Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Unknown problem! please help!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 04-30-2007, 06:16 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Unknown problem! please help!
hi everyone
I am having some sort of weird problems, and im not sure if it's some kind of spyware or similar, but anyway, everytime i startup my pc i get win32 error message with 2 options( send error or dont send), then i click on send error, and after that ( not directly) my desktop bar and other windows pages change to classic style, and sometimes classic combined with winxp style.

then i go to appearance and i change it back to winxp style, and goes back to normal.
and theres something else, everytime i go to activate my windows fire wall i get the following nessage"windows firewall cant be displayed. Do you want to start the ICS Service?" then i choose yes and then i get the following message" windows cannot start ICS Service" so briefly i cant access my windows fire wall.
I really dont know whats going on , and i really would like to see the solution of this.

and thanx for any help.
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 04-30-2007, 02:20 PM   #2 (permalink)
Assistant Manager, Microsoft Support
 
Geekgirl's Avatar
 
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 13,736
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7


Re: Unknown problem! please help!
Look over the First Steps at Removing Malware
__________________



Compare NOD32 to your current antivirus and anti-spyware solution, HERE

How to back up and restore the registry in Windows XP and Windows Vista
How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000

I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!!

TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM

The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!!
LETS GO PENS !!
Geekgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-30-2007, 11:01 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
im really tired of scanning my computer, i have done the five steps 2 weeks ago because i was trying to solve it my self, and also i have done other online scanning + cleaned up manythings in computer and the results were excellent for one week and now it seems the problem missed me and joined me again, and the stupid thing is i havnt saved any scanning log :-(.
actually im not gonnna go thru all of these again especially the scan process takes too much time on my computer, so just what do you recommend me to do including doing the the five steps? I guess my anti virus program gave me a message that " nkit.dll" is infected.
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-01-2007, 03:09 AM   #4 (permalink)
Assistant Manager, Microsoft Support
 
Geekgirl's Avatar
 
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 13,736
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7


Re: Unknown problem! please help!
Quote:
so just what do you recommend me to do including doing the the five steps?
I suggest completing the 5 steps as instructed and finally ending up in the HJT Log Help Forum
__________________



Compare NOD32 to your current antivirus and anti-spyware solution, HERE

How to back up and restore the registry in Windows XP and Windows Vista
How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000

I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!!

TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM

The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!!
LETS GO PENS !!
Geekgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 03:32 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
hi again
I've done the 5 steps. looks like im infected with "nkit.dll" but none of the antivirus softwares fixed it.
Attached Files
File Type: txt ad-aware SE.TXT (29.9 KB, 1 views)
File Type: txt panda.txt (1.8 KB, 3 views)
File Type: txt scan log by emsi software.windowsecurity.txt (750 Bytes, 2 views)
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 03:36 AM   #6 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
i have done an extra online scan as you see and called emsi scan.

and here's the deckard's one:

and thanx for any help :-)

Deckard's System Scanner v20070426.43
Run by Sleiman Hassan on 2007-05-02 at 20:35:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-05-02 20:35:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sleiman Hassan\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPod Service - Apple Inc. - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe"
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe


-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2017-03-25 13:48:03 0 d-------- C:\Program Files\Common Files\HP
2007-05-02 16:59:48 0 d-------- C:\ie-spyad_zo
2007-05-02 16:56:59 0 d-------- C:\Program Files\SpywareBlaster
2007-05-02 15:35:02 47 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-05-02 15:35:01 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-05-02 15:29:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-02 15:29:51 0 d-------- C:\WINDOWS\LastGood
2007-05-02 14:57:36 0 d-------- C:\Program Files\Lavasoft
2007-05-01 16:15:47 0 d-------- C:\Program Files\Trojancheck 6
2007-04-28 16:01:11 0 d-------- C:\WINDOWS\McAfee.com
2007-04-26 18:11:22 0 d-------- C:\Program Files\XoftSpySE
2007-04-25 08:04:37 7551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys
2007-04-25 06:21:01 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\My Games
2007-04-23 10:12:19 208229 --a------ C:\WINDOWS\rootkit.dll
2007-04-23 1036 208229 --a------ C:\WINDOWS\shdef.exe
2007-04-23 1021 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-04-23 02:08:45 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-04-23 02:08:44 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2007-04-23 02:08:44 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-04-23 02:08:44 0 d-------- C:\Program Files\C-Media 3D Audio
2007-04-23 02:05:37 0 d-------- C:\Program Files\Intel
2007-04-23 02:03:22 0 d-------- C:\WINDOWS\system32\Tools
2007-04-22 21:26:28 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\AVS Video Converter
2007-04-22 21:18:38 0 d-------- C:\Program Files\MagicDVDRipper
2007-04-22 21:10:10 0 d-------- C:\Documents and Settings\All Users\Pegasys Inc
2007-04-22 21:08:55 0 d-------- C:\Documents and Settings\All Users\TMPGEncDVDAuthor3
2007-04-22 21:07:41 53248 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-22 21:07:41 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2007-04-22 21:07:41 118784 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-22 21:03:31 0 d-------- C:\Program Files\Pegasys Inc
2007-04-22 20:59:56 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Pegasys Inc
2007-04-22 20:30:15 0 d-------- C:\Program Files\AC3Filter
2007-04-22 20:28:41 129024 --a------ C:\WINDOWS\UNWISE.EXE
2007-04-22 20:28:41 0 d-------- C:\audio
2007-04-22 17:21:02 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DivX
2007-04-22 17:13:26 0 d-------- C:\Program Files\DivX
2007-04-22 17:07:44 0 d-------- C:\Program Files\Xvid
2007-04-22 16:50:38 0 d-------- C:\Program Files\Easy Video Splitter
2007-04-22 03:49:40 0 d-------- C:\Program Files\AVI MPEG Splitter
2007-04-22 03:48:53 0 d-------- C:\Boilsoft ASF Converter
2007-04-20 13:32:42 0 d-------- C:\Program Files\Symbian OS Tools
2007-04-20 13:32:42 0 d-------- C:\Program Files\Common Files\Symbian
2007-04-20 05:31:48 0 d-------- C:\Program Files\vso
2007-04-20 02:59:22 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-20 02:53:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\VersionTracker Pro
2007-04-20 02:46:20 0 d-------- C:\Program Files\AviSynth 2.5
2007-04-19 10:05:58 0 d-------- C:\Program Files\dvdSanta
2007-04-19 06:33:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-04-19 06:33:22 0 d-------- C:\Program Files\TechSmith
2007-04-19 06:32:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-19 02:02:31 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Nokia Multimedia Player
2007-04-18 03:21:23 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Image Zone Express
2007-04-15 09:44:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-04-15 07:39:45 0 d-------- C:\Program Files\Sonic
2007-04-15 07:39:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-15 06:58:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-04-15 06:58:47 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2007-04-15 06:58:41 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-04-15 06:58:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-04-15 06:58:04 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-04-15 06:58:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-04-15 06:58:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-04-15 06:58:03 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-04-15 06:58:03 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-04-15 06:58:03 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2007-04-14 08:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-04-11 10:09:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Google
2007-04-11 10:08:30 0 d-------- C:\Program Files\Google
2007-04-10 09:39:31 0 d-------- C:\Program Files\GameSpy Arcade
2007-04-08 21:54:22 2634 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-08 21:47:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-04-08 20:27:05 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Lavasoft
2007-04-08 17:33:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-04-08 17:28:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-08 17:28:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-08 17:28:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-08 17:28:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-08 17:28:56 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-08 17:28:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-04-08 17:00:49 0 d-------- C:\Program Files\Common Files\PC Tools
2007-04-08 17:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-04-08 16:37:24 0 d-------- C:\Program Files\Spyware Doctor
2007-04-08 16:37:24 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Tools
2007-04-05 13:59:49 0 d-------- C:\Downloads
2007-04-05 13:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-04-05 13:48:51 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-05 13:48:47 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-05 13:48:20 0 d-------- C:\Program Files\DIFX
2007-04-05 13:48:08 0 d-------- C:\Program Files\PC Connectivity Solution
2007-04-05 13:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2017-03-25 14:36:54 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Help
2017-03-25 13:25:41 0 d-------- C:\Program Files\HP
2007-05-02 15:51:11 0 d-------- C:\Program Files\iTunes
2007-04-28 17:54:58 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Vso
2007-04-26 20:14:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Ahead
2007-04-23 02:04:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-21 11:25:20 0 d-------- C:\Program Files\Java
2007-04-21 04:38:08 0 d-------- C:\Program Files\Nokia
2007-04-20 12:58:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Suite
2007-04-20 08:07:46 781 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\NMM-MetaData.db
2007-04-20 05:27:01 0 d-------- C:\Program Files\CloneDVD
2007-04-19 14:41:51 34 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.log
2007-04-19 14:41:46 47360 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-04-19 14:41:46 1144 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.inf
2007-04-19 14:41:46 1074 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.cat
2007-04-15 07:39:47 0 d-------- C:\Program Files\Roxio
2007-04-15 07:39:10 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-04-12 10:46:03 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:08:06 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-08 16:33:13 0 d-------- C:\Program Files\MTV Networks
2007-03-31 20:46:42 26 --a------ C:\WINDOWS\system32\kakle.dll
2007-03-31 20:46:38 196608 --a------ C:\WINDOWS\system32\maag.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2007-03-31 20:46:38 1212416 --a------ C:\WINDOWS\system32\ckll.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-03-31 20:46:38 1245184 --a------ C:\WINDOWS\system32\bkll.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2007-03-31 20:46:37 1986560 --a------ C:\WINDOWS\system32\akll.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2007-03-31 20:46:37 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2007-03-31 20:46:37 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2007-03-31 20:46:37 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2007-03-31 20:46:37 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2007-03-31 20:46:25 0 d-------- C:\Program Files\Real_SC
2007-03-30 22:00:26 0 d-------- C:\Program Files\Online Services
2007-03-30 18:26:06 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-30 17:34:55 0 d-------- C:\Program Files\Ahead
2007-03-25 18:08:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Adobe
2007-03-25 18:07:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-24 04:56:44 0 d-------- C:\Program Files\3D Space Tour
2007-03-22 21:45:33 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-03-22 21:45:33 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DVDXStudio
2007-03-19 23:30:13 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Apple Computer
2007-03-19 23:28:53 0 d-------- C:\Program Files\iPod
2007-03-19 23:28:23 0 d-------- C:\Program Files\QuickTime
2007-03-19 23:27:33 0 d-------- C:\Program Files\Apple Software Update
2007-03-19 21:54:42 0 d-------- C:\Program Files\Wtm CD Protect
2007-03-18 23:19:52 0 d-------- C:\Program Files\CRS-MegaDev
2007-03-18 22:05:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Real
2007-03-18 22:01:34 0 d-------- C:\Program Files\Common Files\xing shared
2007-03-18 22:01:32 0 d-------- C:\Program Files\Common Files\Real
2007-03-18 22:01:16 0 d-------- C:\Program Files\Real
2007-03-18 21:42:26 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Dev-Cpp
2007-03-17 16:31:42 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Leadertech
2007-03-16 16:15:58 0 d-------- C:\Program Files\PowerISO
2007-03-16 11:39:29 0 d-------- C:\Program Files\MSXML 4.0
2007-03-15 16:52:03 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-03-14 16:49:44 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Datalayer
2007-03-14 15:42:36 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\HP
2007-03-14 15:41:05 110045 --a------ C:\WINDOWS\hpoins08.dat
2007-03-14 15:29:57 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-03-14 13:02:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Roxio
2007-03-14 01:21:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Sun
2007-03-14 01:19:30 0 d-------- C:\Program Files\Common Files\Java
2007-03-13 16:09:44 0 d-------- C:\Program Files\Winamp
2007-03-13 03:53:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-13 03:53:41 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-13 03:53:12 62 --ahs---- C:\Documents and Settings\Sleiman Hassan\Application Data\desktop.ini
2007-03-12 23:43:59 0 d-------- C:\Program Files\Microsoft Works
2007-03-12 23:43:49 0 d-------- C:\Program Files\MSBuild
2007-03-12 23:31:16 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-12 23:31:15 0 d-------- C:\Program Files\Nero
2007-03-12 20:26:10 0 d-------- C:\Program Files\ATI Technologies
2007-03-12 20:22:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-12 20:03:49 0 d-------- C:\Program Files\Messenger
2007-03-12 16:58:59 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Macromedia
2007-03-12 16:36:26 0 d-------- C:\Program Files\Trend Micro
2007-03-12 16:27:30 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Identities
2007-03-12 16:08:29 0 d-------- C:\Program Files\microsoft frontpage
2007-03-12 16:07:04 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-12 1606 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-12 16:05:57 0 d-------- C:\Program Files\Movie Maker
2007-03-12 16:05:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-12 16:04:37 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RegistryMechanic"=""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
@="C:\\WINDOWS\\scvhost.exe"
"shdef"="C:\\WINDOWS\\shdef.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
@="C:\\WINDOWS\\scvhost.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-02 at 20:35:38 ---------
Attached Files
File Type: txt deckards.main.txt (30.4 KB, 2 views)
__________________
1010011 1101101 1101001 1101100 1100101
Last edited by Ried; 05-02-2007 at 05:41 AM.
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 03:36 AM   #7 (permalink)
Assistant Manager, Microsoft Support
 
Geekgirl's Avatar
 
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 13,736
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7


Re: Unknown problem! please help!
I am moving this to the Hijackthis Log Help forum, plz be patient at this time. An analyst will be with you with instructions a.s.a.p.
__________________



Compare NOD32 to your current antivirus and anti-spyware solution, HERE

How to back up and restore the registry in Windows XP and Windows Vista
How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000

I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!!

TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM

The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!!
LETS GO PENS !!
Last edited by Geekgirl; 05-02-2007 at 03:39 AM.
Geekgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 05:52 AM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,957
OS: WinXP and Vista


Re: Unknown problem! please help!
Hello 4u111,

Your system is infested with rootkits--please refrain from attempting any futher fixing on your end and follow these instructions. This will take more than 1 round to erradicate, so please be sure to continue to post logs that are requested.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

Do not run it yet.

------------------------------------------------------------------

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

You should now be in Normal Mode...

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
New HijackThis log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 08:42 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
hi thanx for helping me.

here are the results:


SDFix: Version 1.81

Run by Sleiman Hassan - Thu 05/03/2007 - 1:19:30.09

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\offlog.txt - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\BitComet\\BitComet.exe"="D:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Windows.old\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Windows.old\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"D:\\games 1\\civ\\Conquests\\Civ3Conquests.exe"="D:\\games 1\\civ\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"D:\\games 1\\counter strike\\SteamApps\\dodger350\\counter-strike\\hl.exe"="D:\\games 1\\counter strike\\SteamApps\\dodger350\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\CRS-MegaDev\MegaTrainer XL\mfc71.dll
C:\Program Files\CRS-MegaDev\MegaTrainer XL\mfc71u.dll
C:\Program Files\CRS-MegaDev\MegaTrainer XL\msvcr71.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished


"Sleiman Hassan" - 07-05-03 1:28:56 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Sleiman Hassan\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Spyware Doctor\Cracked\_desktop.ini
C:\DOCUME~1\SLEIMA~1\Desktop\internet.lnk


((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))


2007-05-03 01:20 380,416 --a------ C:\WINDOWS\system32\rstrui.exe
2007-05-02 17:05 <DIR> d-------- C:\Deckard
2007-05-02 16:59 <DIR> d-------- C:\ie-spyad_zo
2007-05-02 16:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-02 15:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-02 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-01 16:15 <DIR> d-------- C:\Program Files\Trojancheck 6
2007-04-28 16:01 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-04-26 18:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-04-25 08:04 7,551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys
2007-04-25 06:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\My Games
2007-04-23 10:12 208,229 --a------ C:\WINDOWS\rootkit.dll
2007-04-23 10:06 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-04-23 10:06 208,229 --a------ C:\WINDOWS\shdef.exe
2007-04-23 02:08 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-04-23 02:08 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-04-23 02:08 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-04-23 02:08 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-04-23 02:05 69,504 -ra------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2007-04-23 02:05 <DIR> d-------- C:\Program Files\Intel
2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-04-22 21:26 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\AVS Video Converter
2007-04-22 21:18 <DIR> d-------- C:\Program Files\MagicDVDRipper
2007-04-22 21:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pegasys Inc
2007-04-22 21:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\TMPGEncDVDAuthor3
2007-04-22 21:07 53,248 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-04-22 21:07 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-04-22 21:07 118,784 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2007-04-22 21:03 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-04-22 20:59 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Pegasys Inc
2007-04-22 20:30 <DIR> d-------- C:\Program Files\AC3Filter
2007-04-22 20:28 129,024 --a------ C:\WINDOWS\UNWISE.EXE
2007-04-22 20:28 <DIR> d-------- C:\audio
2007-04-22 17:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\DivX
2007-04-22 17:13 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-04-22 17:13 <DIR> d-------- C:\Program Files\DivX
2007-04-22 17:07 <DIR> d-------- C:\Program Files\Xvid
2007-04-22 16:50 <DIR> d-------- C:\Program Files\Easy Video Splitter
2007-04-22 03:49 <DIR> d-------- C:\Program Files\AVI MPEG Splitter
2007-04-22 03:48 <DIR> d-------- C:\Boilsoft ASF Converter
2007-04-21 03:57 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-04-21 03:57 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-04-21 03:57 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-04-21 03:57 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-21 03:57 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-04-21 03:57 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-04-20 13:32 <DIR> d-------- C:\Program Files\Symbian OS Tools
2007-04-20 13:32 <DIR> d-------- C:\Program Files\Common Files\Symbian
2007-04-20 05:31 <DIR> d-------- C:\Program Files\vso
2007-04-20 02:59 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-20 02:53 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\VersionTracker Pro
2007-04-20 02:46 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-04-19 10:05 <DIR> d-------- C:\Program Files\dvdSanta
2007-04-19 06:33 <DIR> d-------- C:\Program Files\TechSmith
2007-04-19 06:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-04-19 06:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-19 05:47 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2007-04-19 02:02 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Nokia Multimedia Player
2007-04-18 03:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Image Zone Express
2007-04-15 09:44 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-04-15 07:39 <DIR> d-------- C:\Program Files\Sonic
2007-04-15 07:39 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-15 06:58 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-04-15 06:58 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-04-15 06:58 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\PC Suite
2007-04-14 08:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-04-11 10:09 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Google
2007-04-11 10:08 <DIR> d-------- C:\Program Files\Google
2007-04-10 09:39 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-04-08 21:54 2,634 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-08 21:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-08 20:27 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Lavasoft
2007-04-08 17:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-04-08 17:28 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-08 17:00 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-04-08 17:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-04-08 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-08 16:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-08 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-08 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-08 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-08 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-08 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-08 16:37 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\PC Tools
2007-04-05 13:59 <DIR> d-------- C:\Downloads
2007-04-05 13:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-04-05 13:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-04-05 13:48 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-04-05 13:48 <DIR> d-------- C:\Program Files\DIFX
2007-04-05 13:48 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-04-05 13:48 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-04-05 13:47 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-04-05 13:47 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-04-05 13:47 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-04-05 13:47 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-04-05 13:47 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-04-05 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-02 15:51 -------- d-------- C:\Program Files\itunes
2007-04-28 17:54 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\vso
2007-04-23 02:04 -------- d--h----- C:\Program Files\installshield installation information
2007-04-21 04:38 -------- d-------- C:\Program Files\nokia
2007-04-20 12:58 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\pc suite
2007-04-20 08:07 781 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\nmm-metadata.db
2007-04-20 05:27 -------- d-------- C:\Program Files\clonedvd
2007-04-19 14:41 87608 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\ezpinst.exe
2007-04-19 14:41 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-19 14:41 47360 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.sys
2007-04-19 14:41 34 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.log
2007-04-19 14:41 1144 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.inf
2007-04-19 14:41 1074 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.cat
2007-04-15 07:39 -------- d-------- C:\Program Files\roxio
2007-04-15 07:39 -------- d-------- C:\Program Files\Common Files\roxio shared
2007-04-12 10:46 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:08 -------- d-------- C:\Program Files\Common Files\installshield
2007-04-08 16:33 -------- d-------- C:\Program Files\mtv networks
2007-03-31 20:46 90112 --a------ C:\WINDOWS\system32\agsaami.dll
2007-03-31 20:46 610304 --a------ C:\WINDOWS\system32\agsaamg.dll
2007-03-31 20:46 372736 --a------ C:\WINDOWS\system32\agsaamc.dll
2007-03-31 20:46 26 --a------ C:\WINDOWS\system32\kakle.dll
2007-03-31 20:46 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll
2007-03-31 20:46 1986560 --a------ C:\WINDOWS\system32\akll.dll
2007-03-31 20:46 196608 --a------ C:\WINDOWS\system32\maag.dll
2007-03-31 20:46 1245184 --a------ C:\WINDOWS\system32\bkll.dll
2007-03-31 20:46 1212416 --a------ C:\WINDOWS\system32\ckll.dll
2007-03-31 20:46 -------- d-------- C:\Program Files\real_sc
2007-03-30 22:00 -------- d-------- C:\Program Files\online services
2007-03-30 18:26 -------- d-------- C:\Program Files\windows media connect 2
2007-03-30 17:34 -------- d-------- C:\Program Files\ahead
2007-03-27 17:55 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 17:55 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-27 17:55 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-22 21:45 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-03-22 21:45 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\dvdxstudio
2007-03-20 11:37 831048 --a------ C:\WINDOWS\system32\wudfupdate_01005.dll
2007-03-19 23:28 -------- d-------- C:\Program Files\quicktime
2007-03-19 23:28 -------- d-------- C:\Program Files\ipod
2007-03-19 23:27 -------- d-------- C:\Program Files\apple software update
2007-03-19 21:54 -------- d-------- C:\Program Files\wtm cd protect
2007-03-18 23:19 -------- d-------- C:\Program Files\crs-megadev
2007-03-18 22:05 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\real
2007-03-18 22:01 -------- d-------- C:\Program Files\real
2007-03-18 22:01 -------- d-------- C:\Program Files\Common Files\xing shared
2007-03-18 22:01 -------- d-------- C:\Program Files\Common Files\real
2007-03-18 21:42 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\dev-cpp
2007-03-17 23:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 16:31 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\leadertech
2007-03-17 13:33 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-16 16:15 -------- d-------- C:\Program Files\poweriso
2007-03-16 11:39 -------- d-------- C:\Program Files\msxml 4.0
2007-03-15 16:52 -------- d-------- C:\Program Files\winavivideoconverter
2007-03-14 16:49 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\datalayer
2007-03-14 15:42 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\hp
2007-03-14 15:41 110045 --a------ C:\WINDOWS\hpoins08.dat
2007-03-14 15:29 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2007-03-14 13:02 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\roxio
2007-03-13 16:09 -------- d-------- C:\Program Files\winamp
2007-03-13 03:53 62 --ahs---- C:\DOCUME~1\SLEIMA~1\APPLIC~1\desktop.ini
2007-03-13 03:53 -------- d-------- C:\Program Files\Common Files\speechengines
2007-03-13 03:53 -------- d-------- C:\Program Files\Common Files\odbc
2007-03-12 23:43 -------- d-------- C:\Program Files\msbuild
2007-03-12 23:43 -------- d-------- C:\Program Files\microsoft works
2007-03-12 23:31 -------- d-------- C:\Program Files\nero
2007-03-12 20:26 -------- d-------- C:\Program Files\ati technologies
2007-03-12 20:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-12 20:03 -------- d-------- C:\Program Files\messenger
2007-03-12 16:36 -------- d-------- C:\Program Files\trend micro
2007-03-12 16:08 -------- d-------- C:\Program Files\microsoft frontpage
2007-03-12 16:07 -------- d--h----- C:\Program Files\windowsupdate
2007-03-12 16:06 -------- d-------- C:\Program Files\Common Files\mssoap
2007-03-12 16:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-12 16:05 -------- d-------- C:\Program Files\movie maker
2007-03-12 16:04 -------- d-------- C:\Program Files\msn gaming zone
2007-03-09 01:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-09 01:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-09 01:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 23:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-06 06:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RegistryMechanic"=""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"shdef"="C:\\WINDOWS\\shdef.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 01:34:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-03 1:34:15
C:\ComboFix-quarantined-files.txt ... 07-05-03 01:34
Attached Files
File Type: txt SDFix.txt Report.txt (6.8 KB, 2 views)
File Type: txt ComboFix.txt (16.6 KB, 2 views)
__________________
1010011 1101101 1101001 1101100 1100101
Last edited by Ried; 05-02-2007 at 09:45 AM.
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 08:43 AM   #10 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
and hijackthis log.txt:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:38:36 AM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SLEIMA~1\LOCALS~1\Temp\Rar$EX00.656\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8341 bytes
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 09:48 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,957
OS: WinXP and Vista


Re: Unknown problem! please help!
The log you've posted is the beta version of HijackThis and is still under development. Please refer to this thread TrendMicro's HijackThis version2 Beta

Please delete your current Beta version and download HijackThis 1.99.1. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 03:55 AM   #12 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
I have some good news, my computer is not showing up the virus popus message, it's just great right now, and i had some problems with accessing windows firewall, but now it's all ok i can access without any problem, the whole computer is just normal now. I dont know if this is just temporary, but anyway i just wanted to tell you whats going on.
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 07:27 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,957
OS: WinXP and Vista


Re: Unknown problem! please help!
Even though your symptoms have subsided, you stilll have active infection running on your system.

I highly recommend following my instructions and download HJT 1.99.1 and post the scan here so we can finish this cleansing process.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 08:05 AM   #14 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
hi
i downloades HJT 1.99.1, and here's the results:

Logfile of HijackThis v1.99.1
Scan saved at 1:04:41 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sleiman Hassan\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 07:45 PM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,957
OS: WinXP and Vista


Re: Unknown problem! please help!
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files

C:\WINDOWS\ rootkit.dll
C:\WINDOWS\system32\drivers\ oreans32.sys
C:\WINDOWS\ shdef.exe


--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with dss.exe

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
new main.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 07:50 PM   #16 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
you want me to do these stpes again?
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 07:52 PM   #17 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
na na sorry, im mistaken, Im gonna do them and reply you.
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-04-2007, 12:51 AM   #18 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
hi

I've done panda, and deckard scan successfully. anyway, my system looks perfect now. but one little problem, at the startup my descktop, webpages, and other pages changes automatically to the classic style then back to xp style, and some times it just stays on classic style so i have to change it my self to xp style.( i had this problem arround 2 weeks ago and i still have it).


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@azjmp[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@doubleclick[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@realmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@statcounter[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@www5.addfreestats[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sleiman Hassan\Cookies\sleiman_hassan@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Sleiman Hassan\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sleiman Hassan\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
--------------------------------------------------------------------------

Deckard's System Scanner v20070426.43
Run by Sleiman Hassan on 2007-05-04 at 17:44:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sleiman Hassan.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:44:09 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Sleiman Hassan\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Sleiman Hassan.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://\\HIME-C868A76915\ntfolder\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


-- Files created between 2007-04-04 and 2007-05-04 -----------------------------

2017-03-25 13:48:03 0 d-------- C:\Program Files\Common Files\HP
2007-05-02 16:59:48 0 d-------- C:\ie-spyad_zo
2007-05-02 16:56:59 0 d-------- C:\Program Files\SpywareBlaster
2007-05-02 15:29:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-02 14:57:36 0 d-------- C:\Program Files\Lavasoft
2007-05-01 16:15:47 0 d-------- C:\Program Files\Trojancheck 6
2007-04-28 16:01:11 0 d-------- C:\WINDOWS\McAfee.com
2007-04-26 18:11:22 0 d-------- C:\Program Files\XoftSpySE
2007-04-25 08:04:37 7551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys
2007-04-25 06:21:01 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\My Games
2007-04-23 02:08:45 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-04-23 02:08:44 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2007-04-23 02:08:44 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-04-23 02:08:44 0 d-------- C:\Program Files\C-Media 3D Audio
2007-04-23 02:05:37 0 d-------- C:\Program Files\Intel
2007-04-23 02:03:22 0 d-------- C:\WINDOWS\system32\Tools
2007-04-22 21:26:28 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\AVS Video Converter
2007-04-22 21:18:38 0 d-------- C:\Program Files\MagicDVDRipper
2007-04-22 21:10:10 0 d-------- C:\Documents and Settings\All Users\Pegasys Inc
2007-04-22 21:08:55 0 d-------- C:\Documents and Settings\All Users\TMPGEncDVDAuthor3
2007-04-22 21:07:41 53248 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-22 21:07:41 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2007-04-22 21:07:41 118784 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-22 21:03:31 0 d-------- C:\Program Files\Pegasys Inc
2007-04-22 20:59:56 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Pegasys Inc
2007-04-22 20:30:15 0 d-------- C:\Program Files\AC3Filter
2007-04-22 20:28:41 129024 --a------ C:\WINDOWS\UNWISE.EXE
2007-04-22 20:28:41 0 d-------- C:\audio
2007-04-22 17:21:02 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DivX
2007-04-22 17:13:26 0 d-------- C:\Program Files\DivX
2007-04-22 17:07:44 0 d-------- C:\Program Files\Xvid
2007-04-22 16:50:38 0 d-------- C:\Program Files\Easy Video Splitter
2007-04-22 03:49:40 0 d-------- C:\Program Files\AVI MPEG Splitter
2007-04-22 03:48:53 0 d-------- C:\Boilsoft ASF Converter
2007-04-20 13:32:42 0 d-------- C:\Program Files\Symbian OS Tools
2007-04-20 13:32:42 0 d-------- C:\Program Files\Common Files\Symbian
2007-04-20 05:31:48 0 d-------- C:\Program Files\vso
2007-04-20 02:59:22 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-20 02:53:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\VersionTracker Pro
2007-04-20 02:46:20 0 d-------- C:\Program Files\AviSynth 2.5
2007-04-19 10:05:58 0 d-------- C:\Program Files\dvdSanta
2007-04-19 06:33:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-04-19 06:33:22 0 d-------- C:\Program Files\TechSmith
2007-04-19 06:32:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-19 02:02:31 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Nokia Multimedia Player
2007-04-18 03:21:23 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Image Zone Express
2007-04-15 09:44:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-04-15 07:39:45 0 d-------- C:\Program Files\Sonic
2007-04-15 07:39:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-15 06:58:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-04-15 06:58:47 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2007-04-15 06:58:41 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-04-15 06:58:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-04-15 06:58:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-04-15 06:58:04 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-04-15 06:58:04 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-04-15 06:58:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2007-04-15 06:58:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-04-15 06:58:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-04-15 06:58:03 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-04-15 06:58:03 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-04-15 06:58:03 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2007-04-14 08:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-04-11 10:09:11 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Google
2007-04-11 10:08:30 0 d-------- C:\Program Files\Google
2007-04-10 09:39:31 0 d-------- C:\Program Files\GameSpy Arcade
2007-04-08 21:54:22 2634 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-08 21:47:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-04-08 20:27:05 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Lavasoft
2007-04-08 17:33:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-04-08 17:28:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-08 17:28:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-08 17:28:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-08 17:28:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-08 17:28:56 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-04-08 17:28:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-08 17:28:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-08 17:28:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-04-08 17:00:49 0 d-------- C:\Program Files\Common Files\PC Tools
2007-04-08 17:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-04-08 16:37:24 0 d-------- C:\Program Files\Spyware Doctor
2007-04-08 16:37:24 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Tools
2007-04-05 13:59:49 0 d-------- C:\Downloads
2007-04-05 13:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-04-05 13:48:51 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-05 13:48:47 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-05 13:48:20 0 d-------- C:\Program Files\DIFX
2007-04-05 13:48:08 0 d-------- C:\Program Files\PC Connectivity Solution
2007-04-05 13:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2017-03-25 14:36:54 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Help
2017-03-25 13:25:41 0 d-------- C:\Program Files\HP
2007-05-04 1608 0 d-------- C:\Program Files\Nokia
2007-05-04 13:43:50 0 d-------- C:\Program Files\iTunes
2007-04-28 17:54:58 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Vso
2007-04-26 20:14:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Ahead
2007-04-21 11:25:20 0 d-------- C:\Program Files\Java
2007-04-20 12:58:17 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\PC Suite
2007-04-20 08:07:46 781 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\NMM-MetaData.db
2007-04-20 05:27:01 0 d-------- C:\Program Files\CloneDVD
2007-04-19 14:41:51 34 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.log
2007-04-19 14:41:46 47360 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-04-19 14:41:46 1144 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.inf
2007-04-19 14:41:46 1074 --a------ C:\Documents and Settings\Sleiman Hassan\Application Data\pcouffin.cat
2007-04-15 07:39:47 0 d-------- C:\Program Files\Roxio
2007-04-15 07:39:10 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-04-12 10:46:03 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:08:06 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-08 16:33:13 0 d-------- C:\Program Files\MTV Networks
2007-03-31 20:46:42 26 --a------ C:\WINDOWS\system32\kakle.dll
2007-03-31 20:46:38 196608 --a------ C:\WINDOWS\system32\maag.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2007-03-31 20:46:38 1212416 --a------ C:\WINDOWS\system32\ckll.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-03-31 20:46:38 1245184 --a------ C:\WINDOWS\system32\bkll.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2007-03-31 20:46:37 1986560 --a------ C:\WINDOWS\system32\akll.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2007-03-31 20:46:37 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2007-03-31 20:46:37 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2007-03-31 20:46:37 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2007-03-31 20:46:37 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2007-03-31 20:46:25 0 d-------- C:\Program Files\Real_SC
2007-03-30 22:00:26 0 d-------- C:\Program Files\Online Services
2007-03-30 18:26:06 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-30 17:34:55 0 d-------- C:\Program Files\Ahead
2007-03-25 18:08:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Adobe
2007-03-25 18:07:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-24 04:56:44 0 d-------- C:\Program Files\3D Space Tour
2007-03-22 21:45:33 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-03-22 21:45:33 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\DVDXStudio
2007-03-19 23:30:13 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Apple Computer
2007-03-19 23:28:53 0 d-------- C:\Program Files\iPod
2007-03-19 23:28:23 0 d-------- C:\Program Files\QuickTime
2007-03-19 23:27:33 0 d-------- C:\Program Files\Apple Software Update
2007-03-19 21:54:42 0 d-------- C:\Program Files\Wtm CD Protect
2007-03-18 23:19:52 0 d-------- C:\Program Files\CRS-MegaDev
2007-03-18 22:05:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Real
2007-03-18 22:01:34 0 d-------- C:\Program Files\Common Files\xing shared
2007-03-18 22:01:32 0 d-------- C:\Program Files\Common Files\Real
2007-03-18 22:01:16 0 d-------- C:\Program Files\Real
2007-03-18 21:42:26 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Dev-Cpp
2007-03-17 16:31:42 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Leadertech
2007-03-16 16:15:58 0 d-------- C:\Program Files\PowerISO
2007-03-16 11:39:29 0 d-------- C:\Program Files\MSXML 4.0
2007-03-15 16:52:03 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-03-14 16:49:44 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Datalayer
2007-03-14 15:42:36 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\HP
2007-03-14 15:41:05 110045 --a------ C:\WINDOWS\hpoins08.dat
2007-03-14 15:29:57 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-03-14 13:02:57 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Roxio
2007-03-14 01:21:06 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Sun
2007-03-14 01:19:30 0 d-------- C:\Program Files\Common Files\Java
2007-03-13 16:09:44 0 d-------- C:\Program Files\Winamp
2007-03-13 03:53:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-13 03:53:41 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-13 03:53:12 62 --ahs---- C:\Documents and Settings\Sleiman Hassan\Application Data\desktop.ini
2007-03-12 23:43:59 0 d-------- C:\Program Files\Microsoft Works
2007-03-12 23:43:49 0 d-------- C:\Program Files\MSBuild
2007-03-12 23:31:16 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-12 23:31:15 0 d-------- C:\Program Files\Nero
2007-03-12 20:26:10 0 d-------- C:\Program Files\ATI Technologies
2007-03-12 20:22:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-12 20:03:49 0 d-------- C:\Program Files\Messenger
2007-03-12 16:58:59 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Macromedia
2007-03-12 16:36:26 0 d-------- C:\Program Files\Trend Micro
2007-03-12 16:27:30 0 d-------- C:\Documents and Settings\Sleiman Hassan\Application Data\Identities
2007-03-12 16:08:29 0 d-------- C:\Program Files\microsoft frontpage
2007-03-12 16:07:04 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-12 1606 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-12 16:05:57 0 d-------- C:\Program Files\Movie Maker
2007-03-12 16:05:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-12 16:04:37 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RegistryMechanic"=""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-04 at 17:44:45 ---------
Attached Files
File Type: txt Activescan.txt (5.4 KB, 1 views)
File Type: txt NewMain.txt (27.0 KB, 1 views)
__________________
1010011 1101101 1101001 1101100 1100101
Last edited by Ried; 05-04-2007 at 09:12 AM.
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-04-2007, 09:14 AM   #19 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,957
OS: WinXP and Vista


Re: Unknown problem! please help!
Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-06-2007, 10:01 PM   #20 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
I really dont know howto thank you, and i will just say it the normal way

"thank you"
Have a nice days.
__________________
1010011 1101101 1101001 1101100 1100101
4u111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:44 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84