Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: i think im infected

  1. #1
    Junior Member
    Join Date
    Jun 2007
    Posts
    14

    Default i think im infected

    i think i have a lot of malware and possibly a trojan here is my HJT log



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:20:35 AM, on 06/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS.0\system32\CTHELPER.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS.0\System32\wwSecure.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\Program Files\Browser Mouse\mouse32a.exe
    C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS.0\explorer.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS.0\avp.exe
    C:\WINDOWS.0\mgrs.exe
    C:\Program Files\TrojanHunter 4.7\TrojanHunter.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1139F3BC-9787-4108-AD1D-3C7360521E8B} - C:\WINDOWS.0\system32\ssttt.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS.0\system32\fcaparqi.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS.0\xmlhelper2.dll (file missing)
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS.0\system32\ssqnomj.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {DEA03699-E672-4A26-8461-F4643E1E804C} - C:\WINDOWS.0\system32\ssqrr.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS.0\system32\qfipphsn.dll",realset
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKLM\..\Run: [avp] C:\WINDOWS.0\avp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Owner\Local Settings\Temp\EI40_\msxml4.cab
    O20 - Winlogon Notify: ssqnomj - C:\WINDOWS.0\SYSTEM32\ssqnomj.dll
    O20 - Winlogon Notify: ssqrr - C:\WINDOWS.0\system32\ssqrr.dll
    O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
    O20 - Winlogon Notify: winpdc32 - C:\WINDOWS.0\SYSTEM32\winpdc32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS.0\system32\pucanncr.exe (file missing)
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS.0\System32\wwSecure.exe

    --
    End of file - 7785 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi Joe11490

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    1. Download combofix from one of these links:
    Link1
    Link2
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Post:

    - a fresh HijackThis log
    - combofix report
    - vundofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Jun 2007
    Posts
    14

    Default

    i'll have those logs up in a few hours but i was also wondering if you knew anything about Agent, i found it while running a scan for trojans. I also get alot of warnings from my anti virus program about trojans, and adware. could a trojan be responsible for my vundo infection?

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Those all come from same "bundle"; vundo is one part of that.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Jun 2007
    Posts
    14

    Default

    alright


    hjs log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 3:18:22 PM, on 06/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS.0\system32\CTHELPER.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINDOWS.0\System32\wwSecure.exe
    C:\Program Files\Browser Mouse\mouse32a.exe
    C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1139F3BC-9787-4108-AD1D-3C7360521E8B} - C:\WINDOWS.0\system32\ssttt.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS.0\xmlhelper2.dll (file missing)
    O2 - BHO: (no name) - {90066E7C-725F-4A25-8D1A-F66161EFC816} - C:\WINDOWS.0\system32\ssqrr.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Owner\Local Settings\Temp\EI40_\msxml4.cab
    O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
    O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS.0\System32\wwSecure.exe

    --
    End of file - 6688 bytes


    Vundofix log:


    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 3:39:44 AM 06/09/2007

    Listing files found while scanning....

    C:\WINDOWS.0\system32\byxurpq.dll
    C:\WINDOWS.0\System32\geeby.dll
    C:\WINDOWS.0\system32\hjxuimpm.ini
    C:\WINDOWS.0\system32\iifebxx.dll
    C:\WINDOWS.0\system32\mpmiuxjh.dll
    C:\WINDOWS.0\system32\qomjggf.dll
    C:\WINDOWS.0\System32\ybeeg.bak1
    C:\WINDOWS.0\system32\ybeeg.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS.0\system32\byxurpq.dll
    C:\WINDOWS.0\system32\byxurpq.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\System32\geeby.dll
    C:\WINDOWS.0\System32\geeby.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\hjxuimpm.ini
    C:\WINDOWS.0\system32\hjxuimpm.ini Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\iifebxx.dll
    C:\WINDOWS.0\system32\iifebxx.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\mpmiuxjh.dll
    C:\WINDOWS.0\system32\mpmiuxjh.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\qomjggf.dll
    C:\WINDOWS.0\system32\qomjggf.dll Could not be deleted.

    Attempting to delete C:\WINDOWS.0\System32\ybeeg.bak1
    C:\WINDOWS.0\System32\ybeeg.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\ybeeg.ini
    C:\WINDOWS.0\system32\ybeeg.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 3:51:27 AM 06/09/2007

    Listing files found while scanning....

    C:\WINDOWS.0\System32\ffhkj.bak1
    C:\WINDOWS.0\System32\ffhkj.ini
    C:\WINDOWS.0\System32\jkhff.dll
    C:\WINDOWS.0\system32\qomjggf.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS.0\System32\ffhkj.bak1
    C:\WINDOWS.0\System32\ffhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS.0\System32\ffhkj.ini
    C:\WINDOWS.0\System32\ffhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS.0\System32\jkhff.dll
    C:\WINDOWS.0\System32\jkhff.dll Could not be deleted.

    Attempting to delete C:\WINDOWS.0\system32\qomjggf.dll
    C:\WINDOWS.0\system32\qomjggf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 4:02:53 AM 06/09/2007

    Listing files found while scanning....

    C:\WINDOWS.0\system32\jkhff.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS.0\system32\jkhff.dll
    C:\WINDOWS.0\system32\jkhff.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 5:36:08 AM 06/18/2007

    Listing files found while scanning....

    C:\WINDOWS.0\system32\gebayax.dll
    C:\WINDOWS.0\system32\ssttt.dll
    C:\WINDOWS.0\system32\tttss.bak1
    C:\WINDOWS.0\system32\tttss.bak2
    C:\WINDOWS.0\system32\tttss.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS.0\system32\gebayax.dll
    C:\WINDOWS.0\system32\gebayax.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\ssttt.dll
    C:\WINDOWS.0\system32\ssttt.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\tttss.bak1
    C:\WINDOWS.0\system32\tttss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\tttss.bak2
    C:\WINDOWS.0\system32\tttss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\tttss.ini
    C:\WINDOWS.0\system32\tttss.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 2:57:08 PM 06/25/2007

    Listing files found while scanning....

    C:\WINDOWS.0\System32\dnskeaqp.dll
    C:\WINDOWS.0\system32\dylmvlsr.dll
    C:\WINDOWS.0\system32\fcaparqi.dll
    C:\WINDOWS.0\system32\rslvmlyd.ini
    C:\WINDOWS.0\system32\ssqnomj.dll
    C:\WINDOWS.0\system32\ssqrr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS.0\system32\fcaparqi.dll
    C:\WINDOWS.0\system32\fcaparqi.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\rslvmlyd.ini
    C:\WINDOWS.0\system32\rslvmlyd.ini Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\ssqnomj.dll
    C:\WINDOWS.0\system32\ssqnomj.dll Has been deleted!

    Attempting to delete C:\WINDOWS.0\system32\ssqrr.dll
    C:\WINDOWS.0\system32\ssqrr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

  6. #6
    Junior Member
    Join Date
    Jun 2007
    Posts
    14

    Default

    combofix log:

    "Owner" - 2007-06-25 15:10:42 - ComboFix 07-06-25.3 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS.0\system32\efcaayw.dll
    C:\WINDOWS.0\system32\efcdbby.dll
    C:\WINDOWS.0\system32\opnopom.dll
    C:\WINDOWS.0\system32\rrqss.bak1
    C:\WINDOWS.0\system32\rrqss.bak2
    C:\WINDOWS.0\system32\rrqss.ini
    C:\WINDOWS.0\system32\rrqss.ini2
    C:\WINDOWS.0\system32\rrqss.tmp
    C:\WINDOWS.0\system32\rrqss.bak1
    C:\WINDOWS.0\system32\rrqss.bak2
    C:\WINDOWS.0\system32\rrqss.ini
    C:\WINDOWS.0\system32\rrqss.ini2
    C:\WINDOWS.0\system32\rrqss.tmp


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS.0\mgrs.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


    2007-06-25 15:08 49,152 --a------ C:\WINDOWS.0\nircmd.exe
    2007-06-25 14:56 107,520 --a------ C:\VundoFix(2).exe
    2007-06-25 13:41 1,089,993 --a------ C:\ComboFix.exe
    2007-06-24 10:57 <DIR> d-------- C:\Incomplete
    2007-06-24 02:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\TrojanHunter
    2007-06-23 20:40 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
    2007-06-23 08:53 4,628 --a------ C:\WINDOWS.0\system32\ulijicwu.exe
    2007-06-18 08:42 <DIR> d-------- C:\VundoFix
    2007-06-18 07:12 <DIR> d-------- C:\Program Files\Ultimate Fixer
    2007-06-18 07:11 <DIR> d-------- C:\WINDOWS.0\system32\mevqvvvb
    2007-06-17 05:28 <DIR> d-------- C:\LimeWire Downloads old
    2007-06-12 23:55 <DIR> d-------- C:\Program Files\America's Army
    2007-06-12 21:13 <DIR> d-------- C:\Program Files\GameSpy Arcade
    2007-06-12 21:12 <DIR> d-------- C:\Program Files\Postal2STPDemo
    2007-06-12 21:10 81,768 --a------ C:\WINDOWS.0\system32\xinput1_3.dll
    2007-06-12 21:10 62,744 --a------ C:\WINDOWS.0\system32\xinput1_2.dll
    2007-06-12 21:10 443,752 --a------ C:\WINDOWS.0\system32\d3dx10_34.dll
    2007-06-12 21:10 443,752 --a------ C:\WINDOWS.0\system32\d3dx10_33.dll
    2007-06-12 21:10 3,497,832 --a------ C:\WINDOWS.0\system32\d3dx9_34.dll
    2007-06-12 21:10 3,495,784 --a------ C:\WINDOWS.0\system32\d3dx9_33.dll
    2007-06-12 21:10 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll
    2007-06-12 21:10 266,088 --a------ C:\WINDOWS.0\system32\xactengine2_8.dll
    2007-06-12 21:10 261,480 --a------ C:\WINDOWS.0\system32\xactengine2_7.dll
    2007-06-12 21:10 255,848 --a------ C:\WINDOWS.0\system32\xactengine2_6.dll
    2007-06-12 21:10 251,672 --a------ C:\WINDOWS.0\system32\xactengine2_5.dll
    2007-06-12 21:10 237,848 --a------ C:\WINDOWS.0\system32\xactengine2_4.dll
    2007-06-12 21:10 236,824 --a------ C:\WINDOWS.0\system32\xactengine2_3.dll
    2007-06-12 21:10 2,414,360 --a------ C:\WINDOWS.0\system32\d3dx9_31.dll
    2007-06-12 21:10 2,297,552 --a------ C:\WINDOWS.0\system32\d3dx9_26.dll
    2007-06-12 21:10 18,280 --a------ C:\WINDOWS.0\system32\x3daudio1_2.dll
    2007-06-12 21:10 15,128 --a------ C:\WINDOWS.0\system32\x3daudio1_1.dll
    2007-06-12 21:10 1,124,720 --a------ C:\WINDOWS.0\system32\D3DCompiler_34.dll
    2007-06-12 21:10 1,123,696 --a------ C:\WINDOWS.0\system32\D3DCompiler_33.dll
    2007-06-12 09:06 <DIR> d-------- C:\Program Files\Browser Mouse
    2007-06-12 09:05 <DIR> d-------- C:\Program Files\Muiltmedia keyboard utility
    2007-06-12 09:02 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
    2007-06-12 09:01 <DIR> d-------- C:\Program Files\Google
    2007-06-12 09:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-06-12 08:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DisplayTune
    2007-06-12 08:20 62,009 --a------ C:\WINDOWS.0\system32\wpfb_nv4_disp.dll
    2007-06-12 08:19 8,960 --a------ C:\WINDOWS.0\system32\drivers\PdiPorts.sys
    2007-06-12 08:19 62,009 --a------ C:\WINDOWS.0\system32\WPFB.DLL
    2007-06-12 08:19 2,304 --a------ C:\WINDOWS.0\system32\Machnm32.sys
    2007-06-12 08:19 17,465 --a------ C:\WINDOWS.0\system32\drivers\pivot.sys
    2007-06-12 08:19 11,776 --a------ C:\WINDOWS.0\system32\drivers\pdiddcci.sys
    2007-06-12 08:19 11,323 --a------ C:\WINDOWS.0\system32\drivers\pivotmou.sys
    2007-06-12 08:19 <DIR> d-------- C:\Program Files\Portrait Displays
    2007-06-12 08:19 <DIR> d-------- C:\Program Files\Gateway
    2007-06-10 06:02 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-06-09 18:57 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
    2007-06-09 11:30 129,784 --------- C:\WINDOWS.0\system32\pxafs.dll
    2007-06-09 11:30 118,520 --------- C:\WINDOWS.0\system32\pxinsi64.exe
    2007-06-09 11:30 116,472 --------- C:\WINDOWS.0\system32\pxcpyi64.exe
    2007-06-09 11:30 <DIR> d-------- C:\Program Files\DivX
    2007-06-09 09:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
    2007-06-09 08:27 <DIR> d-------- C:\Program Files\QuickTime
    2007-06-09 08:26 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-06-09 08:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-06-09 08:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-06-09 08:06 <DIR> d-------- C:\WINDOWS.0\system32\LogFiles
    2007-06-09 08:06 <DIR> d-------- C:\WINDOWS.0\system32\drivers\UMDF
    2007-06-09 07:52 <DIR> d-------- C:\WINDOWS.0\Prefetch
    2007-06-09 07:27 221,184 --a------ C:\WINDOWS.0\system32\wmpns.dll
    2007-06-09 07:26 <DIR> d-------- C:\WINDOWS.0\provisioning
    2007-06-09 07:26 <DIR> d-------- C:\WINDOWS.0\peernet
    2007-06-09 07:24 <DIR> d-------- C:\WINDOWS.0\ServicePackFiles
    2007-06-09 07:21 <DIR> d-------- C:\WINDOWS.0\EHome
    2007-06-09 06:39 <DIR> d-------- C:\VundoFix Backups
    2007-06-09 06:15 4,569 --------- C:\WINDOWS.0\system32\secupd.dat
    2007-06-09 06:15 11,776 --------- C:\WINDOWS.0\system32\spnpinst.exe
    2007-06-09 06:00 614,912 --a------ C:\WINDOWS.0\system32\h323msp.dll
    2007-06-09 06:00 331,264 --a------ C:\WINDOWS.0\system32\ipnathlp.dll
    2007-06-09 05:55 947,472 --a------ C:\WINDOWS.0\system32\msjava.dll
    2007-06-09 05:55 63,248 --a------ C:\WINDOWS.0\system32\javaprxy.dll
    2007-06-09 05:55 6,550 --a------ C:\WINDOWS.0\jautoexp.dat
    2007-06-09 05:55 49,424 --a------ C:\WINDOWS.0\system32\clspack.exe
    2007-06-09 05:55 46,352 --a------ C:\WINDOWS.0\setdebug.exe
    2007-06-09 05:55 404,752 --a------ C:\WINDOWS.0\system32\javart.dll
    2007-06-09 05:55 313,856 --a------ C:\WINDOWS.0\system32\dx3j.dll
    2007-06-09 05:55 286,992 --a------ C:\WINDOWS.0\system32\vmhelper.dll
    2007-06-09 05:55 21,264 --a------ C:\WINDOWS.0\system32\msjdbc10.dll
    2007-06-09 05:55 187,152 --a------ C:\WINDOWS.0\system32\javacypt.dll
    2007-06-09 05:55 172,304 --a------ C:\WINDOWS.0\system32\jview.exe
    2007-06-09 05:55 171,792 --a------ C:\WINDOWS.0\system32\wjview.exe
    2007-06-09 05:55 171,280 --a------ C:\WINDOWS.0\system32\jit.dll
    2007-06-09 05:55 154,384 --a------ C:\WINDOWS.0\system32\msawt.dll
    2007-06-09 05:55 15,120 --a------ C:\WINDOWS.0\system32\jdbgmgr.exe
    2007-06-09 05:55 139,536 --a------ C:\WINDOWS.0\system32\javaee.dll
    2007-06-09 05:55 113 --a------ C:\WINDOWS.0\system32\zonedon.reg
    2007-06-09 05:55 113 --a------ C:\WINDOWS.0\system32\zonedoff.reg
    2007-06-09 05:27 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
    2007-06-09 05:22 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
    2007-06-09 05:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
    2007-06-09 00:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-06-09 00:18 35 --a------ C:\WINDOWS.0\readme.bat
    2007-06-08 22:43 1,082,368 --a------ C:\WINDOWS.0\system32\esent.dll
    2007-06-08 21:37 57,344 --a------ C:\WINDOWS.0\Unwash6.exe
    2007-06-08 21:37 486,400 --a------ C:\WINDOWS.0\system32\wwSecure.exe
    2007-06-08 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    2007-06-08 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-25 19:11:37 288 ----a-w C:\WINDOWS.0\system32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
    2007-06-25 19:11:37 288 ----a-w C:\WINDOWS.0\system32\DVCState-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
    2007-06-13 03:50:43 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-06-12 12:19:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-10 10:03:25 -------- d-----w C:\Program Files\Messenger
    2007-06-09 11:26:29 -------- d-----w C:\Program Files\Movie Maker
    2007-06-09 11:24:34 -------- d-----w C:\Program Files\Windows NT
    2007-06-09 01:09:43 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-05-24 05:41:44 -------- d-----w C:\Program Files\Project64 v1.5
    2007-05-23 00:54:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Real
    2007-05-22 10:52:43 -------- d-----w C:\Program Files\directx
    2007-05-22 10:52:21 -------- d-----w C:\Program Files\Common Files\Logitech
    2007-05-22 10:50:59 -------- d-----w C:\Program Files\Windows Media Components
    2007-05-21 08:36:07 -------- d-----w C:\Program Files\Intel
    2007-05-21 08:31:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InterTrust
    2007-05-21 08:18:21 57,344 ----a-w C:\WINDOWS.0\uneng.exe
    2007-05-21 08:18:21 -------- d-----w C:\Program Files\Common Files\Adaptec Shared
    2007-05-21 08:17:52 -------- d-----w C:\Program Files\Common Files\Roxio Shared
    2007-05-21 08:17:43 -------- d-----w C:\Program Files\Roxio
    2007-05-19 05:45:13 -------- d-----w C:\Program Files\Creative
    2007-05-19 04:49:17 552 ----a-w C:\WINDOWS.0\system32\d3d8caps.dat
    2007-05-19 04:41:11 -------- d-----w C:\Program Files\Alwil Software
    2007-05-19 04:38:32 -------- d-----w C:\Program Files\wgens170
    2007-05-19 04:11:49 -------- d-----w C:\Program Files\microsoft frontpage
    2007-05-19 04:11:45 0 --sha-r C:\MSDOS.SYS
    2007-05-19 04:11:45 0 --sha-r C:\IO.SYS
    2007-05-19 04:11:45 0 ----a-w C:\CONFIG.SYS
    2007-05-19 04:11:45 0 ----a-w C:\AUTOEXEC.BAT
    2007-05-19 04:09:43 -------- d-----w C:\Program Files\Common Files\MSSoap
    2007-05-19 04:09:20 21,640 ----a-w C:\WINDOWS.0\system32\emptyregdb.dat
    2007-05-19 04:08:55 -------- d-----w C:\Program Files\Online Services
    2007-05-19 04:08:48 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-05-18 21:05:00 -------- d-----w C:\Program Files\Common Files\SpeechEngines
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS.0\system32\inetcomm.dll
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS.0\system32\AVASTSS.scr
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS.0\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS.0\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS.0\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS.0\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS.0\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS.0\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS.0\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS.0\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS.0\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS.0\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS.0\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS.0\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS.0\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS.0\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS.0\system32\msi.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS.0\system32\wuaueng.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS.0\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS.0\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS.0\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 15:02]
    {1139F3BC-9787-4108-AD1D-3C7360521E8B}=C:\WINDOWS.0\system32\ssttt.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 04:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 06:43]
    {85589B5D-D53D-4237-A677-46B82EA275F3}=C:\WINDOWS.0\xmlhelper2.dll []
    {90066E7C-725F-4A25-8D1A-F66161EFC816}=C:\WINDOWS.0\system32\ssqrr.dll []
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-12 09:02]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-18 12:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
    "CTHelper"="CTHELPER.EXE" [2002-12-19 01:59 C:\WINDOWS.0\system32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 03:56 C:\WINDOWS.0\system32\regsvr32.exe]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-01-17 19:14]
    "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 15:08]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-09 20:16]
    "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 13:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 06:43]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 12:41]
    "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2005-12-07 20:59]
    "DT Task"="C:\Program Files\Gateway\EzTune\DTHtml.exe" [2006-08-01 16:52]
    "FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE" [2007-06-12 09:05]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\mouse32a.exe" [2007-06-12 09:06]
    "THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 12:24]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 12:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32]
    winjyp32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpdc32]
    winpdc32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


    Contents of the 'Scheduled Tasks' folder
    2007-06-21 10:29:01 C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
    2007-06-25 04:00:00 C:\WINDOWS.0\tasks\At1.job
    2007-06-25 13:00:00 C:\WINDOWS.0\tasks\At10.job
    2007-06-25 14:00:00 C:\WINDOWS.0\tasks\At11.job
    2007-06-25 15:00:00 C:\WINDOWS.0\tasks\At12.job
    2007-06-25 16:00:00 C:\WINDOWS.0\tasks\At13.job
    2007-06-25 17:00:00 C:\WINDOWS.0\tasks\At14.job
    2007-06-25 18:00:00 C:\WINDOWS.0\tasks\At15.job
    2007-06-25 19:00:00 C:\WINDOWS.0\tasks\At16.job
    2007-06-24 20:00:02 C:\WINDOWS.0\tasks\At17.job
    2007-06-24 21:00:00 C:\WINDOWS.0\tasks\At18.job
    2007-06-24 22:00:00 C:\WINDOWS.0\tasks\At19.job
    2007-06-25 05:00:00 C:\WINDOWS.0\tasks\At2.job
    2007-06-24 23:00:00 C:\WINDOWS.0\tasks\At20.job
    2007-06-25 00:00:00 C:\WINDOWS.0\tasks\At21.job
    2007-06-25 01:00:00 C:\WINDOWS.0\tasks\At22.job
    2007-06-25 02:00:00 C:\WINDOWS.0\tasks\At23.job
    2007-06-25 03:00:00 C:\WINDOWS.0\tasks\At24.job
    2007-06-25 04:00:00 C:\WINDOWS.0\tasks\At25.job
    2007-06-25 05:00:06 C:\WINDOWS.0\tasks\At26.job
    2007-06-25 06:00:08 C:\WINDOWS.0\tasks\At27.job
    2007-06-25 07:00:07 C:\WINDOWS.0\tasks\At28.job
    2007-06-25 08:00:08 C:\WINDOWS.0\tasks\At29.job
    2007-06-25 06:00:00 C:\WINDOWS.0\tasks\At3.job
    2007-06-25 09:00:06 C:\WINDOWS.0\tasks\At30.job
    2007-06-25 10:00:03 C:\WINDOWS.0\tasks\At31.job
    2007-06-25 11:00:00 C:\WINDOWS.0\tasks\At32.job
    2007-06-25 12:00:00 C:\WINDOWS.0\tasks\At33.job
    2007-06-25 13:00:00 C:\WINDOWS.0\tasks\At34.job
    2007-06-25 14:00:00 C:\WINDOWS.0\tasks\At35.job
    2007-06-25 15:00:00 C:\WINDOWS.0\tasks\At36.job
    2007-06-25 16:00:00 C:\WINDOWS.0\tasks\At37.job
    2007-06-25 17:00:00 C:\WINDOWS.0\tasks\At38.job
    2007-06-25 18:00:00 C:\WINDOWS.0\tasks\At39.job
    2007-06-25 07:00:00 C:\WINDOWS.0\tasks\At4.job
    2007-06-25 19:00:00 C:\WINDOWS.0\tasks\At40.job
    2007-06-24 20:00:12 C:\WINDOWS.0\tasks\At41.job
    2007-06-24 21:00:03 C:\WINDOWS.0\tasks\At42.job
    2007-06-24 22:00:01 C:\WINDOWS.0\tasks\At43.job
    2007-06-24 23:00:00 C:\WINDOWS.0\tasks\At44.job
    2007-06-25 00:00:00 C:\WINDOWS.0\tasks\At45.job
    2007-06-25 01:00:00 C:\WINDOWS.0\tasks\At46.job
    2007-06-25 02:00:00 C:\WINDOWS.0\tasks\At47.job
    2007-06-25 03:00:01 C:\WINDOWS.0\tasks\At48.job
    2007-06-25 08:00:00 C:\WINDOWS.0\tasks\At5.job
    2007-06-25 09:00:00 C:\WINDOWS.0\tasks\At6.job
    2007-06-25 10:00:00 C:\WINDOWS.0\tasks\At7.job
    2007-06-25 11:00:00 C:\WINDOWS.0\tasks\At8.job
    2007-06-25 12:00:00 C:\WINDOWS.0\tasks\At9.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-25 15:15:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-25 15:17:41 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-25 15:17

    --- E O F ---


    I also have a file named 'ComboFix-quarantined-files' is that anything important?

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    "I also have a file named 'ComboFix-quarantined-files' is that anything important?"

    There are listed files which are also listed in deletions, so no need to post it

    Open HijackThis, click do a system scan only and checkmark these:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {1139F3BC-9787-4108-AD1D-3C7360521E8B} - C:\WINDOWS.0\system32\ssttt.dll (file missing)
    O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS.0\xmlhelper2.dll (file missing)
    O2 - BHO: (no name) - {90066E7C-725F-4A25-8D1A-F66161EFC816} - C:\WINDOWS.0\system32\ssqrr.dll (file missing)
    O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
    O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)


    Close all windows including browser and press fix checked.

    Reboot.

    Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\WINDOWS.0\system32\ulijicwu.exe

    Folder::
    C:\Program Files\Ultimate Fixer
    C:\WINDOWS.0\system32\mevqvvvb
    Save this as ComboFix-Do.txt

    Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Junior Member
    Join Date
    Jun 2007
    Posts
    14

    Default

    combo fix:

    "Owner" - 2007-06-26 11:21:35 - ComboFix 07-06-25.3 - Service Pack 2 NTFS
    Command switches used :: C:\ComboFix-Do.txt


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Ultimate Fixer
    C:\WINDOWS.0\system32\mevqvvvb
    C:\WINDOWS.0\system32\mevqvvvb\bg1.gif
    C:\WINDOWS.0\system32\mevqvvvb\bgtop.gif
    C:\WINDOWS.0\system32\mevqvvvb\bottom1.gif
    C:\WINDOWS.0\system32\mevqvvvb\essentials.gif
    C:\WINDOWS.0\system32\mevqvvvb\icon1.ico
    C:\WINDOWS.0\system32\mevqvvvb\install1.gif
    C:\WINDOWS.0\system32\mevqvvvb\left1.gif
    C:\WINDOWS.0\system32\mevqvvvb\li.gif
    C:\WINDOWS.0\system32\mevqvvvb\logo.gif
    C:\WINDOWS.0\system32\mevqvvvb\main.htm
    C:\WINDOWS.0\system32\mevqvvvb\mainframe.htm
    C:\WINDOWS.0\system32\mevqvvvb\mevqvvvb1.exe
    C:\WINDOWS.0\system32\mevqvvvb\reinstall1.gif
    C:\WINDOWS.0\system32\mevqvvvb\right1.gif
    C:\WINDOWS.0\system32\mevqvvvb\s1.htm
    C:\WINDOWS.0\system32\mevqvvvb\s2.htm
    C:\WINDOWS.0\system32\mevqvvvb\s3.htm
    C:\WINDOWS.0\system32\mevqvvvb\SMTop1.gif
    C:\WINDOWS.0\system32\mevqvvvb\SMTop2.gif
    C:\WINDOWS.0\system32\mevqvvvb\SMTop3.gif
    C:\WINDOWS.0\system32\mevqvvvb\SMTop4.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft1_off.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft1_off_ext.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft1_on.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft1_on_ext.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft2_off.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft2_off_ext.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft2_on.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft2_on_ext.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft3_off.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft3_off_ext.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft3_on.gif
    C:\WINDOWS.0\system32\mevqvvvb\soft3_on_ext.gif
    C:\WINDOWS.0\system32\mevqvvvb\softbottom_off.gif
    C:\WINDOWS.0\system32\mevqvvvb\softbottom_on.gif
    C:\WINDOWS.0\system32\mevqvvvb\softleft_off.gif
    C:\WINDOWS.0\system32\mevqvvvb\softleft_on.gif
    C:\WINDOWS.0\system32\mevqvvvb\top1.gif
    C:\WINDOWS.0\system32\mevqvvvb\top2.gif
    C:\WINDOWS.0\system32\mevqvvvb\turnoff1.gif
    C:\WINDOWS.0\system32\mevqvvvb\turnon1.gif
    C:\WINDOWS.0\system32\ulijicwu.exe


    ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


    2007-06-25 15:08 49,152 --a------ C:\WINDOWS.0\nircmd.exe
    2007-06-25 14:56 107,520 --a------ C:\VundoFix(2).exe
    2007-06-25 13:41 1,089,993 --a------ C:\ComboFix.exe
    2007-06-24 10:57 <DIR> d-------- C:\Incomplete
    2007-06-24 02:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\TrojanHunter
    2007-06-23 20:40 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
    2007-06-23 20:39 13,123,603 --a------ C:\TrojanHunterSetup.exe
    2007-06-18 08:42 72,418 --a------ C:\VundoFix.exe
    2007-06-18 08:42 <DIR> d-------- C:\VundoFix
    2007-06-17 05:28 <DIR> d-------- C:\LimeWire Downloads old
    2007-06-12 23:55 <DIR> d-------- C:\Program Files\America's Army
    2007-06-12 21:12 <DIR> d-------- C:\Program Files\Postal2STPDemo
    2007-06-12 21:10 81,768 --a------ C:\WINDOWS.0\system32\xinput1_3.dll
    2007-06-12 21:10 62,744 --a------ C:\WINDOWS.0\system32\xinput1_2.dll
    2007-06-12 21:10 443,752 --a------ C:\WINDOWS.0\system32\d3dx10_34.dll
    2007-06-12 21:10 443,752 --a------ C:\WINDOWS.0\system32\d3dx10_33.dll
    2007-06-12 21:10 3,497,832 --a------ C:\WINDOWS.0\system32\d3dx9_34.dll
    2007-06-12 21:10 3,495,784 --a------ C:\WINDOWS.0\system32\d3dx9_33.dll
    2007-06-12 21:10 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll
    2007-06-12 21:10 266,088 --a------ C:\WINDOWS.0\system32\xactengine2_8.dll
    2007-06-12 21:10 261,480 --a------ C:\WINDOWS.0\system32\xactengine2_7.dll
    2007-06-12 21:10 255,848 --a------ C:\WINDOWS.0\system32\xactengine2_6.dll
    2007-06-12 21:10 251,672 --a------ C:\WINDOWS.0\system32\xactengine2_5.dll
    2007-06-12 21:10 237,848 --a------ C:\WINDOWS.0\system32\xactengine2_4.dll
    2007-06-12 21:10 236,824 --a------ C:\WINDOWS.0\system32\xactengine2_3.dll
    2007-06-12 21:10 2,414,360 --a------ C:\WINDOWS.0\system32\d3dx9_31.dll
    2007-06-12 21:10 2,297,552 --a------ C:\WINDOWS.0\system32\d3dx9_26.dll
    2007-06-12 21:10 18,280 --a------ C:\WINDOWS.0\system32\x3daudio1_2.dll
    2007-06-12 21:10 15,128 --a------ C:\WINDOWS.0\system32\x3daudio1_1.dll
    2007-06-12 21:10 1,124,720 --a------ C:\WINDOWS.0\system32\D3DCompiler_34.dll
    2007-06-12 21:10 1,123,696 --a------ C:\WINDOWS.0\system32\D3DCompiler_33.dll
    2007-06-12 09:06 <DIR> d-------- C:\Program Files\Browser Mouse
    2007-06-12 09:05 <DIR> d-------- C:\Program Files\Muiltmedia keyboard utility
    2007-06-12 09:02 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
    2007-06-12 09:01 <DIR> d-------- C:\Program Files\Google
    2007-06-12 09:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-06-12 08:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DisplayTune
    2007-06-12 08:20 62,009 --a------ C:\WINDOWS.0\system32\wpfb_nv4_disp.dll
    2007-06-12 08:19 8,960 --a------ C:\WINDOWS.0\system32\drivers\PdiPorts.sys
    2007-06-12 08:19 62,009 --a------ C:\WINDOWS.0\system32\WPFB.DLL
    2007-06-12 08:19 2,304 --a------ C:\WINDOWS.0\system32\Machnm32.sys
    2007-06-12 08:19 17,465 --a------ C:\WINDOWS.0\system32\drivers\pivot.sys
    2007-06-12 08:19 11,776 --a------ C:\WINDOWS.0\system32\drivers\pdiddcci.sys
    2007-06-12 08:19 11,323 --a------ C:\WINDOWS.0\system32\drivers\pivotmou.sys
    2007-06-12 08:19 <DIR> d-------- C:\Program Files\Portrait Displays
    2007-06-12 08:19 <DIR> d-------- C:\Program Files\Gateway
    2007-06-10 06:02 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-06-09 18:57 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
    2007-06-09 11:30 129,784 --------- C:\WINDOWS.0\system32\pxafs.dll
    2007-06-09 11:30 118,520 --------- C:\WINDOWS.0\system32\pxinsi64.exe
    2007-06-09 11:30 116,472 --------- C:\WINDOWS.0\system32\pxcpyi64.exe
    2007-06-09 11:30 <DIR> d-------- C:\Program Files\DivX
    2007-06-09 09:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
    2007-06-09 08:27 <DIR> d-------- C:\Program Files\QuickTime
    2007-06-09 08:26 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-06-09 08:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-06-09 08:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-06-09 08:06 <DIR> d-------- C:\WINDOWS.0\system32\LogFiles
    2007-06-09 08:06 <DIR> d-------- C:\WINDOWS.0\system32\drivers\UMDF
    2007-06-09 07:52 <DIR> d-------- C:\WINDOWS.0\Prefetch
    2007-06-09 07:27 221,184 --a------ C:\WINDOWS.0\system32\wmpns.dll
    2007-06-09 07:26 <DIR> d-------- C:\WINDOWS.0\provisioning
    2007-06-09 07:26 <DIR> d-------- C:\WINDOWS.0\peernet
    2007-06-09 07:24 <DIR> d-------- C:\WINDOWS.0\ServicePackFiles
    2007-06-09 07:21 <DIR> d-------- C:\WINDOWS.0\EHome
    2007-06-09 06:39 <DIR> d-------- C:\VundoFix Backups
    2007-06-09 06:15 4,569 --------- C:\WINDOWS.0\system32\secupd.dat
    2007-06-09 06:15 11,776 --------- C:\WINDOWS.0\system32\spnpinst.exe
    2007-06-09 06:00 614,912 --a------ C:\WINDOWS.0\system32\h323msp.dll
    2007-06-09 06:00 331,264 --a------ C:\WINDOWS.0\system32\ipnathlp.dll
    2007-06-09 05:55 947,472 --a------ C:\WINDOWS.0\system32\msjava.dll
    2007-06-09 05:55 63,248 --a------ C:\WINDOWS.0\system32\javaprxy.dll
    2007-06-09 05:55 6,550 --a------ C:\WINDOWS.0\jautoexp.dat
    2007-06-09 05:55 49,424 --a------ C:\WINDOWS.0\system32\clspack.exe
    2007-06-09 05:55 46,352 --a------ C:\WINDOWS.0\setdebug.exe
    2007-06-09 05:55 404,752 --a------ C:\WINDOWS.0\system32\javart.dll
    2007-06-09 05:55 313,856 --a------ C:\WINDOWS.0\system32\dx3j.dll
    2007-06-09 05:55 286,992 --a------ C:\WINDOWS.0\system32\vmhelper.dll
    2007-06-09 05:55 21,264 --a------ C:\WINDOWS.0\system32\msjdbc10.dll
    2007-06-09 05:55 187,152 --a------ C:\WINDOWS.0\system32\javacypt.dll
    2007-06-09 05:55 172,304 --a------ C:\WINDOWS.0\system32\jview.exe
    2007-06-09 05:55 171,792 --a------ C:\WINDOWS.0\system32\wjview.exe
    2007-06-09 05:55 171,280 --a------ C:\WINDOWS.0\system32\jit.dll
    2007-06-09 05:55 154,384 --a------ C:\WINDOWS.0\system32\msawt.dll
    2007-06-09 05:55 15,120 --a------ C:\WINDOWS.0\system32\jdbgmgr.exe
    2007-06-09 05:55 139,536 --a------ C:\WINDOWS.0\system32\javaee.dll
    2007-06-09 05:55 113 --a------ C:\WINDOWS.0\system32\zonedon.reg
    2007-06-09 05:55 113 --a------ C:\WINDOWS.0\system32\zonedoff.reg
    2007-06-09 05:27 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
    2007-06-09 05:22 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
    2007-06-09 05:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
    2007-06-09 00:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-06-09 00:18 35 --a------ C:\WINDOWS.0\readme.bat
    2007-06-08 22:43 1,082,368 --a------ C:\WINDOWS.0\system32\esent.dll
    2007-06-08 21:37 57,344 --a------ C:\WINDOWS.0\Unwash6.exe
    2007-06-08 21:37 486,400 --a------ C:\WINDOWS.0\system32\wwSecure.exe
    2007-06-08 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    2007-06-08 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2007-06-08 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-06-08 21:32 <DIR> d-------- C:\Program Files\Viewpoint


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-26 15:08:49 288 ----a-w C:\WINDOWS.0\system32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
    2007-06-26 15:08:49 288 ----a-w C:\WINDOWS.0\system32\DVCState-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
    2007-06-13 03:50:43 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-06-12 12:19:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-10 10:03:25 -------- d-----w C:\Program Files\Messenger
    2007-06-09 11:26:29 -------- d-----w C:\Program Files\Movie Maker
    2007-06-09 11:24:34 -------- d-----w C:\Program Files\Windows NT
    2007-06-09 01:09:43 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-05-25 07:53:59 -------- d-----w C:\Program Files\CyberLink
    2007-05-24 05:41:44 -------- d-----w C:\Program Files\Project64 v1.5
    2007-05-23 00:54:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Real
    2007-05-22 10:52:43 -------- d-----w C:\Program Files\directx
    2007-05-22 10:52:21 -------- d-----w C:\Program Files\Common Files\Logitech
    2007-05-22 10:50:59 -------- d-----w C:\Program Files\Windows Media Components
    2007-05-21 08:36:07 -------- d-----w C:\Program Files\Intel
    2007-05-21 08:31:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InterTrust
    2007-05-21 08:18:21 57,344 ----a-w C:\WINDOWS.0\uneng.exe
    2007-05-21 08:18:21 -------- d-----w C:\Program Files\Common Files\Adaptec Shared
    2007-05-21 08:17:52 -------- d-----w C:\Program Files\Common Files\Roxio Shared
    2007-05-21 08:17:43 -------- d-----w C:\Program Files\Roxio
    2007-05-19 05:45:13 -------- d-----w C:\Program Files\Creative
    2007-05-19 04:49:17 552 ----a-w C:\WINDOWS.0\system32\d3d8caps.dat
    2007-05-19 04:41:11 -------- d-----w C:\Program Files\Alwil Software
    2007-05-19 04:38:32 -------- d-----w C:\Program Files\wgens170
    2007-05-19 04:11:49 -------- d-----w C:\Program Files\microsoft frontpage
    2007-05-19 04:11:45 0 --sha-r C:\MSDOS.SYS
    2007-05-19 04:11:45 0 --sha-r C:\IO.SYS
    2007-05-19 04:11:45 0 ----a-w C:\CONFIG.SYS
    2007-05-19 04:11:45 0 ----a-w C:\AUTOEXEC.BAT
    2007-05-19 04:09:43 -------- d-----w C:\Program Files\Common Files\MSSoap
    2007-05-19 04:09:20 21,640 ----a-w C:\WINDOWS.0\system32\emptyregdb.dat
    2007-05-19 04:08:55 -------- d-----w C:\Program Files\Online Services
    2007-05-19 04:08:48 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-05-18 21:05:00 -------- d-----w C:\Program Files\Common Files\SpeechEngines
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS.0\system32\inetcomm.dll
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS.0\system32\AVASTSS.scr
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS.0\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS.0\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS.0\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS.0\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS.0\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS.0\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS.0\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS.0\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS.0\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS.0\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS.0\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS.0\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS.0\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS.0\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS.0\system32\msi.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS.0\system32\wuaueng.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS.0\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS.0\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS.0\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 15:02]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 04:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 06:43]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-12 09:02]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-18 12:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
    "CTHelper"="CTHELPER.EXE" [2002-12-19 01:59 C:\WINDOWS.0\system32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 03:56 C:\WINDOWS.0\system32\regsvr32.exe]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-01-17 19:14]
    "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 15:08]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-09 20:16]
    "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 13:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 06:43]
    "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2005-12-07 20:59]
    "DT Task"="C:\Program Files\Gateway\EzTune\DTHtml.exe" [2006-08-01 16:52]
    "FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE" [2007-06-12 09:05]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\mouse32a.exe" [2007-06-12 09:06]
    "THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 12:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


    Contents of the 'Scheduled Tasks' folder
    2007-06-21 10:29:01 C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
    2007-06-26 04:00:00 C:\WINDOWS.0\tasks\At1.job
    2007-06-26 13:00:00 C:\WINDOWS.0\tasks\At10.job
    2007-06-26 14:00:00 C:\WINDOWS.0\tasks\At11.job
    2007-06-26 15:00:00 C:\WINDOWS.0\tasks\At12.job
    2007-06-25 16:00:00 C:\WINDOWS.0\tasks\At13.job
    2007-06-25 17:00:00 C:\WINDOWS.0\tasks\At14.job
    2007-06-25 18:00:00 C:\WINDOWS.0\tasks\At15.job
    2007-06-25 19:00:00 C:\WINDOWS.0\tasks\At16.job
    2007-06-25 20:00:00 C:\WINDOWS.0\tasks\At17.job
    2007-06-25 21:00:00 C:\WINDOWS.0\tasks\At18.job
    2007-06-25 22:00:00 C:\WINDOWS.0\tasks\At19.job
    2007-06-26 05:00:00 C:\WINDOWS.0\tasks\At2.job
    2007-06-25 23:00:00 C:\WINDOWS.0\tasks\At20.job
    2007-06-26 00:00:00 C:\WINDOWS.0\tasks\At21.job
    2007-06-26 01:00:00 C:\WINDOWS.0\tasks\At22.job
    2007-06-26 02:00:00 C:\WINDOWS.0\tasks\At23.job
    2007-06-26 03:00:00 C:\WINDOWS.0\tasks\At24.job
    2007-06-26 04:00:00 C:\WINDOWS.0\tasks\At25.job
    2007-06-26 05:00:00 C:\WINDOWS.0\tasks\At26.job
    2007-06-26 06:00:00 C:\WINDOWS.0\tasks\At27.job
    2007-06-26 07:00:00 C:\WINDOWS.0\tasks\At28.job
    2007-06-26 08:00:00 C:\WINDOWS.0\tasks\At29.job
    2007-06-26 06:00:00 C:\WINDOWS.0\tasks\At3.job
    2007-06-26 09:00:00 C:\WINDOWS.0\tasks\At30.job
    2007-06-26 10:00:00 C:\WINDOWS.0\tasks\At31.job
    2007-06-26 11:00:00 C:\WINDOWS.0\tasks\At32.job
    2007-06-26 12:00:00 C:\WINDOWS.0\tasks\At33.job
    2007-06-26 13:00:00 C:\WINDOWS.0\tasks\At34.job
    2007-06-26 14:00:00 C:\WINDOWS.0\tasks\At35.job
    2007-06-26 15:00:00 C:\WINDOWS.0\tasks\At36.job
    2007-06-25 16:00:00 C:\WINDOWS.0\tasks\At37.job
    2007-06-25 17:00:00 C:\WINDOWS.0\tasks\At38.job
    2007-06-25 18:00:00 C:\WINDOWS.0\tasks\At39.job
    2007-06-26 07:00:00 C:\WINDOWS.0\tasks\At4.job
    2007-06-25 19:00:00 C:\WINDOWS.0\tasks\At40.job
    2007-06-25 20:00:00 C:\WINDOWS.0\tasks\At41.job
    2007-06-25 21:00:00 C:\WINDOWS.0\tasks\At42.job
    2007-06-25 22:00:00 C:\WINDOWS.0\tasks\At43.job
    2007-06-25 23:00:00 C:\WINDOWS.0\tasks\At44.job
    2007-06-26 00:00:00 C:\WINDOWS.0\tasks\At45.job
    2007-06-26 01:00:00 C:\WINDOWS.0\tasks\At46.job
    2007-06-26 02:00:00 C:\WINDOWS.0\tasks\At47.job
    2007-06-26 03:00:00 C:\WINDOWS.0\tasks\At48.job
    2007-06-26 08:00:00 C:\WINDOWS.0\tasks\At5.job
    2007-06-26 09:00:00 C:\WINDOWS.0\tasks\At6.job
    2007-06-26 10:00:00 C:\WINDOWS.0\tasks\At7.job
    2007-06-26 11:00:00 C:\WINDOWS.0\tasks\At8.job
    2007-06-26 12:00:00 C:\WINDOWS.0\tasks\At9.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-26 11:22:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-26 11:23:10
    C:\ComboFix-Do.txt ... 2007-06-26 11:07
    C:\ComboFix-quarantined-files.txt ... 2007-06-26 11:23
    C:\ComboFix2.txt ... 2007-06-25 15:17

    --- E O F ---

  9. #9
    Junior Member
    Join Date
    Jun 2007
    Posts
    14

    Default

    HJT:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:08:12 AM, on 06/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS.0\system32\CTHELPER.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\Program Files\Browser Mouse\mouse32a.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\System32\wwSecure.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Owner\Local Settings\Temp\EI40_\msxml4.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS.0\System32\wwSecure.exe

    --
    End of file - 5946 bytes

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      + Extended (If available otherwise Standard)

      o Scan Options:

      + Scan Archives
      + Scan Mail Bases
    • Click OK
    • Now under select a target to scan select My Computer
    • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


    Post:

    - a fresh HijackThis log
    - kaspersky report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •