09 01:57 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-09 01:56 -------- d-------- C:\Program Files\Windows NT
2006-09-09 01:56 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-09 01:56 -------- d-------- C:\Program Files\MSN
2006-09-08 21:59 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 21:43 -------- d-------- C:\Program Files\Creative
2006-09-08 21:42 -------- d-------- C:\Documents and Settings\Dave\Application Data\Creative
2006-09-08 21:31 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-08 21:16 -------- d-------- C:\Program Files\Common Files\System
2006-09-08 21:09 -------- d-------- C:\Program Files\Messenger
2006-09-08 21:03 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-08 21:02 -------- d-------- C:\Program Files\Outlook Express
2006-09-08 20:58 -------- d-------- C:\Program Files\Lexmark_7100 Series
2006-09-08 20:58 -------- d-------- C:\Program Files\Lexmark 7100 Series
2006-09-08 20:55 -------- d-------- C:\Documents and Settings\Dave\Application Data\McAfee.com Personal Firewall
2006-09-08 20:14 -------- d-------- C:\Program Files\CCP
2006-09-08 19:29 -------- d-------- C:\Program Files\McAfee.com
2006-09-08 19:29 -------- d-------- C:\Program Files\McAfee
2006-09-08 19:22 -------- d-------- C:\Program Files\Online Services
2006-09-08 19:20 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-08 19:20 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-08 19:19 -------- d-------- C:\Program Files\Microsoft Office
2006-09-08 19:19 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-08 19:00 -------- d-------- C:\Program Files\FireTrust
2006-09-08 18:48 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-08 18:48 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-08 18:47 62 --ahs---- C:\Documents and Settings\Dave\Application Data\desktop.ini
2006-09-08 18:30 -------- d-------- C:\Program Files\Macromedia
2006-09-08 18:30 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-08 18:29 -------- d-------- C:\Program Files\Common Files\Macromedia Shared
2006-09-08 18:12 -------- d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2006-09-08 18:06 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-08 18:06 -------- d-------- C:\Documents and Settings\Dave\Application Data\Identities
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"LXBXCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBXtime.dll,_RunDLLEntry@16"
"lxbxmon.exe"="\"C:\\Program Files\\Lexmark 7100 Series\\lxbxmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 7100 Series\\ezprint.exe\""
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 27/09/2006 15:35:27.07
ComboFix.txt
ComboFix2.txt
ComboFix3.txt


HERE IS THE HJT LOG :

Logfile of HijackThis v1.99.1
Scan saved at 15:39:14, on 27/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HijackThis\ElvisLives.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D93E5DB-660E-46D9-8C32-16A54007E21E} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {313E76EF-4AC1-4174-9F5A-6210B32AD8DF} - (no file)
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79EEA737-C949-415D-89A2-29ECF9118851} - (no file)
O2 - BHO: (no name) - {810280A0-A5AA-487F-842F-D3EBDC258236} - (no file)
O2 - BHO: (no name) - {85B75BBE-C184-47FA-BE59-E7D85B3E96DF} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9F75427-139B-4A82-B143-62A57ABC897E} - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {D8784CA3-8CE8-4134-B478-152630B57F82} - (no file)
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


GLAD YOU KNOW WHAT YOU ARE LOOKING FOR BECAUSE IT ALL LOOKS TO COMPLICATED TO ME.

Cheers
Willidshome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-27-2006, 07:56 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home


You appear to have run combofix three times:

Completion time: 27/09/2006 15:35:27.07
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

Please post the other two logs, ComboFix2.txt and ComboFix3.txt at the end of this fix.


Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

    C:\redir.sys

  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.
Then repeat as above for the following files in BOLD:

C:\WINDOWS\system32\VchReg.dll

C:\WINDOWS\unvise32qt.exe


I see you have Ewido already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run Ewido
  • From the main ewido screen, click on update, then click the Start
    update     button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Exit Ewido. DO NOT scan yet.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0D93E5DB-660E-46D9-8C32-16A54007E21E} - (no file)
O2 - BHO: (no name) - {313E76EF-4AC1-4174-9F5A-6210B32AD8DF} - (no file)
O2 - BHO: (no name) - {79EEA737-C949-415D-89A2-29ECF9118851} - (no file)
O2 - BHO: (no name) - {810280A0-A5AA-487F-842F-D3EBDC258236} - (no file)
O2 - BHO: (no name) - {85B75BBE-C184-47FA-BE59-E7D85B3E96DF} - (no file)
O2 - BHO: (no name) - {A9F75427-139B-4A82-B143-62A57ABC897E} - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {D8784CA3-8CE8-4134-B478-152630B57F82} - (no file)


Close HijackThis now.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

WinMediaCodec

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:


C:\WINDOWS\system32\hdgcynuc.dll
C:\WINDOWS\system32\urutiaxa.exe
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyw.dll
C:\jswudopx.bat
C:\WINDOWS\system32\jkhhe.dll
C:\jswudopx.exe
C:\oorwopjo.exe
C:\dlkvnr.exe
C:\Program Files\WinMediaCodec

---------------------------------------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

Click on the "Free To Use ActiveScan" located on the top right hand corner
  1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

ComboFix2.txt and ComboFix3.txt
VirusTotal
Ewido
Panda
HJT
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-28-2006, 03:35 AM   #8 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 8
OS: xp


HERE IS EVERYTHING YOU HAVE ASKED FOR

***********************************************

********** COMBOFIX2.TXT **************

Dave - 06-09-27 15:18:15.76 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Dave\desktop"
Command switches used :: /v jkkji winzwr32

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{18F95861-07D0-2057-0221-03052706002c}


((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


2006-09-27 11:03 56 --ahs---- C:\redir.sys
2006-09-26 08:51 970,752 --a------ C:\WINDOWS\system32\VchReg.dll
2006-09-25 16:28 45,525 --a------ C:\WINDOWS\system32\hdgcynuc.dll
2006-09-25 16:28 143,380 --a------ C:\WINDOWS\system32\urutiaxa.exe
2006-09-25 16:05 589,876 ---hs---- C:\WINDOWS\system32\vturq.dll
2006-09-25 15:37 589,876 ---hs---- C:\WINDOWS\system32\ddccc.dll
2006-09-25 15:23 589,876 ---hs---- C:\WINDOWS\system32\ddcyw.dll
2006-09-25 15:15 69 --a------ C:\jswudopx.bat
2006-09-25 15:15 589,876 ---hs---- C:\WINDOWS\system32\jkhhe.dll
2006-09-25 15:15 20,480 --a------ C:\jswudopx.exe
2006-09-25 15:15 0 --a------ C:\oorwopjo.exe
2006-09-25 15:09 0 --a------ C:\dlkvnr.exe
2006-09-25 14:56 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-09-24 16:49 65,536 --------- C:\WINDOWS\system32\adistres.dll
2006-09-24 16:49 20,584 --------- C:\WINDOWS\system32\PdfPorts.dll
2006-09-24 16:49 101,200 --------- C:\WINDOWS\system32\pdfshell.dll
2006-09-24 14:39 210,944 --------- C:\WINDOWS\system32\Msvcrt10.dll
2006-09-23 14:24 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-23 14:23 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-22 13:43 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-22 13:43 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-09-22 13:43 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-19 16:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-19 16:18 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-09-19 16:18 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-09-19 16:18 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-09-19 16:18 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-09-19 16:18 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-09-15 11:23 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2006-09-09 17:46 973,312 --a------ C:\WINDOWS\system32\Redemption.dll
2006-09-09 17:46 962,560 --a------ C:\WINDOWS\system32\MagicCtl.dll
2006-09-09 17:46 90,112 --a------ C:\WINDOWS\system32\gmnamfld.dll
2006-09-09 17:46 81,920 --a------ C:\WINDOWS\system32\ANSSLPLUS.dll
2006-09-09 17:46 73,728 --a------ C:\WINDOWS\system32\GMSigMan.dll
2006-09-09 17:46 65,536 --a------ C:\WINDOWS\system32\GMMesCom.dll
2006-09-09 17:46 512,000 --a------ C:\WINDOWS\system32\gmgrpman.dll
2006-09-09 17:46 487,424 --a------ C:\WINDOWS\system32\infCB.dll
2006-09-09 17:46 45,056 --a------ C:\WINDOWS\system32\GMPaths.dll
2006-09-09 17:46 385,592 --a------ C:\WINDOWS\system32\XceedBkp.dll
2006-09-09 17:46 348,160 --a------ C:\WINDOWS\system32\ANPOP.dll
2006-09-09 17:46 299,008 --a------ C:\WINDOWS\system32\GMAccMan.dll
2006-09-09 17:46 282,624 --a------ C:\WINDOWS\system32\AOSMTPEX.dll
2006-09-09 17:46 282,624 --a------ C:\WINDOWS\system32\AOSMTP.dll
2006-09-09 17:46 258,048 --a------ C:\WINDOWS\system32\GMMailer.dll
2006-09-09 17:46 24,576 --a------ C:\WINDOWS\system32\snEUps.dll
2006-09-09 17:46 167,936 --a------ C:\WINDOWS\system32\infgdbcb.dll
2006-09-09 17:46 159,823 --a------ C:\WINDOWS\system32\emmsg.dll
2006-09-09 17:46 159,744 --a------ C:\WINDOWS\system32\dwStg.dll
2006-09-09 17:46 151,638 --a------ C:\WINDOWS\system32\empop3.dll
2006-09-09 17:46 151,552 --a------ C:\WINDOWS\system32\HexValidEmail.dll
2006-09-09 17:46 122,880 --a------ C:\WINDOWS\system32\snEU.exe
2006-09-09 17:46 102,400 --a------ C:\WINDOWS\system32\HexDns.dll
2006-09-09 17:46 1,011,712 --a------ C:\WINDOWS\system32\chilkatxml.dll
2006-09-09 16:12 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-09-09 16:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-09 16:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-09 16:12 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-09 08:53 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-09-09 08:41 99,576 --a------ C:\WINDOWS\system32\MabryObj.dll
2006-09-09 08:41 57,856 --a------ C:\WINDOWS\system32\azip32.dll
2006-09-09 08:41 32,768 --a------ C:\WINDOWS\system32\Base64.dll
2006-09-09 08:41 279,800 --a------ C:\WINDOWS\system32\FTPx.dll
2006-09-09 08:41 241,664 --a------ C:\WINDOWS\system32\dzgtactx.dll
2006-09-09 02:00 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-09 02:00 0 -rahs---- C:\MSDOS.SYS
2006-09-09 02:00 0 -rahs---- C:\IO.SYS
2006-09-09 02:00 0 --a------ C:\CONFIG.SYS
2006-09-09 02:00 0 --a------ C:\AUTOEXEC.BAT
2006-09-09 01:58 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-09 01:58 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-09 01:58 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-09 01:58 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-09 01:58 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-09 01:58 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-09 01:58 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-09 01:58 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-09 01:58 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-09 01:58 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-09 01:58 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-09 01:58 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-09 01:58 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-09 01:58 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-09 01:58 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-09 01:58 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-09 01:58 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-09 01:58 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-09 01:58 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-09 01:58 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-09 01:58 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-09 01:57 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-09 01:57 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-09 01:57 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-09 01:57 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-09 01:57 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-09 01:57 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-09 01:57 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-09 01:57 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-09 01:57 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-09 01:57 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-09 01:57 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-09 01:57 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-09 01:57 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-09 01:57 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-09 01:57 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-09 01:57 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-09 01:57 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-09 01:57 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-09 01:57 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-09 01:57 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-09 01:57 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-09 01:57 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-09 01:56 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-09 01:56 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-09 01:56 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-09 01:56 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-09 01:56 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-09 01:56 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-09 01:56 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-09 01:56 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-09 01:56 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-09 01:56 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-09 01:56 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-09 01:56 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-09 01:56 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-09 01:56 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-09 01:56 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-09 01:56 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-09 01:56 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-09 01:56 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-09 01:56 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-09 01:56 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-09 01:56 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-09 01:56 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-09 01:56 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-09 01:56 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-09 01:56 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-09 01:56 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-09 01:56 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-09 01:56 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-09 01:56 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-09 01:56 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-09 01:56 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-09 01:56 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-09 01:56 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-09 01:56 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-09 01:56 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-09 01:56 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-09 01:56 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-09 01:56 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-09 01:56 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-09 01:56 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-09 01:56 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-09 01:56 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-09 01:56 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-09 01:56 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-09 01:56 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-09 01:56 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-09 01:56 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-09 01:56 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-09 01:56 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-09 01:56 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-09 01:56 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-09 01:56 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-09 01:56 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-09 01:56 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-09 01:56 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-09 01:56 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-09 01:56 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-09 01:56 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-09 01:56 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-09 01:56 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-09 01:56 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-09 01:56 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-09 01:56 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-09 01:56 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-09 01:56 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-09 01:56 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-09 01:56 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-09 01:56 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-09 01:56 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-09 01:56 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-09 01:56 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-09 01:56 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-09 01:56 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-09 01:56 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-09 01:56 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-09 01:55 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-09 01:55 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-09 01:55 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-09 01:55 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-08 21:24 90,112 --------- C:\WINDOWS\Updreg.EXE
2006-09-08 21:24 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2006-09-08 21:24 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2006-09-08 21:24 53,552 --------- C:\WINDOWS\CTCCW.DLL
2006-09-08 21:24 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2006-09-08 21:24 24,976 --------- C:\WINDOWS\CTRES.DLL
2006-09-08 21:24 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2006-09-08 21:24 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2006-09-08 21:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-08 21:23 20,480 --a------ C:\WINDOWS\INRES.DLL
2006-09-08 21:22 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2006-09-08 21:22 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2006-09-08 21:22 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2006-09-08 21:22 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2006-09-08 21:22 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2006-09-08 21:22 57,344 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2006-09-08 21:22 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2006-09-08 21:22 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2006-09-08 21:22 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2006-09-08 21:22 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2006-09-08 21:22 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2006-09-08 21:22 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2006-09-08 21:22 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
2006-09-08 21:22 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2006-09-08 21:22 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2006-09-08 21:22 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2006-09-08 21:22 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2006-09-08 21:22 176,128 --a------ C:\WINDOWS\READREG.EXE
2006-09-08 21:22 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2006-09-08 21:22 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2006-09-08 21:22 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2006-09-08 21:22 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
2006-09-08 21:22 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2006-09-08 21:22 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL
2006-09-08 21:20 73,728 --------- C:\WINDOWS\system32\CTDrmRes.dll
2006-09-08 21:20 62,976 --------- C:\WINDOWS\system32\CTDetres.dll
2006-09-08 21:20 54,784 --------- C:\WINDOWS\system32\Inetwh32.dll
2006-09-08 21:20 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2006-09-08 21:20 331,776 --a------ C:\WINDOWS\system32\CTMedEng.DLL
2006-09-08 21:20 28,672 --------- C:\WINDOWS\system32\CTIntRes.dll
2006-09-08 21:20 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-09-08 21:20 24,576 --------- C:\WINDOWS\system32\CTMERes.DLL
2006-09-08 21:20 163,840 --a------ C:\WINDOWS\system32\CTDRMUI.dll
2006-09-08 21:20 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2006-09-08 21:19 41,984 --------- C:\WINDOWS\CTRegRun.exe
2006-09-08 21:18 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2006-09-08 21:02 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-08 20:52 983,107 --a------ C:\WINDOWS\system32\lxbxgf.dll
2006-09-08 20:52 94,208 --a------ C:\WINDOWS\system32\lxbxinsr.dll
2006-09-08 20:52 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-09-08 20:52 86,016 --a------ C:\WINDOWS\system32\lxbxcub.dll
2006-09-08 20:52 741,376 --a------ C:\WINDOWS\system32\lxbxhbn3.dll
2006-09-08 20:52 69,632 --a------ C:\WINDOWS\system32\lxbxcu.dll
2006-09-08 20:52 667,648 --a------ C:\WINDOWS\system32\lxbxcomc.dll
2006-09-08 20:52 634,880 --a------ C:\WINDOWS\system32\lxbxpmui.dll
2006-09-08 20:52 512,000 --a------ C:\WINDOWS\system32\lxbxhbn1.dll
2006-09-08 20:52 483,328 --a------ C:\WINDOWS\system32\lxbxlmpm.dll
2006-09-08 20:52 462,848 --a------ C:\WINDOWS\system32\lxbxcoms.exe
2006-09-08 20:52 401,408 --a------ C:\WINDOWS\system32\lxbxcomm.dll
2006-09-08 20:52 40,960 --a------ C:\WINDOWS\system32\lxbxvs.dll
2006-09-08 20:52 372,736 --a------ C:\WINDOWS\system32\lxbxutil.dll
2006-09-08 20:52 372,736 --a------ C:\WINDOWS\system32\lxbxcfg.exe
2006-09-08 20:52 356,352 --a------ C:\WINDOWS\system32\lxbxih.exe
2006-09-08 20:52 32,768 --a------ C:\WINDOWS\system32\lxbxcur.dll
2006-09-08 20:52 172,032 --a------ C:\WINDOWS\system32\lxbxinsb.dll
2006-09-08 20:52 139,264 --a------ C:\WINDOWS\system32\lxbxprox.dll
2006-09-08 20:52 131,072 --a------ C:\WINDOWS\system32\lxbxjswr.dll
2006-09-08 20:52 131,072 --a------ C:\WINDOWS\system32\lxbxins.dll
2006-09-08 20:52 114,688 --a------ C:\WINDOWS\system32\lxbxpplc.dll
2006-09-08 20:52 1,146,880 --a------ C:\WINDOWS\system32\lxbxserv.dll
2006-09-08 20:52 1,089,536 --a------ C:\WINDOWS\system32\lxbxusb1.dll
2006-09-08 20:51 65,536 --a------ C:\WINDOWS\system32\lxbxcfg.dll
2006-09-08 19:29 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-09-08 19:29 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-09-08 19:29 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-09-08 19:29 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-09-08 19:28 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-09-08 19:27 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-09-08 19:27 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-09-08 19:22 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2006-09-08 19:22 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2006-09-08 19:22 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2006-09-08 19:22 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2006-09-08 19:22 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2006-09-08 19:22 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2006-09-08 19:22 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2006-09-08 19:22 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2006-09-08 19:22 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2006-09-08 19:22 56,320 --a------ C:\WINDOWS\system32\convlog.exe
2006-09-08 19:22 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2006-09-08 19:22 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2006-09-08 19:22 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2006-09-08 19:22 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2006-09-08 19:22 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2006-09-08 19:22 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2006-09-08 19:22 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2006-09-08 19:22 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2006-09-08 19:22 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2006-09-08 19:22 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2006-09-08 19:22 14,336 --a------ C:\WINDOWS\system32\iisreset.exe
2006-09-08 19:22 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2006-09-08 19:22 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2006-09-08 19:22 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2006-09-08 19:22 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2006-09-08 19:22 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2006-09-08 19:22 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2006-09-08 19:20 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-08 18:55 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-09-08 18:50 4,529,408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-08 18:49 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-08 18:48 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-08 18:48 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-08 18:48 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-08 18:48 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-08 18:48 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-08 18:48 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-08 18:48 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-08 18:48 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-08 18:48 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-08 18:48 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-08 18:48 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-08 18:48 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-08 18:48 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-08 18:48 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-08 18:30 57,344 --------- C:\WINDOWS\system32\mfc70enu.dll
2006-09-08 18:29 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2006-09-08 18:29 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-09-08 18:29 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-09-08 18:26 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 15:18 -------- d-------- C:\Program Files\Common Files
2006-09-27 15:12 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-27 15:09 -------- d-------- C:\Documents and Settings\Dave\Application Data\MailWasherPro
2006-09-27 14:53 -------- d-------- C:\Documents and Settings\Dave\Application Data\Adobe
2006-09-27 14:04 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-27 11:04 -------- d-------- C:\Documents and Settings\Dave\Application Data\Sonic
2006-09-27 11:03 -------- d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2006-09-27 10:59 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-09-27 10:59 -------- d-------- C:\Program Files\Common Files\Sonic
2006-09-27 10:58 -------- d-------- C:\Program Files\Sonic
2006-09-27 10:17 -------- d-------- C:\Program Files\HijackThis
2006-09-26 17:19 -------- d-------- C:\Program Files\CleanUp!
2006-09-25 15:03 -------- d-------- C:\Program Files\WinMediaCodec
2006-09-25 14:56 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-25 14:56 -------- d-------- C:\Program Files\Adobe
2006-09-25 14:41 -------- d-------- C:\Program Files\WebPosition 4
2006-09-24 17:04 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-24 16:48 -------- d-------- C:\Documents and Settings\Dave\Application Data\InterTrust
2006-09-24 16:46 -------- d-------- C:\Documents and Settings\Dave\Application Data\Leadertech
2006-09-24 16:45 -------- d-------- C:\Documents and Settings\Dave\Application Data\AdobeUM
2006-09-24 16:45 -------- d-------- C:\Documents and Settings\Dave\Application Data\AdobeAUM
2006-09-24 16:35 -------- d-------- C:\Program Files\Yahoo!
2006-09-24 13:01 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 11:27 1557 --a------ C:\Documents and Settings\Dave\Application Data\AdobeDLM.log
2006-09-24 11:27 0 --a------ C:\Documents and Settings\Dave\Application Data\dm.ini
2006-09-22 12:03 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-22 12:03 -------- d-------- C:\Program Files\DeepSilver
2006-09-20 14:58 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-20 13:31 -------- d-------- C:\Program Files\WinRAR
2006-09-19 16:16 -------- d---s---- C:\Documents and Settings\Dave\Application Data\Microsoft
2006-09-19 16:16 -------- d-------- C:\Program Files\MSN Messenger
2006-09-19 16:16 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-19 13:54 -------- d-------- C:\Documents and Settings\Dave\Application Data\Sun
2006-09-19 13:53 -------- d-------- C:\Program Files\Java
2006-09-19 13:51 -------- d-------- C:\Program Files\Common Files\Java
2006-09-16 13:49 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-09-16 13:49 -------- d-------- C:\Documents and Settings\Dave\Application Data\teamspeak2
2006-09-15 11:23 -------- d-------- C:\Program Files\QuickTime
2006-09-10 14:47 -------- d-------- C:\Documents and Settings\Dave\Application Data\Macromedia
2006-09-09 17:46 673546 --a------ C:\Documents and Settings\Dave\Application Data\unins000.exe
2006-09-09 17:46 18546 --a------ C:\Documents and Settings\Dave\Application Data\unins000.dat
2006-09-09 17:46 -------- d-------- C:\Program Files\GroupMail 5
2006-09-09 16:12 -------- d-------- C:\Program Files\Ipswitch
2006-09-09 16:12 -------- d-------- C:\Documents and Settings\Dave\Application Data\Ipswitch
2006-09-09 16:11 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-09 09:39 -------- d-------- C:\Documents and Settings\Dave\Application Data\McAfee
2006-09-09 02:00 -------- d-------- C:\Program Files\xerox
2006-09-09 02:00 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-09 01:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-09 01:58 -------- d-------- C:\Program Files\NetMeeting
2006-09-09 01:58 -------- d-------- C:\Program Files\Movie Maker
2006-09-09 01:58 -------- d-------- C:\Program Files\Common Files\Services
2006-09-09 01:58 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-09 01:57 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-09 01:56 -------- d-------- C:\Program Files\Windows NT
2006-09-09 01:56 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-09 01:56 -------- d-------- C:\Program Files\MSN
2006-09-08 21:59 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 21:43 -------- d-------- C:\Program Files\Creative
2006-09-08 21:42 -------- d-------- C:\Documents and Settings\Dave\Application Data\Creative
2006-09-08 21:31 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-08 21:16 -------- d-------- C:\Program Files\Common Files\System
2006-09-08 21:09 -------- d-------- C:\Program Files\Messenger
2006-09-08 21:03 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-08 21:02 -------- d-------- C:\Program Files\Outlook Express
2006-09-08 20:58 -------- d-------- C:\Program Files\Lexmark_7100 Series
2006-09-08 20:58 -------- d-------- C:\Program Files\Lexmark 7100 Series
2006-09-08 20:55 -------- d-------- C:\Documents and Settings\Dave\Application Data\McAfee.com Personal Firewall
2006-09-08 20:14 -------- d-------- C:\Program Files\CCP
2006-09-08 19:29 -------- d-------- C:\Program Files\McAfee.com
2006-09-08 19:29 -------- d-------- C:\Program Files\McAfee
2006-09-08 19:22 -------- d-------- C:\Program Files\Online Services
2006-09-08 19:20 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-08 19:20 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-08 19:19 -------- d-------- C:\Program Files\Microsoft Office
2006-09-08 19:19 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-08 19:00 -------- d-------- C:\Program Files\FireTrust
2006-09-08 18:48 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-08 18:48 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-08 18:47 62 --ahs---- C:\Documents and Settings\Dave\Application Data\desktop.ini
2006-09-08 18:30 -------- d-------- C:\Program Files\Macromedia
2006-09-08 18:30 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-08 18:29 -------- d-------- C:\Program Files\Common Files\Macromedia Shared
2006-09-08 18:12 -------- d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2006-09-08 18:06 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-08 18:06 -------- d-------- C:\Documents and Settings\Dave\Application Data\Identities
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"LXBXCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBXtime.dll,_RunDLLEntry@16"
"lxbxmon.exe"="\"C:\\Program Files\\Lexmark 7100 Series\\lxbxmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 7100 Series\\ezprint.exe\""
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,86,01,00,00,00,00,00,00,7a,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 27/09/2006 15:21:54.18
ComboFix.txt
ComboFix2.txt


************ COMBOFIX3.TXT **************

Dave - 06-09-27 15:16:57.10 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Dave\desktop"
Command switches used :: /v jkkji winzwr32

******** C:\redir.sys SCAN ***********

AntiVir 7.2.0.18 09.28.2006 no virus found
Authentium 4.93.8 09.28.2006 no virus found
Avast 4.7.892.0 09.27.2006 no virus found

Aditional Information
File size: 56 bytes
MD5: ab728893b0688e165d76a797343b7263
SHA1: 135e8828d5c94230723c029d0da09fb43be89df5

******** c:\WINDOWS\system32\VchReg.dll ****************

AntiVir 7.2.0.18 09.28.2006 no virus found
Authentium 4.93.8 09.28.2006 no virus found
Avast 4.7.892.0 09.27.2006 no virus found
AVG 386 09.27.2006 no virus found
BitDefender 7.2 09.28.2006 no virus found
CAT-QuickHeal 8.00 09.27.2006 no virus found
ClamAV devel-20060426 09.27.2006 no virus found
DrWeb 4.33 09.28.2006 no virus found
eTrust-InoculateIT 23.73.7 09.28.2006 no virus found
eTrust-Vet 30.3.3104 09.28.2006 no virus found
Ewido 4.0 09.28.2006 no virus found
Fortinet 2.82.0.0 09.28.2006 no virus found
F-Prot 3.16f 09.28.2006 no virus found
F-Prot4 4.2.1.29 09.28.2006 no virus found
Ikarus 0.2.65.0 09.28.2006 no virus found
Kaspersky 4.0.2.24 09.28.2006 no virus found
McAfee 4861 09.27.2006 no virus found
Microsoft 1.1603 09.28.2006 no virus found
NOD32v2 1.1780 09.27.2006 no virus found
Norman 5.90.23 09.27.2006 no virus found
Panda 9.0.0.4 09.27.2006 Suspicious file
Sophos 4.10.0 09.28.2006 no virus found
Symantec 8.0 09.28.2006 no virus found
TheHacker 6.0.1.085 09.28.2006 no virus found
UNA 1.83 09.27.2006 no virus found
VBA32 3.11.1 09.28.2006 no virus found
VirusBuster 4.3.7:9 09.27.2006 no virus found

Aditional Information
File size: 970752 bytes
MD5: 5ce92f1265ab92c5f8d78075a669234c
SHA1: 5ad20b862d8b257c88ad4db6169fcad124e01103

******** c:\WINDOWS\unvise32qt.exe ****************

AntiVir 7.2.0.18 09.28.2006 no virus found
Authentium 4.93.8 09.28.2006 no virus found
Avast 4.7.892.0 09.27.2006 no virus found
AVG 386 09.27.2006 no virus found
BitDefender 7.2 09.28.2006 no virus found
CAT-QuickHeal 8.00 09.27.2006 no virus found
ClamAV devel-20060426 09.27.2006 no virus found
DrWeb 4.33 09.28.2006 no virus found
eTrust-InoculateIT 23.73.7 09.28.2006 no virus found
eTrust-Vet 30.3.3104 09.28.2006 no virus found
Ewido 4.0 09.28.2006 no virus found
Fortinet 2.82.0.0 09.28.2006 no virus found
F-Prot 3.16f 09.28.2006 no virus found
F-Prot4 4.2.1.29 09.28.2006 no virus found
Ikarus 0.2.65.0 09.28.2006 no virus found
Kaspersky 4.0.2.24 09.28.2006 no virus found
McAfee 4861 09.27.2006 no virus found
Microsoft 1.1603 09.28.2006 no virus found
NOD32v2 1.1780 09.27.2006 no virus found
Norman 5.90.23 09.27.2006 no virus found
Panda 9.0.0.4 09.27.2006 no virus found
Sophos 4.10.0 09.28.2006 no virus found
Symantec 8.0 09.28.2006 no virus found
TheHacker 6.0.1.085 09.28.2006 no virus found
UNA 1.83 09.27.2006 no virus found
VBA32 3.11.1 09.28.2006 no virus found
VirusBuster 4.3.7:9 09.27.2006 no virus found

Aditional Information
File size: 86016 bytes
MD5: 23a458e8eb269a71a29ada0cb3e22e65
SHA1: ed89dac3cc37f2d47f2df0824965a1bac8f4638f

**************** PANDA NOTHING FOUND ***********************



************* HIJACK THIS REPORT ****************************

Logfile of HijackThis v1.99.1
Scan saved at 11:34:06, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\ElvisLives.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Willidshome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-28-2006, 07:38 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home


I know that was a lot of work to do, and you've done well. However, did you save the Ewido log? I see that the program has been installed.

Ewido's log will be located at:

C:\Program Files\ewido anti-spyware 4.0\Reports

I see that Panda found nothing, and that's a good sign.

Having this information will allow me to better advise the next step.

Also, how is your system behaving now, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-28-2006, 08:13 AM   #10 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 8
OS: xp


EXOL REPORT:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:09:13 28/09/2006

+ Scan result:



Nothing found.


::Report end


MY SYSTEM IS RUNNIGN PERFECT AGAIN NOT BEEN HIJACKED ANY
MORE.

THANKS
Willidshome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-28-2006, 06:56 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home


Excellent!

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK


Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial

    Here are two very good free Antivirus products which are available:
  • Avast!

  • AVG

If you do not have a firewall, here are 4 free ones available for personal use:


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:05 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84