Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need help, Hijackthis log file
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 03-28-2007, 09:24 PM   #1 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Exclamation Need help, Hijackthis log file
I have pop ups when surfing internet using IE7.



Logfile of HijackThis v1.99.1
Scan saved at 11:24:03 AM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\{00E97D58-0C78-1033-0707-060405120001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Azrin Ismail\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\urqroml.dll (file missing)
O2 - BHO: (no name) - {DC84E791-A4D3-4ED1-94BC-6C225B212338} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\pwykovfg.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [dupeonline] C:\DOCUME~1\AZRINI~1\APPLIC~1\ELSELO~1\extra idle real.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: ????? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&??? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.ap.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-29-2007, 01:30 PM   #2 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Need help, Hijackthis log file
Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2007, 11:58 PM   #3 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Need help, Hijackthis log file
Hi again huawei


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.


=================

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

=================

1. Download this file - Here

Alternative link


* IMPORTANT !!! Place combofix.exe on your Desktop


2.
Double click on combofix.exe & follow the prompts.


3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=================

NoLop
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log at the end of this fix.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

===============================================

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

===============================================

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\urqroml.dll (file missing)
O2 - BHO: (no name) - {DC84E791-A4D3-4ED1-94BC-6C225B212338} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\pwykovfg.dll (file missing)
O4 - HKCU\..\Run: [dupeonline] C:\DOCUME~1\AZRINI~1\APPLIC~1\ELSELO~1\extra idle real.exe



Please remember to close all other windows, including browsers then click Fix checked.

===============================================


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Documents and Settings\Azrin Ismail\Application Data\ ELSELO --Any folder beginning with these letters

===============================================

REBOOT TO NORMAL MODE

=================

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

========================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
=======================

In your next post, please include fresh logs from:
  • ComboFix.txt
  • C:\NoLop.log
  • Online scan
  • main.txt
  • C:\Deckard\System Scanner\extra.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2007, 06:50 PM   #4 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
ComboFix log file:

"Azrin Ismail" - 07-03-31 8:36:40 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Azrin Ismail\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\Common Files\{00E97~1\system.dll
C:\DOCUME~1\AZRINI~1\Desktop.\internet explorer.lnk
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\Common Files\{00E97~1
C:\Program Files\Common Files\{30E97~1


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 ))))))))))))))))))))))))))))))))))


2007-03-29 21:53 <DIR> d-------- C:\QUARANTINE
2007-03-29 20:38 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-03-29 20:38 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-03-29 20:37 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-03-29 20:37 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-03-29 20:37 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-03-29 20:37 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-03-29 20:37 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-03-29 03:33 <DIR> d-------- C:\Program Files\BitGrabber
2007-03-27 19:13 <DIR> d-------- C:\Program Files\iTunes
2007-03-27 19:13 <DIR> d-------- C:\Program Files\iPod
2007-03-17 18:15 34,297 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-03-17 18:15 <DIR> d-------- C:\Program Files\SigmaTel
2007-03-16 23:45 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-16 20:41 <DIR> d-------- C:\Program Files\GetRight
2007-03-16 08:40 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-03-16 08:40 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-03-16 08:40 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-03-16 08:39 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-03-16 08:39 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-03-16 08:39 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-03-16 06:15 431,801 --a------ C:\WINDOWS\Aktivierungscode.exe
2007-03-16 06:04 <DIR> d-------- C:\DOCUME~1\AZRINI~1\APPLIC~1\PCToolsFirewallPlus
2007-03-14 08:11 <DIR> d-------- C:\Program Files\QuickTime
2007-03-13 19:43 144,198 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\firstlsp.reg.dat
2007-03-13 10:17 6,815,744 --a------ C:\DOCUME~1\AZRINI~1\ntuser.dat
2007-03-13 10:17 229,376 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-03-03 19:35 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-03 06:13 94,208 --------- C:\WINDOWS\system32\mclsp.dll
2007-03-01 05:49 <DIR> d-------- C:\Program Files\Common Files\McAfee


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-31 08:45 -------- d-------- C:\DOCUME~1\AZRINI~1\APPLIC~1\utorrent
2007-03-29 20:38 -------- d-------- C:\Program Files\mcafee
2007-03-28 08:07 -------- d-------- C:\Program Files\apollo ipod video converter
2007-03-19 21:23 -------- d-------- C:\Program Files\windows desktop search
2007-03-19 21:22 -------- d-------- C:\Program Files\bringback
2007-03-19 21:19 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-17 18:18 -------- d--h----- C:\Program Files\installshield installation information
2007-03-16 23:45 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-03-16 09:06 -------- d-------- C:\Program Files\nokia
2007-03-16 09:06 -------- d-------- C:\Program Files\Common Files\nokia
2007-03-14 07:54 -------- d-------- C:\Program Files\apple software update
2007-03-05 21:17 -------- d-------- C:\DOCUME~1\AZRINI~1\APPLIC~1\nokia multimedia player
2007-03-03 07:53 -------- d-------- C:\Program Files\divx
2007-02-26 05:54 -------- d-------- C:\Program Files\java
2007-02-23 12:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 12:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 12:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 12:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 12:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 12:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 12:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 12:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 12:25 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-02-23 12:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-02-23 12:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 12:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 12:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 12:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 12:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 12:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-18 20:41 -------- d-------- C:\Program Files\lavasoft reghance
2007-02-18 20:41 -------- d-------- C:\DOCUME~1\AZRINI~1\APPLIC~1\lavasoft
2007-02-18 20:40 -------- d-------- C:\Program Files\lavasoft
2007-02-18 19:47 -------- d-------- C:\DOCUME~1\AZRINI~1\APPLIC~1\simply super software
2007-02-18 15:40 -------- d-------- C:\DOCUME~1\AZRINI~1\APPLIC~1\pc tools
2007-02-18 14:39 -------- d-------- C:\Program Files\mirc
2007-02-17 10:19 -------- d-------- C:\Program Files\microsoft games
2007-02-16 09:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-15 10:57 -------- d-------- C:\Program Files\intel corporation
2007-02-15 00:07 -------- d-------- C:\Program Files\utorrent
2007-02-14 18:19 -------- d-------- C:\Program Files\azureus
2007-02-13 17:03 -------- d-------- C:\Program Files\msn messenger
2007-02-03 17:11 -------- d-------- C:\Program Files\tvuplayer
2007-01-26 09:19 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-26 09:19 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-26 09:19 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 20:21 106496 --a------ C:\WINDOWS\system32\exec1.exe
2006-12-28 17:08 1388544 --a------ C:\WINDOWS\system32\msvbvm60.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NWEReboot"=""
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winjews16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\winjews16.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62fe9ef2-a5ab-11db-9915-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf468f3-dda7-11db-9968-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-31 8:46:29


No log files for NoLop have been saved since no infection is found.
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2007, 06:52 PM   #5 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
NoLop log file as below:


NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Azrin Ismail\Desktop
[3/31/2007]
[8:49:17 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Nokia
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Azrin Ismail\Application Data\Adobe
C:\Documents and Settings\Azrin Ismail\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Azrin Ismail\Application Data\Ahead
C:\Documents and Settings\Azrin Ismail\Application Data\Apple Computer
C:\Documents and Settings\Azrin Ismail\Application Data\Azureus
C:\Documents and Settings\Azrin Ismail\Application Data\Bittorrent
C:\Documents and Settings\Azrin Ismail\Application Data\Creative
C:\Documents and Settings\Azrin Ismail\Application Data\Datalayer
C:\Documents and Settings\Azrin Ismail\Application Data\Divx
C:\Documents and Settings\Azrin Ismail\Application Data\F-secure
C:\Documents and Settings\Azrin Ismail\Application Data\Google
C:\Documents and Settings\Azrin Ismail\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Azrin Ismail\Application Data\Identities
C:\Documents and Settings\Azrin Ismail\Application Data\Lavasoft
C:\Documents and Settings\Azrin Ismail\Application Data\Leadertech
C:\Documents and Settings\Azrin Ismail\Application Data\Limewire
C:\Documents and Settings\Azrin Ismail\Application Data\Macromedia
C:\Documents and Settings\Azrin Ismail\Application Data\Mcafee
C:\Documents and Settings\Azrin Ismail\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Azrin Ismail\Application Data\Microsoft
C:\Documents and Settings\Azrin Ismail\Application Data\Nokia
C:\Documents and Settings\Azrin Ismail\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Azrin Ismail\Application Data\Pc Suite
C:\Documents and Settings\Azrin Ismail\Application Data\Pc Tools
C:\Documents and Settings\Azrin Ismail\Application Data\Pctoolsfirewallplus
C:\Documents and Settings\Azrin Ismail\Application Data\Real
C:\Documents and Settings\Azrin Ismail\Application Data\Simply Super Software
C:\Documents and Settings\Azrin Ismail\Application Data\Siteadvisor -- EMPTY Directory
C:\Documents and Settings\Azrin Ismail\Application Data\Sun
C:\Documents and Settings\Azrin Ismail\Application Data\Teamspeak2
C:\Documents and Settings\Azrin Ismail\Application Data\Thumbsplus -- EMPTY Directory
C:\Documents and Settings\Azrin Ismail\Application Data\Tvu Networks
C:\Documents and Settings\Azrin Ismail\Application Data\Utorrent
C:\Documents and Settings\Azrin Ismail\Application Data\Vlc
C:\Documents and Settings\Azrin Ismail\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 03:50 AM   #6 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Main logs:

Deckard's System Scanner v20070328.36
Run by Azrin Ismail on 2007-03-31 at 17:37:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create System Restore WMI object; error code: 0x80041002
Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Azrin Ismail.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:41:28 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Documents and Settings\Azrin Ismail\Desktop\dss.exe
C:\!KillBox\Azrin Ismail.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: ????? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&??? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.ap.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\!KillBox\backups\) -----------------------------

backup-20070331-090229-531 O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\urqroml.dll (file missing)
backup-20070331-090229-563 O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
backup-20070331-090229-741 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\pwykovfg.dll (file missing)
backup-20070331-090229-751 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070331-090229-830 O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
backup-20070331-090229-926 O2 - BHO: (no name) - {DC84E791-A4D3-4ED1-94BC-6C225B212338} - C:\WINDOWS\system32\vtstu.dll (file missing)
backup-20070331-090229-959 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys
3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys
3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys
3 GcKernel (Microsoft SideWinder Value Add - Filter Driver) - c:\windows\system32\drivers\gckernel.sys
0 HFXP2 - c:\windows\system32\drivers\hfxp2.sys
3 HIDSwvd (Microsoft SideWinder Virtual HID Device Mini-Driver) - c:\windows\system32\drivers\hidswvd.sys
2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys
3 mfeapfk (McAfee Inc.) - c:\windows\system32\drivers\mfeapfk.sys
1 mfetdik (McAfee Inc.) - c:\windows\system32\drivers\mfetdik.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
3 mohfilt - c:\windows\system32\drivers\mohfilt.sys
3 MSIRCOMM (Microsoft IR Communications Driver) - c:\windows\system32\drivers\msircomm.sys
3 Nokia USB Port - c:\windows\system32\drivers\nmwcdcj.sys
1 OMCI - c:\windows\system32\drivers\omci.sys
3 ovt530 (AV301P) - c:\windows\system32\drivers\ov530vid.sys
3 P17 (Sound Blaster Live! 24-bit) - c:\windows\system32\drivers\p17.sys
2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys
3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys
3 STIrUsb (SigmaTel USB-IrDA Dongle) - c:\windows\system32\drivers\irstusb.sys
3 SWUSBFLT (Microsoft SideWinder VIA Filter Driver) - c:\windows\system32\drivers\swusbflt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
2 Diskeeper - c:\program files\diskeeper corporation\diskeeper\dkservice.exe
3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe
2 McAfeeFramework (McAfee Framework Service) - c:\program files\mcafee\common framework\frameworkservice.exe
2 McTaskManager (McAfee Task Manager) - c:\program files\mcafee\virusscan enterprise\vstskmgr.exe
3 Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
3 ServiceLayer - c:\program files\pc connectivity solution\servicelayer.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 09:13:07 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-31 09:13:05 0 d-------- C:\WINDOWS\LastGood
2007-03-31 08:47:17 212 --a------ C:\delete.bat
2007-03-29 21:53:12 0 d-------- C:\QUARANTINE<QUARAN~1>
2007-03-29 20:38:14 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll<EPOPGP~1.DLL>
2007-03-29 20:38:14 0 d-------- C:\Program Files\Common Files\Cisco Systems<CISCOS~1>
2007-03-29 20:37:55 52136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-03-29 20:37:55 34152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-03-29 20:37:55 72264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-03-29 20:37:55 64360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-03-29 20:37:54 170408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-03-29 03:33:01 0 d-------- C:\Program Files\BitGrabber<BITGRA~1>
2007-03-27 19:13:59 0 d-------- C:\Program Files\iPod
2007-03-27 19:13:47 0 d-------- C:\Program Files\iTunes
2007-03-17 18:15:20 34297 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-03-17 18:15:16 0 d-------- C:\Program Files\SigmaTel
2007-03-16 23:45:14 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-16 20:41:06 0 d-------- C:\Program Files\GetRight
2007-03-16 08:40:28 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-03-16 08:40:22 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-03-16 08:40:15 9216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-03-16 08:39:47 30720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll<NMWCDC~1.DLL>
2007-03-16 08:39:46 4608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-03-16 08:39:46 138240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-03-16 06:15:10 431801 --a------ C:\WINDOWS\Aktivierungscode.exe<AKTIVI~1.EXE>
2007-03-16 06:04:13 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\PCToolsFirewallPlus<PCTOOL~2>
2007-03-14 08:11:24 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-13 10:17:19 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-03-13 10:17:19 6815744 --a------ C:\Documents and Settings\Azrin Ismail\ntuser.dat
2007-03-03 19:35:22 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-03 06:13:25 94208 -----n--- C:\WINDOWS\system32\mclsp.dll
2007-03-01 05:49:52 0 d-------- C:\Program Files\Common Files\McAfee


-- Find3M Report ---------------------------------------------------------------

2007-03-31 17:42:08 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\uTorrent
2007-03-31 12:16:27 0 d-------- C:\Program Files\utorrent
2007-03-31 12:15:16 0 d-------- C:\Program Files\PC Connectivity Solution<PCCONN~1>
2007-03-31 12:14:41 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-31 11:53:11 0 d-------- C:\Program Files\ffdshow
2007-03-31 11:41:40 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-03-29 20:38:13 0 d-------- C:\Program Files\McAfee
2007-03-28 21:02:49 0 d-------- C:\Program Files\Apollo 3GP Video Converter<APOLLO~2>
2007-03-28 08:07:49 0 d-------- C:\Program Files\Apollo iPod Video Converter<APOLLO~1>
2007-03-19 21:23:50 0 d-------- C:\Program Files\Windows Desktop Search<WI459E~1>
2007-03-19 21:22:46 0 d-------- C:\Program Files\BringBack<BRINGB~1>
2007-03-19 21:19:12 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-17 18:18:53 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-16 0951 0 d-------- C:\Program Files\Nokia
2007-03-16 0951 0 d-------- C:\Program Files\Common Files\Nokia
2007-03-14 07:54:48 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-05 21:17:12 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Nokia Multimedia Player<NOKIAM~1>
2007-03-03 07:53:05 0 d-------- C:\Program Files\DivX
2007-02-26 05:54:51 0 d-------- C:\Program Files\Java
2007-02-23 12:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-02-23 12:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 12:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 12:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 12:25:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-23 12:25:24 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 12:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 12:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 12:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 12:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 12:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 12:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 12:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-23 12:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-23 12:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-23 12:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-02-18 20:41:58 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Lavasoft
2007-02-18 20:41:34 0 d-------- C:\Program Files\Lavasoft RegHance<LAVASO~1>
2007-02-18 20:40:08 0 d-------- C:\Program Files\Lavasoft
2007-02-18 19:47:56 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Simply Super Software<SIMPLY~1>
2007-02-18 19:43:27 0 d---s---- C:\Documents and Settings\Azrin Ismail\Application Data\Microsoft<MICROS~1>
2007-02-18 15:40:01 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\PC Tools<PCTOOL~1>
2007-02-18 14:39:31 0 d-------- C:\Program Files\mIRC
2007-02-17 10:19:16 0 d-------- C:\Program Files\Microsoft Games<MI9A48~1>
2007-02-16 09:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-15 21:35:07 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Adobe
2007-02-15 10:57:15 0 d-------- C:\Program Files\Intel Corporation<INTELC~1>
2007-02-14 18:19:22 0 d-------- C:\Program Files\Azureus
2007-02-14 18:17:27 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Azureus
2007-02-03 17:11:52 0 d-------- C:\Program Files\TVUPlayer<TVUPLA~1>
2007-01-26 09:19:00 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-26 09:19:00 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-26 09:19:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 20:21:14 106496 --a------ C:\WINDOWS\system32\exec1.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NWEReboot"=""
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winjews16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\winjews16.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62fe9ef2-a5ab-11db-9915-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf468f3-dda7-11db-9968-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe


-- End of Deckard's System Scanner: finished at 2007-03-31 at 17:42:28 ---------
Attached Files
File Type: txt extra.txt (20.7 KB, 3 views)
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 05:34 PM   #7 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Online ActiveScan report:
Attached Files
File Type: txt Activescan.txt (4.7 KB, 4 views)
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 08:17 PM   #8 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
No more pop-ups and removed remaining spywares using spyware doctor.

Thanks alot.
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 11:50 AM   #9 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Need help, Hijackthis log file
hi huawei

I am really sorry something happened to my notifications a few days ago and I never received notification of your log posting. I will look over the logs to make sure there are no more bad guys lurking then give you some tips in staying more protected

deepest apologies

alba
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2007, 01:47 AM   #10 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Need help, Hijackthis log file
Hi huawei

There is still Some bad guys left


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.


Please delete any previous versions of SDFix

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

===============================================

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

===============================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK


Locate and delete the following files:
  • C:\WINDOWS\system32\exec1.exe


=======================

REBOOT TO NORMAL MODE

======================

Please run Deckard's System Scanner again



In your next post, please include fresh logs from:
  1. Report.txt
    Main.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
Last edited by alba; 04-06-2007 at 01:49 AM.
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2007, 10:33 PM   #11 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Hi Alba,

I will keep you updated as I am not currently on my machine for the week.
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 07:53 AM   #12 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Need help, Hijackthis log file
Okey Dokey

I am subscribed to this thread so I will watch for you when you post back

alba
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 10:45 PM   #13 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
report.txt:


SDFix: Version 1.77

Run by Administrator - Tue 04/10/2007 - 12:16:00.01

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\winjews16.exe"="C:\\WINDOWS\\system32\\winjews16.exe:*:Enabled:Windows Systems16"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"="C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe:*:Enabled:Microsoft Flight Simulator®"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Documents and Settings\Azrin Ismail\Local Settings\Application Data\Microsoft\Messenger\v8_rbg@msn.com\Sharing Folders\anijumat@hotmail.com\Thumbs.db
C:\Documents and Settings\Azrin Ismail\Local Settings\Application Data\Microsoft\Messenger\v8_rbg@msn.com\Sharing Folders\maxknight@hotmail.com\Thumbs.db
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Finished

Hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:28 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\!KillBox\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: ????? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&??? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.ap.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 10:51 PM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,613
OS: 2000 Pro; XP Pro; XP Home


Re: Need help, Hijackthis log file
Hello, huawei -

It appears that you've provided a HijackThis log, instead of another main.txt from Deckard's System Scanner.

As it provides more detailed information with which alba can assist you, please do run DSS once again, and provide the main.txt as requested.

Thank you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 11:54 PM   #15 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Hi Alba,

Main.txt file report:

Deckard's System Scanner v20070328.36
Run by Azrin Ismail on 2007-03-31 at 17:37:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create System Restore WMI object; error code: 0x80041002
Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Azrin Ismail.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:41:28 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Documents and Settings\Azrin Ismail\Desktop\dss.exe
C:\!KillBox\Azrin Ismail.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: ????? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&??? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.ap.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\!KillBox\backups\) -----------------------------

backup-20070331-090229-531 O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\urqroml.dll (file missing)
backup-20070331-090229-563 O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
backup-20070331-090229-741 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\pwykovfg.dll (file missing)
backup-20070331-090229-751 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070331-090229-830 O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
backup-20070331-090229-926 O2 - BHO: (no name) - {DC84E791-A4D3-4ED1-94BC-6C225B212338} - C:\WINDOWS\system32\vtstu.dll (file missing)
backup-20070331-090229-959 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys
3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys
3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys
3 GcKernel (Microsoft SideWinder Value Add - Filter Driver) - c:\windows\system32\drivers\gckernel.sys
0 HFXP2 - c:\windows\system32\drivers\hfxp2.sys
3 HIDSwvd (Microsoft SideWinder Virtual HID Device Mini-Driver) - c:\windows\system32\drivers\hidswvd.sys
2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys
3 mfeapfk (McAfee Inc.) - c:\windows\system32\drivers\mfeapfk.sys
1 mfetdik (McAfee Inc.) - c:\windows\system32\drivers\mfetdik.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
3 mohfilt - c:\windows\system32\drivers\mohfilt.sys
3 MSIRCOMM (Microsoft IR Communications Driver) - c:\windows\system32\drivers\msircomm.sys
3 Nokia USB Port - c:\windows\system32\drivers\nmwcdcj.sys
1 OMCI - c:\windows\system32\drivers\omci.sys
3 ovt530 (AV301P) - c:\windows\system32\drivers\ov530vid.sys
3 P17 (Sound Blaster Live! 24-bit) - c:\windows\system32\drivers\p17.sys
2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys
3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys
3 STIrUsb (SigmaTel USB-IrDA Dongle) - c:\windows\system32\drivers\irstusb.sys
3 SWUSBFLT (Microsoft SideWinder VIA Filter Driver) - c:\windows\system32\drivers\swusbflt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
2 Diskeeper - c:\program files\diskeeper corporation\diskeeper\dkservice.exe
3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe
2 McAfeeFramework (McAfee Framework Service) - c:\program files\mcafee\common framework\frameworkservice.exe
2 McTaskManager (McAfee Task Manager) - c:\program files\mcafee\virusscan enterprise\vstskmgr.exe
3 Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
3 ServiceLayer - c:\program files\pc connectivity solution\servicelayer.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 09:13:07 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-31 09:13:05 0 d-------- C:\WINDOWS\LastGood
2007-03-31 08:47:17 212 --a------ C:\delete.bat
2007-03-29 21:53:12 0 d-------- C:\QUARANTINE<QUARAN~1>
2007-03-29 20:38:14 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll<EPOPGP~1.DLL>
2007-03-29 20:38:14 0 d-------- C:\Program Files\Common Files\Cisco Systems<CISCOS~1>
2007-03-29 20:37:55 52136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-03-29 20:37:55 34152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-03-29 20:37:55 72264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-03-29 20:37:55 64360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-03-29 20:37:54 170408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-03-29 03:33:01 0 d-------- C:\Program Files\BitGrabber<BITGRA~1>
2007-03-27 19:13:59 0 d-------- C:\Program Files\iPod
2007-03-27 19:13:47 0 d-------- C:\Program Files\iTunes
2007-03-17 18:15:20 34297 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-03-17 18:15:16 0 d-------- C:\Program Files\SigmaTel
2007-03-16 23:45:14 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-16 20:41:06 0 d-------- C:\Program Files\GetRight
2007-03-16 08:40:28 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-03-16 08:40:22 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-03-16 08:40:15 9216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-03-16 08:39:47 30720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll<NMWCDC~1.DLL>
2007-03-16 08:39:46 4608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-03-16 08:39:46 138240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-03-16 06:15:10 431801 --a------ C:\WINDOWS\Aktivierungscode.exe<AKTIVI~1.EXE>
2007-03-16 06:04:13 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\PCToolsFirewallPlus<PCTOOL~2>
2007-03-14 08:11:24 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-13 10:17:19 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-03-13 10:17:19 6815744 --a------ C:\Documents and Settings\Azrin Ismail\ntuser.dat
2007-03-03 19:35:22 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-03 06:13:25 94208 -----n--- C:\WINDOWS\system32\mclsp.dll
2007-03-01 05:49:52 0 d-------- C:\Program Files\Common Files\McAfee


-- Find3M Report ---------------------------------------------------------------

2007-03-31 17:42:08 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\uTorrent
2007-03-31 12:16:27 0 d-------- C:\Program Files\utorrent
2007-03-31 12:15:16 0 d-------- C:\Program Files\PC Connectivity Solution<PCCONN~1>
2007-03-31 12:14:41 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-31 11:53:11 0 d-------- C:\Program Files\ffdshow
2007-03-31 11:41:40 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-03-29 20:38:13 0 d-------- C:\Program Files\McAfee
2007-03-28 21:02:49 0 d-------- C:\Program Files\Apollo 3GP Video Converter<APOLLO~2>
2007-03-28 08:07:49 0 d-------- C:\Program Files\Apollo iPod Video Converter<APOLLO~1>
2007-03-19 21:23:50 0 d-------- C:\Program Files\Windows Desktop Search<WI459E~1>
2007-03-19 21:22:46 0 d-------- C:\Program Files\BringBack<BRINGB~1>
2007-03-19 21:19:12 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-17 18:18:53 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-16 0951 0 d-------- C:\Program Files\Nokia
2007-03-16 0951 0 d-------- C:\Program Files\Common Files\Nokia
2007-03-14 07:54:48 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-05 21:17:12 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Nokia Multimedia Player<NOKIAM~1>
2007-03-03 07:53:05 0 d-------- C:\Program Files\DivX
2007-02-26 05:54:51 0 d-------- C:\Program Files\Java
2007-02-23 12:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-02-23 12:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 12:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 12:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 12:25:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-23 12:25:24 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 12:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 12:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 12:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 12:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 12:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 12:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 12:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-23 12:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-23 12:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-23 12:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-02-18 20:41:58 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Lavasoft
2007-02-18 20:41:34 0 d-------- C:\Program Files\Lavasoft RegHance<LAVASO~1>
2007-02-18 20:40:08 0 d-------- C:\Program Files\Lavasoft
2007-02-18 19:47:56 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Simply Super Software<SIMPLY~1>
2007-02-18 19:43:27 0 d---s---- C:\Documents and Settings\Azrin Ismail\Application Data\Microsoft<MICROS~1>
2007-02-18 15:40:01 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\PC Tools<PCTOOL~1>
2007-02-18 14:39:31 0 d-------- C:\Program Files\mIRC
2007-02-17 10:19:16 0 d-------- C:\Program Files\Microsoft Games<MI9A48~1>
2007-02-16 09:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-15 21:35:07 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Adobe
2007-02-15 10:57:15 0 d-------- C:\Program Files\Intel Corporation<INTELC~1>
2007-02-14 18:19:22 0 d-------- C:\Program Files\Azureus
2007-02-14 18:17:27 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Azureus
2007-02-03 17:11:52 0 d-------- C:\Program Files\TVUPlayer<TVUPLA~1>
2007-01-26 09:19:00 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-26 09:19:00 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-26 09:19:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 20:21:14 106496 --a------ C:\WINDOWS\system32\exec1.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NWEReboot"=""
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winjews16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\winjews16.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62fe9ef2-a5ab-11db-9915-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf468f3-dda7-11db-9968-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe


-- End of Deckard's System Scanner: finished at 2007-03-31 at 17:42:28 ---------
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 11:57 PM   #16 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Sorry the above main file report is from last week's scans, from where can i get the Deckard's System Scanner?
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2007, 12:02 AM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,613
OS: 2000 Pro; XP Pro; XP Home


Re: Need help, Hijackthis log file
There should be a green icon on your desktop, with DSS or DSS.exe on it. Double click it to run it.

Here's the path:

C:\Documents and Settings\Azrin Ismail\Desktop\dss.exe

Or, you can just do this:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe"
DSS will run, and it's log will appear. Post that log for Alba.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2007, 06:03 AM   #18 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Hi Alba,

main.txt file system report:

Deckard's System Scanner v20070328.36
Run by Azrin Ismail on 2007-04-10 at 20:00:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Azrin Ismail.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:00:57 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Program Files\WinPortrait\floater.exe
C:\WINDOWS\HPLiteSaver.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
C:\!KillBox\dss.exe
C:\!KillBox\AZRINI~1.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: ????? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&??? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.ap.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe


-- Files created between 2007-03-10 and 2007-04-10 -----------------------------

2007-04-10 19:39:03 60456 --a------ C:\WINDOWS\system32\wpfb_ati2dvag.dll<WPFB_A~1.DLL>
2007-04-10 19:38:49 9260 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys
2007-04-10 19:38:49 15913 --a------ C:\WINDOWS\system32\drivers\pivot.sys
2007-04-10 19:38:48 60456 --a------ C:\WINDOWS\system32\wpfb.dll
2007-04-10 19:38:45 0 d-------- C:\Program Files\WinPortrait<WINPOR~1>
2007-04-10 19:38:44 16384 --a------ C:\WINDOWS\system32\WINKRNME.DLL
2007-04-10 19:37:13 0 d-------- C:\swsetup
2007-04-10 11:54:32 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-04-10 11:53:51 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\ScanSoft
2007-04-10 11:50:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared<SCANSO~1>
2007-04-10 11:50:00 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-04-10 11:44:29 0 d-------- C:\Program Files\ScanSoft
2007-04-02 22:10:20 1693696 --a------ C:\WINDOWS\system32\ltclr13n.dll
2007-04-02 22:10:20 155648 --a------ C:\WINDOWS\system32\lftif13n.dll
2007-04-02 22:10:20 98304 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-04-02 22:01:21 159744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-04-02 22:00:54 55808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-04-02 22:00:40 69632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-04-02 22:00:27 206336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-04-02 22:00:27 401408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-04-02 22:00:27 57344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-04-02 22:00:26 462848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-04-02 22:00:26 450560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-04-02 22:00:26 163840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-04-02 22:00:26 299008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-04-02 15:10:57 37 --a------ C:\WINDOWS\r007
2007-04-02 14:49:09 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-04-02 14:16:15 71552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-04-02 14:15:59 186828 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-04-02 14:15:46 16256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-04-02 14:15:46 23296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-04-02 14:15:45 185472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-04-02 14:15:45 9216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-04-02 14:15:45 36864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-04-02 14:15:45 44544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-04-02 14:15:41 0 d-------- C:\WINDOWS\system32\PAV
2007-04-02 14:15:41 103936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-04-02 14:15:40 141312 --a------ C:\WINDOWS\system32\drivers\netflt.sys
2007-04-02 14:14:37 139264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-04-02 14:14:37 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-04-02 14:14:37 245760 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-04-02 14:14:37 57344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-04-02 14:14:37 16640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-04-02 14:14:35 45056 --a------ C:\WINDOWS\system32\avldr.dll
2007-04-02 14:12:07 0 d-------- C:\Program Files\Panda Software<PANDAS~1>
2007-04-02 14:11:40 26752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-04-02 14:11:40 165120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-04-02 14:11:40 0 d-------- C:\Program Files\Common Files\Panda Software<PANDAS~1>
2007-04-01 20:49:29 0 d-------- C:\Program Files\PC Connectivity Solution<PCCONN~1>
2007-04-01 20:49:07 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-04-01 20:47:11 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-04-01 20:47:11 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-04-01 20:47:11 9216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-04-01 20:47:10 4608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-04-01 20:47:10 30720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll<NMWCDC~1.DLL>
2007-04-01 20:47:10 138240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-04-01 1224 0 d-------- C:\Program Files\PC Tools Firewall Plus<PCTOOL~1>
2007-04-01 07:51:39 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-01 07:51:39 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-01 07:51:39 59472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-01 07:51:39 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-01 07:51:39 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-01 07:51:29 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-01 07:51:14 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-03-31 09:13:07 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-31 08:47:17 212 --a------ C:\delete.bat
2007-03-29 21:53:12 0 d-------- C:\QUARANTINE<QUARAN~1>
2007-03-29 20:38:14 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll<EPOPGP~1.DLL>
2007-03-29 20:38:14 0 d-------- C:\Program Files\Common Files\Cisco Systems<CISCOS~1>
2007-03-29 03:33:01 0 d-------- C:\Program Files\BitGrabber<BITGRA~1>
2007-03-27 19:13:59 0 d-------- C:\Program Files\iPod
2007-03-27 19:13:47 0 d-------- C:\Program Files\iTunes
2007-03-17 18:15:20 34297 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-03-17 18:15:16 0 d-------- C:\Program Files\SigmaTel
2007-03-16 23:45:14 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-16 20:41:06 0 d-------- C:\Program Files\GetRight
2007-03-16 06:15:10 431801 --a------ C:\WINDOWS\Aktivierungscode.exe<AKTIVI~1.EXE>
2007-03-16 06:04:13 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\PCToolsFirewallPlus<PCTOOL~2>
2007-03-14 08:11:24 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-13 10:17:19 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-03-13 10:17:19 6815744 --a------ C:\Documents and Settings\Azrin Ismail\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2007-04-10 19:55:19 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-10 19:39:59 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-04-10 19:37:13 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-10 13:49:08 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\uTorrent
2007-04-10 13:01:36 0 d-------- C:\Program Files\utorrent
2007-04-10 11:50:01 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-10 11:42:29 0 d-------- C:\Program Files\PowerISO
2007-04-02 16:40:36 0 d-------- C:\Program Files\Apollo iPod Video Converter<APOLLO~1>
2007-04-02 14:22:39 0 d-------- C:\Program Files\McAfee
2007-04-02 14:22:39 0 d-------- C:\Program Files\Common Files\McAfee
2007-04-01 21:23:14 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-01 21:23:13 0 d-------- C:\Program Files\Nokia
2007-04-01 20:52:51 0 d-------- C:\Program Files\Common Files\PCSuite
2007-03-31 23:11:31 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 20:02:19 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-03-31 11:53:11 0 d-------- C:\Program Files\ffdshow
2007-03-28 21:02:49 0 d-------- C:\Program Files\Apollo 3GP Video Converter<APOLLO~2>
2007-03-19 21:23:50 0 d-------- C:\Program Files\Windows Desktop Search<WI459E~1>
2007-03-19 21:22:46 0 d-------- C:\Program Files\BringBack<BRINGB~1>
2007-03-19 21:19:12 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-14 07:54:48 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-08 23:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 23:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 23:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 21:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 21:17:12 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Nokia Multimedia Player<NOKIAM~1>
2007-03-03 07:53:05 0 d-------- C:\Program Files\DivX
2007-02-26 05:54:51 0 d-------- C:\Program Files\Java
2007-02-23 12:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-02-23 12:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 12:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 12:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 12:25:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-23 12:25:24 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 12:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 12:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 12:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 12:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 12:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 12:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 12:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-23 12:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-23 12:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-23 12:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-02-18 20:41:58 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Lavasoft
2007-02-18 20:41:34 0 d-------- C:\Program Files\Lavasoft RegHance<LAVASO~1>
2007-02-18 20:40:08 0 d-------- C:\Program Files\Lavasoft
2007-02-18 19:47:56 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Simply Super Software<SIMPLY~1>
2007-02-18 19:43:27 0 d---s---- C:\Documents and Settings\Azrin Ismail\Application Data\Microsoft<MICROS~1>
2007-02-18 15:40:01 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\PC Tools<PCTOOL~1>
2007-02-18 14:39:31 0 d-------- C:\Program Files\mIRC
2007-02-17 10:19:16 0 d-------- C:\Program Files\Microsoft Games<MI9A48~1>
2007-02-16 09:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-15 21:35:07 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Adobe
2007-02-15 10:57:15 0 d-------- C:\Program Files\Intel Corporation<INTELC~1>
2007-02-14 18:19:22 0 d-------- C:\Program Files\Azureus
2007-02-14 18:17:27 0 d-------- C:\Documents and Settings\Azrin Ismail\Application Data\Azureus
2007-01-26 09:19:00 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-26 09:19:00 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-26 09:19:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"OpAgent"="\"C:\\Program Files\\ScanSoft\\OmniPage15.0\\OpAgent.exe\" /agent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NWEReboot"=""
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus + Firewall 2007\\APVXDWIN.EXE\" /s"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"Opware15"="\"C:\\Program Files\\ScanSoft\\OmniPage15.0\\Opware15.exe\""
"OpScheduler"="\"C:\\Program Files\\ScanSoft\\OmniPage15.0\\OpScheduler.exe\""
"ScanSoft OmniPage 15.0-reminder"="\"C:\\Program Files\\ScanSoft\\OmniPage15.0\\Ereg\\ereg.exe\" -r \"C:\\Documents and Settings\\All Users\\Application Data\\ScanSoft\\OmniPage15.0\\Ereg\\ereg.ini\""
"PivotSoftware"="\"C:\\Program Files\\WinPortrait\\wpctrl.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winjews16"
"hkey"="HKLM"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\AUTORUN.EXE

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62fe9ef2-a5ab-11db-9915-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf468f3-dda7-11db-9968-0013201714a4}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe


-- End of Deckard's System Scanner: finished at 2007-04-10 at 20:01:54 ---------
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2007, 11:47 PM   #19 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Need help, Hijackthis log file
Hi huawei

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\winjews16.exe"=-
"C:\\WINDOWS\\scvhost.exe"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Systems16]

[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62fe9ef2-a5ab-11db-9915-0013201714a4}]

[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf468f3-dda7-11db-9968-0013201714a4}]
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

=======================

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded, click on NEXT.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database: extended
    • Scan Options: Scan Archives and Scan Mail Bases
  • Click OK
  • Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
  • Now under select a target to scan, select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run all the way.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button and save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

======================

Please run Deckard's System Scanner again and post the Main.txt here so we make sure the bad guy's are gone


In your next post, please include fresh logs from:
  • Online scan
  • main.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 04:12 AM   #20 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 15
OS: XP SP2


Send a message via MSN to huawei
Re: Need help, Hijackthis log file
Alba,

Can I use Panda Online ActiveScan instead since the Kaspersky online scan doesn't seem to start. I've already installed the activex file but welcome page only popped up.
huawei is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:29 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85