|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-27-2006, 08:54 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Same issue with iexplore.exe
I've been having problems with iexplore.exe It keeps poping back up and starts to freez my pc, even when i open Fire fox it comes back up. Glaswegian told me to come here and post what i have for hijackthis. I really need help.
Logfile of HijackThis v1.99.1 Scan saved at 6:47:26 PM, on 11/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Xfire\Xfire.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe Last edited by glaz3; 11-27-2006 at 08:57 PM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-27-2006, 09:30 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Hello glaz3,
The infection you have, a variant of vundo, recognizes HijackThis and prevents HJT from reading the registry locations where it resides as well as hiding other infections in those locations. I'd like you to rename HijackThis.exe to glaz.exe.
Run a new scan with glaz.exe and post the log here please. |
|
|
|
|
11-27-2006, 09:45 PM
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Logfile of HijackThis v1.99.1
Scan saved at 7:44:39 PM, on 11/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Xfire\Xfire.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Administrator\Desktop\glaz.exe.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2C111456-A957-42A5-8BE4-F60645417351} - C:\WINDOWS\system32\jkhfd.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe |
|
|
|
|
11-27-2006, 09:57 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Hello glaz3,
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** ------------------------------------- Close any open browsers. -------------------------------------  Go to <<Start>> then <<Run>> then paste in the single line command then click OK "%userprofile%\desktop\combofix.exe" /v jkhfd When finished, it shall produce a log for you. We'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) VSAdd-in ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing) Click 'Fix Checked' and close HijackThis. ----------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. ----------------------------------- Using My Computer, navigate to and delete the following Folder if it still exists. C:\Program Files\ VSAdd-in ----------------------------------- Reboot your system. ----------------------------------- I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. Please download and install this excellent and FREE anti-virus program: Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.
----------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan ----------------------------------- Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post the ComboFix.txt in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- Create an Uninstall List: Open HijackThis *Click on the "Configure" button on the bottom right *Click on the tab "Misc Tools" *Click on the Box that says "Open Uninstall Manager" *Click on the button "Save list" The list will automatically be saved in your HijackThis folder. Please copy and paste the uninstall_list.txt here. ----------------------------------- Run a new scan with glaz.exe and save the log. ----------------------------------- Please include the following in your next reply: ComboFix2.txt Panda results ComboFix.txt uninstall_list.txt New HijackThis log (glaz.exe) |
|
|
|
|
11-27-2006, 11:24 PM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
99% - Scan My Computer
---------------------- Scanned: 48399 Detected: 6 Untreated: 6 Start time: 06-11-27 21:21 Duration: 00:02:42 Finish time: 06-11-27 21:23 Detected -------- Status Object ------ ------ detected: adware not-a-virus:AdWare.Win32.180Solutions.ao File: C:\Documents and Settings\Administrator\Desktop\unused\BSINSTALL(2).exe/WiseSFX Dropper detected: adware not-a-virus:AdWare.Win32.180Solutions.ao File: C:\Documents and Settings\Administrator\Desktop\unused\BSINSTALL(2).exe/WiseSFX Dropper/WISE0023.BIN/clientax.dll detected: adware not-a-virus:AdWare.Win32.SaveNow.ca File: C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe detected: adware not-a-virus:AdWare.Win32.HotBar.bq File: C:\WINDOWS\system32\xuaiaqri.exe detected: adware not-a-virus:AdWare.Win32.HotBar.bi File: C:\WINDOWS\system32\zrozspsd.exe/data0018/data0003/UPX detected: adware not-a-virus:AdWare.Win32.HotBar.bi File: C:\WINDOWS\system32\zrozspsd.exe/data0018/data0004 Events ------ Time Name Status Reason ---- ---- ------ ------ Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archived Compressed Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ---------- ------------------ --------- All Hard Drives 48399 5 5 0 0 115 5 265 0 Settings -------- Name Value ---- ----- Security Level Recommended Action Prompt for action when the scan is complete File types All Scan new and changed files only No Scan archives All Scan embedded OLE objects All Skip if object is greater than No Skip if scan takes longer than No Parse e-mail formats No Scan password-protected archives No Enable iChecker technology Yes Enable iSwift technology Yes Show detected threats on "Detected" tab Yes |
|
|
|
|
11-28-2006, 07:25 AM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Hi,
Have you completed the other steps? I really need to see these reports in order to continue: ComboFix2.txt ComboFix.txt uninstall_list.txt New HijackThis log |
|
|
|
|
11-28-2006, 11:01 AM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Administrator - 06-11-28 8:56:52.35 Service Pack 2
ComboFix 06.11.28W - Running from: "C:\Documents and Settings\Administrator\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Program Files\Common Files\{80AC8B4F-07DA-1033-0614-050709040001} ((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 )))))))))))))))))))))))))))))))))) 2006-11-28 08:54 616 --a------ C:\Combo.bat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-28 08:56 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Xfire 2006-11-28 08:53 -------- d-------- C:\Program Files\Common Files 2006-11-27 21:56 -------- d---s---- C:\Program Files\Xfire 2006-11-27 21:51 -------- d-------- C:\Program Files\Internet Explorer 2006-11-27 21:44 -------- d-------- C:\Program Files\DaemonTools_WhenUSaveNow_Installer 2006-11-27 19:58 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2006-11-27 18:04 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2006-11-27 17:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2006-11-27 17:01 -------- d-------- C:\Program Files\Steam 2006-11-27 16:39 -------- d-------- C:\Program Files\mIRC 2006-11-26 21:54 1007344 ---hs---- C:\WINDOWS\system32\dfhkj.bak2 2006-11-26 21:20 -------- d-------- C:\Program Files\Movie Maker 2006-11-26 21:20 -------- d-------- C:\Program Files\DivX 2006-11-26 20:47 -------- d-------- C:\Program Files\Trillian 2006-11-14 21:03 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-11 00:44 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment 2006-11-08 19:56 -------- d-------- C:\Program Files\HLSW 2006-10-19 16:14 67604 --a------ C:\WINDOWS\system32\bltjlhci.exe 2006-10-03 11:28 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2006-10-03 10:13 -------- dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo! 2006-09-28 14:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2006-09-28 14:27 73748 --a------ C:\WINDOWS\system32\fusxnywh.dll 2006-09-25 12:14 143380 --a------ C:\WINDOWS\system32\ilfxsymw.exe 2006-09-25 12:13 820157 ---hs---- C:\WINDOWS\system32\dfhkj.bak1 2006-09-20 10:50 94720 --a------ C:\WINDOWS\system32\lhnjsrk.dll 2006-09-20 05:58 577588 ---hs---- C:\WINDOWS\system32\jkhfd.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"" @="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] "path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Fantastic Flame Agent.lnk" "backup"="C:\\WINDOWS\\pss\\Fantastic Flame Agent.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FANTAS~1\\FANTAS~2.EXE " "item"="Fantastic Flame Agent" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WarpSpeeder Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WarpSpeeder Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\WarpSpeeder Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WARPSP~1\\BSTRAY~1.EXE " "item"="WarpSpeeder Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VM305_STI" "hkey"="HKLM" "command"="C:\\WINDOWS\\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DaemonTools_WhenUSaveNow_Installer" "hkey"="HKLM" "command"="C:\\Program Files\\DaemonTools_WhenUSaveNow_Installer\\DaemonTools_WhenUSaveNow_Installer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpztsb10" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhnjsrk.dll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lhnjsrk" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\lhnjsrk.dll,tbtytxe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SBInst" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SPAMBL~1\\Bin\\480~1.0\\SBInst.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SbOEAddOn" "hkey"="HKLM" "command"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.0.0\\SbOEAddOn.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="spydoctor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Spyware Doctor\\spydoctor.exe\" /Q" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvaqhgck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="xuaiaqri" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\xuaiaqri.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhvjsul.dll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uhvjsul" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\uhvjsul.dll,mrpmvyf" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdS7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -u" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -u" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SbWeatherOnTray" "hkey"="HKLM" "command"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.0.0\\SbWeatherOnTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Save" "hkey"="HKCU" "command"="\"C:\\Program Files\\Save\\Save.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winexes] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="server" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\server.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="zango" "hkey"="HKLM" "command"="\"c:\\program files\\zango\\zango.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Completion time: 06-11-28 9:00:49.18 C:\ComboFix.txt ... 06-11-28 09:00 C:\ComboFix2.txt ... 06-11-28 08:53 |
|
|
|
|
11-28-2006, 11:07 AM
|
#9 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Logfile of HijackThis v1.99.1
Scan saved at 9:07:44 AM, on 11/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Xfire\Xfire.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrator\Desktop\glaz.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {DF5C3FF2-C151-4A7F-9787-DC67A6D7183C} - C:\WINDOWS\system32\jkhfd.dll O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\macoejhg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O8 - Extra context menu item: Download all links using BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe |
|
|
|
|
11-28-2006, 11:08 AM
|
#10 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Active Virus Shield
Ad-Aware SE Personal Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 7.0.8 Adobe Stock Photos 1.0 Belarc Advisor 7.1 BitComet 0.77 Client Fix 1.9.2 CMN3 Dawn DivX DivX Converter DivX Player DivX Web Player DVC305 DVD Decrypter (Remove Only) Fantastic Flame Screensaver ffdshow FLV Player 1.3.3 Fraps (remove only) Guild Wars HijackThis 1.99.1 HLSW v1.0.0.50 HP Deskjet 6500 HP Software Update Huffyuv AVI lossless video codec (Remove Only) iTunes J2SE Runtime Environment 5.0 Update 6 Lavasoft VX2 Cleaner LimeWire 4.10.9 MAIET entertainment - Gunz MaxBlast 4 Microsoft .NET Framework 1.1 mIRC Mozilla Firefox (2.0) Nero Suite NVIDIA Drivers Oblivion Panda ActiveScan PowerDVD PowerISO QuickTime RealPlayer Realtek AC'97 Audio Security Task Manager 1.7 Skype 2.5 Smart Guardian SmartFTP Client 2.0 SmartFTP Client 2.0 Setup Files (remove only) Sony DVD Architect 3.0 Sony Vegas 6.0 Spybot - Search & Destroy 1.4 Spyware Doctor 2.1 Steam Sygate Personal Firewall Trillian UltraISO 8.0 Premium Edition Ventrilo Client Ventrilo Server VideoLAN VLC media player 0.8.5 VIMICRO USB PC Camera V VobSub v2.23 (Remove Only) WarpSpeeder Winamp (remove only) WinAVIVideoConverter Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 2 WinRAR archiver WinZip World of Warcraft XBC 5.1 Xfire (remove only) XviD MPEG-4 Video Codec |
|
|
|
|
11-28-2006, 11:15 AM
|
#11 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[.z1.adserver.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[adserver.filefront.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[c5.zedo.com/] Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iwxeqv8b.default\cookies.txt[dbbsrv.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\oldoblivion\oldblivion.exe Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\hfivfssk.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\lctlmkdu.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\mxpiiywh.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\pltnupah.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\tbfevlwy.dll Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.advertising.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter3.sextracker.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter4.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter7.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter2.sextracker.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.overture.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.zedo.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.sexlist.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.com.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.2o7.net/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.hitbox.com/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.did-it.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.apmebf.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.belnk.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.z1.adserver.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.revenue.net/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.perf.overture.com/] Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\bltjlhci.exe Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\fusxnywh.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ilfxsymw.exe Possible Virus. Not disinfected C:\WINDOWS\system32\jkhfd.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\srybqetk.exe |
|
|
|
|
11-28-2006, 11:20 AM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Hi,
Can you please post ComboFix2.txt as well--you'll find it at C:\Combofix2.txt I need to see that report as I still see that file present on the system that the first instruction should have taken out. |
|
|
|
|
11-28-2006, 11:33 AM
|
#13 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Administrator - 06-11-28 8:49:39.14 Service Pack 2
ComboFix 06.11.28W - Running from: "C:\Documents and Settings\Administrator\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Program Files\Common Files\{80AC8B4F-07DA-1033-0614-050709040001} ((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 )))))))))))))))))))))))))))))))))) 2006-11-28 08:47 60,436 --a------ C:\WINDOWS\system32\macoejhg.dll 2006-11-27 21:34 951,460 ---hs---- C:\WINDOWS\system32\dfhkj.ini2 2006-11-27 21:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2006-11-27 20:21 <DIR> d-------- C:\Program Files\AOL 2006-11-27 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL 2006-11-27 19:58 <DIR> d-------- C:\Downloads 2006-11-26 21:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2006-11-26 21:32 <DIR> d-------- C:\Program Files\Mozilla Firefox 2006-11-26 20:57 <DIR> d--hs---- C:\WINDOWS\CSC 2006-11-26 20:21 73,728 --a------ C:\WINDOWS\system32\pv_c3.exe 2006-11-26 20:21 119,056 --a------ C:\WINDOWS\system32\reg_c3.exe 2006-11-26 20:21 <DIR> d-------- C:\Program Files\CEVO 2006-11-21 12:55 <DIR> d-------- C:\Program Files\Security Task Manager 2006-11-21 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2006-11-14 21:03 <DIR> d-------- C:\Program Files\Maxtor 2006-11-11 00:44 <DIR> d-------- C:\Program Files\World of Warcraft 2006-11-03 15:42 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2006-11-01 16:01 110,612 --a------ C:\WINDOWS\system32\srybqetk.exe 2006-10-30 06:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss 2006-10-29 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2006-10-29 17:46 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2006-10-29 17:46 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2006-10-29 17:46 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2006-10-29 17:46 <DIR> d-------- C:\Program Files\Sygate 2006-10-29 15:59 118,804 --a------ C:\WINDOWS\system32\tgoysbcu.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-28 08:53 -------- d-------- C:\Program Files\Common Files 2006-11-28 08:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Xfire 2006-11-27 21:56 -------- d---s---- C:\Program Files\Xfire 2006-11-27 21:51 -------- d-------- C:\Program Files\Internet Explorer 2006-11-27 21:44 -------- d-------- C:\Program Files\DaemonTools_WhenUSaveNow_Installer 2006-11-27 19:58 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2006-11-27 18:04 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2006-11-27 17:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2006-11-27 17:01 -------- d-------- C:\Program Files\Steam 2006-11-27 16:39 -------- d-------- C:\Program Files\mIRC 2006-11-26 21:54 1007344 ---hs---- C:\WINDOWS\system32\dfhkj.bak2 2006-11-26 21:20 -------- d-------- C:\Program Files\Movie Maker 2006-11-26 21:20 -------- d-------- C:\Program Files\DivX 2006-11-26 20:47 -------- d-------- C:\Program Files\Trillian 2006-11-14 21:03 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-11 00:44 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment 2006-11-08 19:56 -------- d-------- C:\Program Files\HLSW 2006-10-19 16:14 67604 --a------ C:\WINDOWS\system32\bltjlhci.exe 2006-10-03 11:28 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2006-10-03 10:13 -------- dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo! 2006-09-28 14:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2006-09-28 14:27 73748 --a------ C:\WINDOWS\system32\fusxnywh.dll 2006-09-25 12:14 143380 --a------ C:\WINDOWS\system32\ilfxsymw.exe 2006-09-25 12:13 820157 ---hs---- C:\WINDOWS\system32\dfhkj.bak1 2006-09-20 10:50 94720 --a------ C:\WINDOWS\system32\lhnjsrk.dll 2006-09-20 05:58 577588 ---hs---- C:\WINDOWS\system32\jkhfd.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"" @="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] "path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Fantastic Flame Agent.lnk" "backup"="C:\\WINDOWS\\pss\\Fantastic Flame Agent.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FANTAS~1\\FANTAS~2.EXE " "item"="Fantastic Flame Agent" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WarpSpeeder Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WarpSpeeder Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\WarpSpeeder Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WARPSP~1\\BSTRAY~1.EXE " "item"="WarpSpeeder Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VM305_STI" "hkey"="HKLM" "command"="C:\\WINDOWS\\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DaemonTools_WhenUSaveNow_Installer" "hkey"="HKLM" "command"="C:\\Program Files\\DaemonTools_WhenUSaveNow_Installer\\DaemonTools_WhenUSaveNow_Installer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpztsb10" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhnjsrk.dll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lhnjsrk" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\lhnjsrk.dll,tbtytxe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SBInst" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SPAMBL~1\\Bin\\480~1.0\\SBInst.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SbOEAddOn" "hkey"="HKLM" "command"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.0.0\\SbOEAddOn.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="spydoctor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Spyware Doctor\\spydoctor.exe\" /Q" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvaqhgck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="xuaiaqri" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\xuaiaqri.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhvjsul.dll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uhvjsul" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\uhvjsul.dll,mrpmvyf" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdS7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -u" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -u" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SbWeatherOnTray" "hkey"="HKLM" "command"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.0.0\\SbWeatherOnTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Save" "hkey"="HKCU" "command"="\"C:\\Program Files\\Save\\Save.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winexes] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="server" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\server.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="zango" "hkey"="HKLM" "command"="\"c:\\program files\\zango\\zango.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Completion time: 06-11-28 8:53:28.31 C:\ComboFix.txt ... 06-11-28 08:53 |
|
|
|
|
11-28-2006, 11:42 AM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Thank you.
 It's going to take me a bit of time to go through all these reports and prepare the next set of fixes for you. I expect to have a reply ready for you within the hour.
|
|
|
|
|
11-28-2006, 12:23 PM
|
#15 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Ok, here we go with round 2.
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Download KillBox. (it's important that you get version v2.0.0.175) ------------ Download the attached glaze.zip file to your desktop. Do not run it just yet. ------------------------------------- Close any open browsers. ------------------------------------- Double click on the glaze.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry. ------------------------------------- Launch KillBox.exe & select the following options:
Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C: C:\WINDOWS\system32\xuaiaqri.exe C:\WINDOWS\system32\zrozspsd.exe C:\WINDOWS\system32\bltjlhci.exe C:\WINDOWS\system32\ilfxsymw.exe C:\WINDOWS\system32\srybqetk.exe C:\WINDOWS\system32\server.exe C:\Documents and Settings\Administrator\Desktop\unused\BSINSTALL(2).exe Go to the File menu, and choose Paste from Clipboard *Click on the dropdown menu next to Full Path of File to Delete field. *Verify that the filenames you pasted are found there Select/tick the following: * Delete on Reboot * End Explorer Shell While Killing File Click the RED X button. Click Yes at the 'Delete on Reboot' prompt. Click No at the Pending Operations prompt. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run [b]missingfilesetup.exe[/color]. Then try Killbox again. ----------------------------------- Using My Computer, navigate to and delete the following Folders if they still exist. C:\Program Files\ DaemonTools_WhenUSaveNow_Installer C:\Program Files\ Save c:\program files\ zango ----------------------------------- Clear Mozilla Firefox cookies: Open the Mozilla Browser, (you do not need to be online to do this) Click Tools>Options>Privacy>Cookies>Clear ----------------------------------- Clear Internet Explorer Cookies: (you do not need to be connected to the internet to perform this) Launch Internet Explorer>Tools>Internet Options>Delete Cookies ----------------------------------- Click Start then Run then copy/paste the entire text below into the Run box then click OK "%userprofile%\desktop\combofix.exe" /v jkhfd macoejhg lhnjsrk uhvjsul fusxnywh When finished, it shall produce a log for you. We'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- After the reboot, run another online scan at Panda and save the report. ----------------------------------- Run another scan with glaze.exe and save the log. ----------------------------------- Please include the following in your next reply: ComboFix.txt Panda results New HijackThis log (glaze.exe) How is your system behaving now? Last edited by Ried; 12-30-2006 at 06:34 PM. |
|
|
|
|
11-28-2006, 12:46 PM
|
#16 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Administrator - 06-11-28 8:49:39.14 Service Pack 2
ComboFix 06.11.28W - Running from: "C:\Documents and Settings\Administrator\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Program Files\Common Files\{80AC8B4F-07DA-1033-0614-050709040001} ((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 )))))))))))))))))))))))))))))))))) 2006-11-28 08:47 60,436 --a------ C:\WINDOWS\system32\macoejhg.dll 2006-11-27 21:34 951,460 ---hs---- C:\WINDOWS\system32\dfhkj.ini2 2006-11-27 21:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2006-11-27 20:21 <DIR> d-------- C:\Program Files\AOL 2006-11-27 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL 2006-11-27 19:58 <DIR> d-------- C:\Downloads 2006-11-26 21:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2006-11-26 21:32 <DIR> d-------- C:\Program Files\Mozilla Firefox 2006-11-26 20:57 <DIR> d--hs---- C:\WINDOWS\CSC 2006-11-26 20:21 73,728 --a------ C:\WINDOWS\system32\pv_c3.exe 2006-11-26 20:21 119,056 --a------ C:\WINDOWS\system32\reg_c3.exe 2006-11-26 20:21 <DIR> d-------- C:\Program Files\CEVO 2006-11-21 12:55 <DIR> d-------- C:\Program Files\Security Task Manager 2006-11-21 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2006-11-14 21:03 <DIR> d-------- C:\Program Files\Maxtor 2006-11-11 00:44 <DIR> d-------- C:\Program Files\World of Warcraft 2006-11-03 15:42 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2006-11-01 16:01 110,612 --a------ C:\WINDOWS\system32\srybqetk.exe 2006-10-30 06:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss 2006-10-29 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2006-10-29 17:46 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2006-10-29 17:46 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2006-10-29 17:46 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2006-10-29 17:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2006-10-29 17:46 <DIR> d-------- C:\Program Files\Sygate 2006-10-29 15:59 118,804 --a------ C:\WINDOWS\system32\tgoysbcu.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-28 08:53 -------- d-------- C:\Program Files\Common Files 2006-11-28 08:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Xfire 2006-11-27 21:56 -------- d---s---- C:\Program Files\Xfire 2006-11-27 21:51 -------- d-------- C:\Program Files\Internet Explorer 2006-11-27 21:44 -------- d-------- C:\Program Files\DaemonTools_WhenUSaveNow_Installer 2006-11-27 19:58 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2006-11-27 18:04 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2006-11-27 17:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2006-11-27 17:01 -------- d-------- C:\Program Files\Steam 2006-11-27 16:39 -------- d-------- C:\Program Files\mIRC 2006-11-26 21:54 1007344 ---hs---- C:\WINDOWS\system32\dfhkj.bak2 2006-11-26 21:20 -------- d-------- C:\Program Files\Movie Maker 2006-11-26 21:20 -------- d-------- C:\Program Files\DivX 2006-11-26 20:47 -------- d-------- C:\Program Files\Trillian 2006-11-14 21:03 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-11 00:44 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment 2006-11-08 19:56 -------- d-------- C:\Program Files\HLSW 2006-10-19 16:14 67604 --a------ C:\WINDOWS\system32\bltjlhci.exe 2006-10-03 11:28 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2006-10-03 10:13 -------- dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo! 2006-09-28 14:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2006-09-28 14:27 73748 --a------ C:\WINDOWS\system32\fusxnywh.dll 2006-09-25 12:14 143380 --a------ C:\WINDOWS\system32\ilfxsymw.exe 2006-09-25 12:13 820157 ---hs---- C:\WINDOWS\system32\dfhkj.bak1 2006-09-20 10:50 94720 --a------ C:\WINDOWS\system32\lhnjsrk.dll 2006-09-20 05:58 577588 ---hs---- C:\WINDOWS\system32\jkhfd.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"" @="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] "path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Fantastic Flame Agent.lnk" "backup"="C:\\WINDOWS\\pss\\Fantastic Flame Agent.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FANTAS~1\\FANTAS~2.EXE " "item"="Fantastic Flame Agent" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WarpSpeeder Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WarpSpeeder Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\WarpSpeeder Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WARPSP~1\\BSTRAY~1.EXE " "item"="WarpSpeeder Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VM305_STI" "hkey"="HKLM" "command"="C:\\WINDOWS\\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DaemonTools_WhenUSaveNow_Installer" "hkey"="HKLM" "command"="C:\\Program Files\\DaemonTools_WhenUSaveNow_Installer\\DaemonTools_WhenUSaveNow_Installer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpztsb10" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhnjsrk.dll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lhnjsrk" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\lhnjsrk.dll,tbtytxe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SBInst" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SPAMBL~1\\Bin\\480~1.0\\SBInst.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SbOEAddOn" "hkey"="HKLM" "command"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.0.0\\SbOEAddOn.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="spydoctor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Spyware Doctor\\spydoctor.exe\" /Q" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvaqhgck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="xuaiaqri" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\xuaiaqri.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhvjsul.dll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uhvjsul" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\uhvjsul.dll,mrpmvyf" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdS7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -u" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -u" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SbWeatherOnTray" "hkey"="HKLM" "command"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.0.0\\SbWeatherOnTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Save" "hkey"="HKCU" "command"="\"C:\\Program Files\\Save\\Save.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winexes] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="server" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\server.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="zango" "hkey"="HKLM" "command"="\"c:\\program files\\zango\\zango.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Completion time: 06-11-28 8:53:28.31 C:\ComboFix.txt ... 06-11-28 08:53 |
|
|
|
|
11-28-2006, 12:50 PM
|
#17 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
It appears you are double clicking combofix.exe to run it--that is not how we need to use it at this moment.
It needs to be run like this: Click Start then Run then copy/paste the entire text below into the Run box then click OK: "%userprofile%\desktop\combofix.exe" /v jkhfd macoejhg lhnjsrk uhvjsul fusxnywh When finished, it shall produce a log for you. We'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
11-28-2006, 01:20 PM
|
#18 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 43
OS: Vista Home
|
Incident Status Location
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\oldoblivion\oldblivion.exe Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.advertising.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter3.sextracker.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter4.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter7.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[counter2.sextracker.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.overture.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.zedo.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.sexlist.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.com.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.2o7.net/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.hitbox.com/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.did-it.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.apmebf.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.belnk.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.z1.adserver.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.revenue.net/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\1ikgh680.default\cookies.txt[.perf.overture.com/] Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe |
|
|
|
|
11-28-2006, 05:40 PM
|
#20 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista
|
Hi,
I need more detail--as much as you can provide: 1. Are you copy/pasting this command--exactly as shown in the bold red text--into the Run box? "%userprofile%\desktop\combofix.exe" /v jkhfd macoejhg lhnjsrk uhvjsul fusxnywh 2. What do you mean by combofix is freezing? What does it say in the combofix screen? 3. I have not sent you into the Add/Remove panel yet--what are you trying to uninstall? 4. Have you run Killbox yet? Did you have any difficulties with that step? |
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
