Tech Support banner
Status
Not open for further replies.
1 - 20 of 41 Posts

·
Registered
Joined
·
30 Posts
Discussion Starter · #1 ·
this is my first time using a forum and so i dont know exactly what im doing but i recently got a virus of some sort and i cant seem to get my system back to normal. if someone could talk me through the process of using hijack this so maybe you can figure out whats wrong. thanks
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello

After you've completed what you can of the instructions in the thread Clark76 referred you to, please do the following:

Please download HijackThis.zip 1.99.1 - this program will help us determine the extent of any spyware/malware on your computer as well as aid us in removing it.

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Copy/paste the hijackthis.log file here in this thread using the Reply button located below.

**Do not fix anything in HijackThis since many entries are harmless and necessary for the proper operation of your system.
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #4 ·
Logfile of HijackThis v1.99.1
Scan saved at 2:57:29 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\system32\imtqodk.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ExtraDrvDataMemo] C:\Documents and Settings\All Users\Application Data\four nurb extra drv\heartlink.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [wdokbye.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Matt\Local Settings\Application Data\wdokbye.dll",bpzgoi
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gplscr] C:\DOCUME~1\Matt\APPLIC~1\TESTDO~1\admin way.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PC Probe II V1.04.05.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167278147078
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe


thats it a believe...
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #5 ·
also in spybot search and destroy keeps picking up coolWWWsearch.WCADW i was reading some other threads and i think they may be releated
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello bmx-rider8,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please download SmitfraudFix (by S!Ri) to your Desktop.

-----------------------

Please ensure AVG Anti-Spyware has the latest definitions:

Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).


***************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\system32\imtqodk.dll (file missing)
O4 - HKLM\..\Run: [wdokbye.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Matt\Local Settings\Application Data\wdokbye.dll",bpzgoi
O4 - HKCU\..\Run: [Gplscr] C:\DOCUME~1\Matt\APPLIC~1\TESTDO~1\admin way.exe



Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using My Computer, navigate to and delete the following Files and Folder if they still exist.

C:\Documents and Settings\Matt\Local Settings\Application Data\wdokbye.dll
C:\DOCUME~1\Matt\APPLIC~1\TESTDO~1
<--This folder will begin with those first 6 letters.

-----------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

______________________________

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.
______________________________

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"


Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.
______________________________

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
----------------------------------------------------

Reboot into Normal Mode.

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

______________________________

Please run this online scan to search for any other files that may be lurking. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

______________________________

Download fl.zip
  • Extract the contents of the fl.zip to a new folder on Desktop.
  • Within the folder, locate & double-click fl.bat.
  • It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply
-----------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
AVG A/S log
Panda log
findlop.txt
Hijackthis log
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #7 ·
heres all the scans... and thanks alot bud i think its good to go.......

Logfile of HijackThis v1.99.1
Scan saved at 4:22:31 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ExtraDrvDataMemo] C:\Documents and Settings\All Users\Application Data\four nurb extra drv\heartlink.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PC Probe II V1.04.05.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167278147078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:43:10 PM 1/11/2007

+ Scan result:



C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP59\A0013251.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP60\A0013324.dll -> Downloader.Busky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP57\A0009027.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\out.dll -> Trojan.Agent.adl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP57\A0008943.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP57\A0012966.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP57\A0009052.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{378AEBDD-BF48-4D52-B8FE-B74EB3F837C7}\RP57\A0009053.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).


::Report end




Incident Status Location

Adware:adware/adblock Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Adware:adware/admess Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CURRENT_USER\CLSID\{35F59C80-C1F2-4EEA-9981-686C7D5A9277}
Adware:adware/adtomi Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matt\Desktop\SmitfraudFix\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{343ABC08-07D4-1033-0627-061128050001}\UnInstall.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Maxifiles Not disinfected





Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\All Users\Application Data

01/03/2007 11:58 AM <DIR> Adobe
12/30/2006 10:50 PM <DIR> Adobe Systems
01/09/2007 04:20 PM <DIR> Avg7
01/09/2007 04:13 PM <DIR> four nurb extra drv
01/09/2007 04:19 PM <DIR> Grisoft
01/07/2007 10:44 PM <DIR> iolo
01/08/2007 07:52 AM <DIR> Microsoft Help
01/02/2007 04:02 AM <DIR> nView_Profiles
01/10/2007 05:14 PM <DIR> Spybot - Search & Destroy
01/09/2007 03:34 PM <DIR> Symantec
12/27/2006 11:01 PM <DIR> Windows Genuine Advantage
12/29/2006 10:34 PM <DIR> WinZip
0 File(s) 0 bytes
12 Dir(s) 228,144,754,688 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Matt\Application Data

01/05/2007 10:25 AM <DIR> Adobe
01/03/2007 11:12 AM <DIR> Ahead
01/03/2007 02:14 PM <DIR> ATI
01/11/2007 02:42 PM <DIR> AVG7
12/27/2006 08:34 PM <DIR> Identities
01/03/2007 01:58 AM <DIR> iolo
12/30/2006 01:20 AM <DIR> Lavasoft
12/30/2006 01:20 AM <DIR> Macromedia
01/09/2007 07:34 AM <DIR> NetPumper
01/07/2007 10:43 PM <DIR> Real
01/09/2007 07:03 PM <DIR> uTorrent
0 File(s) 0 bytes
11 Dir(s) 228,144,754,688 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Default User\Application Data

12/27/2006 03:23 PM <DIR> .
12/27/2006 03:23 PM <DIR> ..
12/27/2006 10:27 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 228,144,754,688 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'B0C9D74092CA568C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\matt\applic~1\testdo~1\Kind License Multi.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Matt'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/11/2007 8:00:00
NextRun: 01/11/2007 17:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/27/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0



i think thats about it...... again thanks
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hiya,

Not quite finished yet--almost. :wink:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Close any open browsers.

***************************************************

Delete the following folders:

C:\Program Files\Common Files\{343ABC08-07D4-1033-0627-061128050001}
C:\Documents and Settings\All Users\Application Data\four nurb extra drv


--------------------------------------------------------------------

Open Notepad and copy and paste the content of the code box in it:

Code:
C:\
cd C:\Windows\Tasks
attrib -r -s -h B0C9D74092CA568C.job
del B0C9D74092CA568C.job
Save this Notepad file as remjobs.bat , choose to save as *all files
and place it on your desktop.

Doubleclick on remjobs.bat. A doswindow will open and close again, this is normal.

--------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)
REGEDIT4

[-HKEY_CURRENT_USER\CLSID\{35F59C80-C1F2-4EEA-9981-686C7D5A9277}]
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:


Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Reboot your system.

--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run the fl.bat once again.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
findlop.txt
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #9 ·
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\All Users\Application Data

01/03/2007 11:58 AM <DIR> Adobe
12/30/2006 10:50 PM <DIR> Adobe Systems
01/09/2007 04:20 PM <DIR> Avg7
01/09/2007 04:19 PM <DIR> Grisoft
01/07/2007 10:44 PM <DIR> iolo
01/08/2007 07:52 AM <DIR> Microsoft Help
01/02/2007 04:02 AM <DIR> nView_Profiles
01/10/2007 05:14 PM <DIR> Spybot - Search & Destroy
01/09/2007 03:34 PM <DIR> Symantec
12/27/2006 11:01 PM <DIR> Windows Genuine Advantage
12/29/2006 10:34 PM <DIR> WinZip
0 File(s) 0 bytes
11 Dir(s) 236,592,152,576 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Matt\Application Data

01/05/2007 10:25 AM <DIR> Adobe
01/03/2007 11:12 AM <DIR> Ahead
01/03/2007 02:14 PM <DIR> ATI
01/12/2007 02:40 PM <DIR> AVG7
12/27/2006 08:34 PM <DIR> Identities
01/03/2007 01:58 AM <DIR> iolo
12/30/2006 01:20 AM <DIR> Lavasoft
12/30/2006 01:20 AM <DIR> Macromedia
01/09/2007 07:34 AM <DIR> NetPumper
01/07/2007 10:43 PM <DIR> Real
01/09/2007 07:03 PM <DIR> uTorrent
0 File(s) 0 bytes
11 Dir(s) 236,592,152,576 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Default User\Application Data

12/27/2006 03:23 PM <DIR> .
12/27/2006 03:23 PM <DIR> ..
12/27/2006 10:27 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 236,592,152,576 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'B0C9D74092CA568C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\matt\applic~1\testdo~1\Kind License Multi.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Matt'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/11/2007 8:00:00
NextRun: 01/13/2007 0:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/27/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


Incident Status Location

Adware:adware/adblock Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Adware:adware/admess Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CURRENT_USER\CLSID\{35F59C80-C1F2-4EEA-9981-686C7D5A9277}
Adware:adware/adtomi Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\unsvchosts.exe
Virus:Trj/Disablekey.BF Disinfected



I think there still might be something on my computer because it has slowed down quite a bit... but there might not all include a new hijack this report just incase....
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #10 ·
Logfile of HijackThis v1.99.1
Scan saved at 11:53:05 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ExtraDrvDataMemo] C:\Documents and Settings\All Users\Application Data\four nurb extra drv\heartlink.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PC Probe II V1.04.05.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167278147078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


just incase.... thanks
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

The entries I asked you to fix in the last round are still there. Let's try this again.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download the attached bmx.zip file to your desktop.

Double click on the zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

***************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Do you have Messenger Plus! 3 installed? This program is known to install the malware that you have, a LOP infection. Please uninstall it if you have it and if the program is a must have, reinstall it and decline when asked to install the sponsor's software.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if it exists:

Messenger Plus! 3

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ExtraDrvDataMemo] C:\Documents and Settings\All Users\Application Data\four nurb extra drv\heartlink.exe



Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Delete the following file and folders:

C:\WINDOWS\system32\unsvchosts.exe
C:\Documents and Settings\All Users\Application Data\four nurb extra drv
C:\Program Files\Messenger Plus! 3


--------------------------------------------------------------------

Open Notepad and copy and paste the content of the code box in it:

Code:
C:\
cd C:\Windows\Tasks
attrib -r -s -h B0C9D74092CA568C.job
del B0C9D74092CA568C.job
Save this Notepad file as remjobs.bat , choose to save as *all files
and place it on your desktop.

Doubleclick on remjobs.bat. A doswindow will open and close again, this is normal.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply along with a new HijackThis log.
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #12 ·
Logfile of HijackThis v1.99.1
Scan saved at 11:26:10 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PC Probe II V1.04.05.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167278147078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe




"Matt" - 07-01-13 11:20:02 Service Pack 2
ComboFix 07-01-13 - Running from: "C:\Documents and Settings\Matt\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))


2007-01-11 15:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-11 15:00 2,854 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-11 07:48 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-11 07:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-11 07:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-11 07:48 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-11 07:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-11 07:48 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-10 20:58 <DIR> d-------- C:\Program Files\TGTSoft
2007-01-10 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-09 19:59 <DIR> d-------- C:\WINDOWS\pss
2007-01-09 19:51 <DIR> d-------- C:\HJT
2007-01-09 19:27 <DIR> d-------- C:\Program Files\altpayV2
2007-01-09 16:27 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-09 16:20 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-09 16:20 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\AVG7
2007-01-09 16:20 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-09 16:19 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-09 16:19 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-09 16:19 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-09 16:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-09 15:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-09 11:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-09 11:22 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-09 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-09 07:33 <DIR> d-------- C:\Program Files\NetPumper
2007-01-09 07:33 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\NetPumper
2007-01-08 07:52 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-01-08 07:50 <DIR> d-------- C:\Program Files\MSBuild
2007-01-08 07:50 <DIR> d-------- C:\Program Files\Microsoft Works
2007-01-08 07:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-08 07:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-08 07:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
2007-01-08 07:44 <DIR> dr-h----- C:\MSOCache
2007-01-07 22:44 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2007-01-07 22:44 436,328 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-01-07 22:44 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-01-07 22:44 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-01-07 22:41 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-07 22:34 <DIR> d-------- C:\5fa8648d5dac356f02723123a494e4c7
2007-01-06 16:15 <DIR> d-------- C:\Program Files\Electronic Arts
2007-01-06 00:13 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-01-06 00:13 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-06 00:13 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-06 00:13 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-06 00:13 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-01-06 00:13 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-06 00:13 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-06 00:13 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-06 00:13 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-01-06 00:09 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-01-05 22:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-01-04 18:28 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-04 18:28 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-03 23:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-03 23:27 <DIR> d--hs---- C:\WINDOWS\CSC
2007-01-03 23:23 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-01-03 22:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-03 22:14 <DIR> d-------- C:\9202f3e54ccf6776609fa9
2007-01-03 22:09 <DIR> d-------- C:\Program Files\Earthsim
2007-01-03 21:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-03 14:14 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\ATI
2007-01-03 14:07 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-01-03 14:05 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-03 14:05 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-03 14:03 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-03 14:03 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-01-03 14:03 <DIR> d-------- C:\Program Files\ATI Technologies
2007-01-03 13:45 <DIR> d-------- C:\Program Files\PSCS2
2007-01-03 11:12 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\Ahead
2007-01-03 11:02 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-01-03 11:02 20,576 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-01-02 18:16 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-01-02 18:16 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-01-02 04:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\nView_Profiles
2007-01-02 03:50 <DIR> d-------- C:\WINDOWS\nview
2007-01-02 03:46 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-01-02 03:46 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-01-02 03:46 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-01-02 03:46 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-01-02 03:46 <DIR> d-------- C:\Program Files\Analog Devices
2007-01-02 03:45 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-02 03:45 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-02 03:45 393,088 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-02 03:45 23,552 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-02 03:45 141,312 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-02 03:45 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-01-02 03:41 5,810 --a------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-01-02 03:41 24,576 --a------ C:\WINDOWS\system32\AsIO.dll
2007-01-02 03:41 12,664 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2007-01-02 03:41 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2007-01-02 03:41 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2007-01-02 03:37 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-01-02 03:37 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-02 03:37 <DIR> d-------- C:\Program Files\DIFX
2007-01-02 03:30 <DIR> d-------- C:\Program Files\ASUS
2007-01-02 03:05 <DIR> d-------- C:\Program Files\Nero
2007-01-02 03:05 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-02 02:10 <DIR> d-------- C:\Program Files\Real
2007-01-02 02:10 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-02 02:10 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\Real
2007-01-02 02:08 <DIR> d-------- C:\My Downloads
2006-12-30 22:54 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\Adobe
2006-12-30 22:50 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-12-30 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2006-12-30 22:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-12-30 22:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2006-12-30 13:25 <DIR> d-------- C:\Program Files\iolo
2006-12-30 11:59 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-30 11:59 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-30 11:54 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\iolo
2006-12-30 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\iolo
2006-12-30 01:20 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-30 01:20 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\Lavasoft
2006-12-29 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2006-12-29 22:28 <DIR> d-------- C:\DOCUME~1\Matt\Application Data\uTorrent
2006-12-29 22:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-29 22:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-29 22:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-29 22:07 <DIR> d-------- C:\facba8f6f97d60ec3f2004
2006-12-29 22:07 <DIR> d-------- C:\c553eeeac1958a990f0bfee87a80
2006-12-29 21:59 <DIR> d-------- C:\DOCUME~1\Matt\Contacts
2006-12-29 21:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-29 21:57 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-29 21:47 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-29 21:47 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-29 21:47 <DIR> d-------- C:\Program Files\Grisoft
2006-12-29 21:40 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 21:40 <DIR> d-------- C:\U.S.R.TurboGWLAN
2006-12-29 21:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-29 21:33 <DIR> d--hs---- C:\RECYCLER
2006-12-27 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-27 22:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-27 22:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-27 22:58 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-27 22:56 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-27 22:56 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-27 22:55 <DIR> d---s---- C:\DOCUME~1\Matt\UserData
2006-12-27 22:44 387,072 --a------ C:\WINDOWS\system32\drivers\USR11G.SYS
2006-12-27 22:39 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-27 22:39 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-27 22:34 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-12-27 22:34 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-12-27 22:34 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-27 22:34 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-27 22:34 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-12-27 22:34 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-27 22:34 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-12-27 22:34 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-27 22:34 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-27 22:34 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-12-27 22:34 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-27 22:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-12-27 22:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-12-27 20:53 62,865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
2006-12-27 20:34 <DIR> d--hs---- C:\WINDOWS\Installer
2006-12-27 20:32 <DIR> d--hs---- C:\System Volume Information
2006-12-27 20:30 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-12-27 20:30 0 -rahs---- C:\MSDOS.SYS
2006-12-27 20:30 0 -rahs---- C:\IO.SYS
2006-12-27 20:30 0 --a------ C:\CONFIG.SYS
2006-12-27 20:30 0 --a------ C:\AUTOEXEC.BAT
2006-12-27 20:30 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-12-27 20:30 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-12-27 20:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-27 20:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-27 20:29 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-12-27 20:29 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2006-12-27 20:29 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-12-27 20:29 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-12-27 20:29 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-12-27 20:29 <DIR> d-------- C:\WINDOWS\srchasst
2006-12-27 20:29 <DIR> d-------- C:\Program Files\Movie Maker
2006-12-27 20:28 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-12-27 20:28 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-12-27 20:28 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-12-27 20:28 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-12-27 20:28 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-27 20:28 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-27 20:28 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-27 20:28 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-12-27 20:28 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-12-27 20:28 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-27 20:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-12-27 20:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-12-27 20:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-12-27 20:28 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-27 20:28 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-27 20:28 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-12-27 20:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-12-27 20:28 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-27 20:28 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-27 20:28 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-12-27 20:28 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-27 20:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-27 20:28 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-12-27 20:28 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-27 20:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-12-27 20:28 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-12-27 20:28 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-27 20:28 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-12-27 20:28 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-27 20:28 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-12-27 20:28 <DIR> d---s---- C:\WINDOWS\Tasks
2006-12-27 20:28 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-12-27 20:28 <DIR> d-------- C:\WINDOWS\Registration
2006-12-27 20:28 <DIR> d-------- C:\WINDOWS\PCHEALTH
2006-12-27 20:28 <DIR> d-------- C:\Program Files\Online Services
2006-12-27 20:28 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-12-27 20:27 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-12-27 20:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-27 20:27 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-27 20:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-27 20:27 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-27 20:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-27 20:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-12-27 20:27 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-27 20:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-12-27 20:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-27 20:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-27 20:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-27 20:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-27 20:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-12-27 20:27 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-27 20:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-27 20:27 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-27 20:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-27 20:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-12-27 20:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-27 20:27 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-27 20:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-12-27 20:27 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-27 20:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-27 20:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-12-27 20:27 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-12-27 20:27 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-12-27 20:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-27 20:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-27 20:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-27 20:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-12-27 20:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-27 20:27 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-27 20:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-12-27 20:27 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-12-27 20:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-12-27 20:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-27 20:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-12-27 20:27 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-27 20:27 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-27 20:27 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-27 20:27 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-12-27 20:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-12-27 20:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-12-27 20:27 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-12-27 20:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-27 20:27 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-27 20:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-27 20:27 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-27 20:27 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-27 20:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-12-27 20:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-27 20:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-27 20:27 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-12-27 20:27 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-27 20:27 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-12-27 20:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-27 20:27 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-27 20:27 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-27 20:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-27 20:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-12-27 20:27 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-27 20:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-12-27 20:27 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-27 20:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-27 20:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-12-27 20:27 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-27 20:27 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-27 20:27 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-27 20:27 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-27 20:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-27 20:27 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-27 20:27 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-27 20:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-27 20:27 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-27 20:27 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-27 20:27 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-27 20:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-27 20:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-27 20:27 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-27 20:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-27 20:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-27 20:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-27 20:27 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-27 20:27 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-27 20:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-27 20:27 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-12-27 20:27 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-12-27 20:27 <DIR> d-------- C:\WINDOWS\system32\Com
2006-12-27 20:27 <DIR> d-------- C:\Program Files\Windows NT
2006-12-27 20:27 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-12-27 20:27 <DIR> d-------- C:\Program Files\Messenger
2006-12-27 17:20 <DIR> d-------- C:\WINDOWS\Provisioning
2006-12-27 17:20 <DIR> d-------- C:\WINDOWS\PeerNet
2006-12-27 17:20 <DIR> d-------- C:\WINDOWS\ehome
2006-12-27 15:24 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-12-27 15:24 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-12-27 15:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-12-27 15:24 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-12-27 15:24 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-12-27 15:24 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-12-27 15:24 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-12-27 15:23 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-12-27 15:23 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-12-27 15:23 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-12-27 15:23 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-12-27 15:23 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-12-27 15:23 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2006-12-27 15:23 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-12-27 15:23 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-12-27 15:23 <DIR> d-------- C:\Program Files
2006-12-27 15:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-12-27 15:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-12-27 15:22 <DIR> d-------- C:\Documents and Settings
2006-12-27 15:19 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-12-27 15:19 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-12-27 15:19 <DIR> dr------- C:\WINDOWS\Web
2006-12-27 15:19 <DIR> d-a------ C:\WINDOWS\system32
2006-12-27 15:19 <DIR> d-a------ C:\WINDOWS
2006-12-27 15:19 <DIR> d--h----- C:\WINDOWS\inf
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\WinSxS
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\twain_32
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\wins
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\spool
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\ras
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\npp
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\mui
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\IME
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\ias
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\export
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\config
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\3076
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\2052
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1054
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1042
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1041
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1037
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1033
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1031
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1028
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system32\1025
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\system
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\security
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Resources
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\repair
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\mui
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\msapps
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\msagent
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Media
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\java
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\ime
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Help
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Debug
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Cursors
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\Config
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\AppPatch
2006-12-27 15:19 <DIR> d-------- C:\WINDOWS\addins


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-08 16:11 -------- d---s---- C:\DOCUME~1\Matt\Application Data\microsoft
2006-12-30 01:20 -------- d-------- C:\DOCUME~1\Matt\Application Data\macromedia
2006-12-27 20:34 -------- d-------- C:\DOCUME~1\Matt\Application Data\identities
2006-12-27 15:23 62 --ahs---- C:\DOCUME~1\Matt\Application Data\desktop.ini
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\fm20enu.dll
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\fm20.dll
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\wisptis.exe
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\inked.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\SMSystemAnalyzer.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ACTX1"=""
"Microsoft Windows Update"=""
"ShellApi"=""
"ravmond"=""
"system service"=""
"Service"=""
"System Mechanic Popup Blocker"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\PopupBlocker.exe\""
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Winlogon]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Winlogon\Notify]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Winlogon\Notify\mallocator]
"DllName"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NWEReboot"=""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"AsusStartupHelp"="C:\\Program Files\\ASUS\\AASP\\1.00.15\\AsRunHelp.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"Launch PC Probe II"="\"C:\\Program Files\\ASUS\\PC Probe II\\Probe2.exe\" 1"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\SMSystemAnalyzer.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070113-110152-517
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070113-110152-359
O4 - HKLM\..\Run: [ExtraDrvDataMemo] C:\Documents and Settings\All Users\Application Data\four nurb extra drv\heartlink.exe
backup-20070113-110152-600
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B0C9D74092CA568C.job

Completion time: 07-01-13 11:21:41

i dont think the bmx.reg worked because everytime i click it it just opens it like a .txt file am i doing something wrong?
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #13 ·
also my internet does not work very well i have to refresh pages 20 or so times in order from them to load..... any suggestions?
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #14 ·
any recomendations on a pc optimizer right now i have system mechanic 7 but i was wondering if there is anything better...
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Your system still has an infection aboard. Are you having any difficulty in carrying out the fix?

This entry is still there. Please navigate to and delete that file:

C:\WINDOWS\tasks\B0C9D74092CA568C.job

---------------------------------------------------------

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

---------------------------------------------------------

Run another online scan at Panda and post those results here.

---------------------------------------------------------

Run fl.bat again and post that here as well.
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #17 ·
Ad-Aware SE Personal
Adobe After Effects 7.0
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Encore DVD 2.0
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader 8
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
ASUSUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Authentium AntiVirus SDK - 2
AVG 7.5
AVG Anti-Spyware 7.5
AVIVO Codecs
Battlefield 2142 Demo
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
iolo technologies' System Mechanic Professional 7
Lavasoft VX2 Cleaner
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
MSXML 4.0 SP2 (KB927978)
Nero 7 Essentials
Panda ActiveScan
PC Probe II
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
SoundMAX
Spybot - Search & Destroy 1.4
StyleXP (remove only)
U.S. Robotics 802.11g Wireless Network Adapter
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver




Incident Status Location

Adware:adware/adblock Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Adware:adware/admess Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CURRENT_USER\CLSID\{35F59C80-C1F2-4EEA-9981-686C7D5A9277}
Adware:adware/adtomi Not disinfected Windows Registry
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\All Users\Application Data

01/03/2007 11:58 AM <DIR> Adobe
12/30/2006 10:50 PM <DIR> Adobe Systems
01/13/2007 11:29 PM <DIR> Avg7
01/13/2007 11:25 PM <DIR> Grisoft
01/07/2007 10:44 PM <DIR> iolo
01/08/2007 07:52 AM <DIR> Microsoft Help
01/02/2007 04:02 AM <DIR> nView_Profiles
01/10/2007 05:14 PM <DIR> Spybot - Search & Destroy
01/09/2007 03:34 PM <DIR> Symantec
12/27/2006 11:01 PM <DIR> Windows Genuine Advantage
12/29/2006 10:34 PM <DIR> WinZip
0 File(s) 0 bytes
11 Dir(s) 234,761,498,624 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Matt\Application Data

01/05/2007 10:25 AM <DIR> Adobe
01/03/2007 11:12 AM <DIR> Ahead
01/03/2007 02:14 PM <DIR> ATI
01/13/2007 11:35 PM <DIR> AVG7
12/27/2006 08:34 PM <DIR> Identities
01/03/2007 01:58 AM <DIR> iolo
12/30/2006 01:20 AM <DIR> Lavasoft
12/30/2006 01:20 AM <DIR> Macromedia
01/09/2007 07:34 AM <DIR> NetPumper
01/07/2007 10:43 PM <DIR> Real
01/13/2007 11:19 PM <DIR> uTorrent
0 File(s) 0 bytes
11 Dir(s) 234,761,498,624 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Default User\Application Data

12/27/2006 03:23 PM <DIR> .
12/27/2006 03:23 PM <DIR> ..
12/27/2006 10:27 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 234,761,498,624 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'B0C9D74092CA568C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\matt\applic~1\testdo~1\Kind License Multi.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Matt'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/11/2007 8:00:00
NextRun: 01/14/2007 2:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/27/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0



but i couldnt find that file... maybe its in some other location
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
I'll try to make this easier on you. :smile:

Download the attached remjob.zip file to your desktop.

Double click on the zip folder, then double click on the remjob.bat file within. Click 'Run' It will be very quick, this is normal.

*Do not extract all files. Just do as mentioned above.

--------------------------------------------------------
i dont think the bmx.reg worked because everytime i click it it just opens it like a .txt file am i doing something wrong?
Do not extract all the files in the bmx.zip. Just double click the .zip folder, then double click the bmx.reg file within it. Allow it to merge with the registry.

Reboot and run the fl.bat again and post the log here.

Did the regfix successfully merge with your registry?

If both the above were successful, how is your system behaving now?
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #19 ·
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\All Users\Application Data

01/03/2007 11:58 AM <DIR> Adobe
12/30/2006 10:50 PM <DIR> Adobe Systems
01/13/2007 11:29 PM <DIR> Avg7
01/13/2007 11:25 PM <DIR> Grisoft
01/07/2007 10:44 PM <DIR> iolo
01/08/2007 07:52 AM <DIR> Microsoft Help
01/02/2007 04:02 AM <DIR> nView_Profiles
01/10/2007 05:14 PM <DIR> Spybot - Search & Destroy
01/09/2007 03:34 PM <DIR> Symantec
12/27/2006 11:01 PM <DIR> Windows Genuine Advantage
12/29/2006 10:34 PM <DIR> WinZip
0 File(s) 0 bytes
11 Dir(s) 234,729,594,880 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Matt\Application Data

01/05/2007 10:25 AM <DIR> Adobe
01/03/2007 11:12 AM <DIR> Ahead
01/03/2007 02:14 PM <DIR> ATI
01/13/2007 11:35 PM <DIR> AVG7
12/27/2006 08:34 PM <DIR> Identities
01/03/2007 01:58 AM <DIR> iolo
12/30/2006 01:20 AM <DIR> Lavasoft
12/30/2006 01:20 AM <DIR> Macromedia
01/09/2007 07:34 AM <DIR> NetPumper
01/07/2007 10:43 PM <DIR> Real
01/13/2007 11:19 PM <DIR> uTorrent
0 File(s) 0 bytes
11 Dir(s) 234,729,594,880 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\Default User\Application Data

12/27/2006 03:23 PM <DIR> .
12/27/2006 03:23 PM <DIR> ..
12/27/2006 10:27 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 234,729,594,880 bytes free
Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 543A-BC08

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'B0C9D74092CA568C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\matt\applic~1\testdo~1\Kind License Multi.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Matt'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/11/2007 8:00:00
NextRun: 01/14/2007 2:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/27/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


i tried running it from the zip but it still didnt merge it just opened like a .txt
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

Please copy these instructions to Notepad, or print them out for reference.

*************************************************

Let's go after them this way:

Click on the Start button & select Run
Type in tasks in the Run box & click Ok.

In the ensuing window, click on the 'Advanced' menu (located above) & select 'View Hidden Tasks'
Review all the tasks/jobs at hand.

Delete this job:

B0C9D74092CA568C.job

---------------------------------------------------------------

Click START…RUN…Type in regedit. Make sure just "My Computer" is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake.

  • Now navigate to the following keys by clicking the + sign next to each category to expand them.
  • Continue doing so until you've reached the file/folder/entry I highlighted in RED
  • Right click the entry in that panel and select 'delete'.

HKEY_CURRENT_USER\CLSID\{35F59C80-C1F2-4EEA-9981-686C7D5A9277}

---------------------------------------------------------------

Reboot your system.

---------------------------------------------------------------

Run the fl.bat again and post the log here.

How is the system behaving now?
 
1 - 20 of 41 Posts
Status
Not open for further replies.
Top