lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Another iexplore >.<

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old 17th Jan 2008, 07:35
New Member Group
  
hey im having problems with that explire virus thing its been going on for like a week..and found like a fair few dif guides on how to fix it but most times it would tell me to delete files i didnt have...well when i try end process on them 2 new processes appear for a few seconds before the iexplore ones come back...something like mp3sect and THIRDM~3 not sure if thats relevent though...

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Third mp3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [creativemore] C:\DOCUME~1\Andrew\APPLIC~1\ERRORM~1\Mp3Sect.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Andrew\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  #2  
Old 17th Jan 2008, 09:34
Moderator Group
  
Welcome to TCF.

Lets see if we can clean this up.

---------------

Why is there no antivirus on the computer?
  • Step A is for people who say yes to either of the following:
    • You do not have an antivirus installed.
    • You have an antivirus program that is expired.
  • If the answer to either of the above is yes.
    • Follow this link and install one of the antivirus programs listed.
---------------

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident

Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Third:

With both Tea timer and SpyBot closed download ResetTeaTimer.zip
  • Unzip the file.
  • Double click ResetTeaTimer.bat to remove all entries set by SpyBot's TeaTimer.
  • Once it's ran, you can delete it. It will not be needed again.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

--------------

Download NoLop to your desktop from one of the links below...

Link 1
Link 2[/b]
  • Close any programs you have running since a reboot is required
  • Double click NoLop.exe to run it
  • Next, click the button labeled: Search and Destroy
    <<your computer will now be scanned for infected files>>
  • When the scan finishes, if infected, you are prompted to reboot
  • Click OK
  • Now click: REBOOT
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Post the contents of C:\NoLop.log in the next reply.
Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

---------------

Open HijackThis and select Do a system scan only then place a check mark next to: (if there)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Andrew\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

---------------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)IMPORTANT - Combofix.exe MUST be saved to your your Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc)
  • Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
    • Click on this link to see a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.


---------------

Next post please add
Combofix log
__________________
  #3  
Old 17th Jan 2008, 18:03
New Member Group
  
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Andrew\Desktop
[1/18/2008]
[11:38:54 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AFBBB49A918C2D86.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Age Of Empires 3
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Great Coal Love Default
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Internet Debug Mess Great -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Popwwprofiles
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sony
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\View Bash Locks Rdr -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Yahoo -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Adobe
C:\Documents and Settings\Andrew\Application Data\Adobeaum
C:\Documents and Settings\Andrew\Application Data\Adobeum
C:\Documents and Settings\Andrew\Application Data\Ahead
C:\Documents and Settings\Andrew\Application Data\Apple Computer
C:\Documents and Settings\Andrew\Application Data\Aston -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Corel
C:\Documents and Settings\Andrew\Application Data\Cyberlink
C:\Documents and Settings\Andrew\Application Data\Dvdcss
C:\Documents and Settings\Andrew\Application Data\Errormags
C:\Documents and Settings\Andrew\Application Data\Freecap
C:\Documents and Settings\Andrew\Application Data\Google
C:\Documents and Settings\Andrew\Application Data\Gtopala
C:\Documents and Settings\Andrew\Application Data\Hamachi
C:\Documents and Settings\Andrew\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Identities
C:\Documents and Settings\Andrew\Application Data\Imvu
C:\Documents and Settings\Andrew\Application Data\Kazaa Lite
C:\Documents and Settings\Andrew\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Leadertech
C:\Documents and Settings\Andrew\Application Data\Locktime
C:\Documents and Settings\Andrew\Application Data\Macromedia
C:\Documents and Settings\Andrew\Application Data\Microsoft
C:\Documents and Settings\Andrew\Application Data\Mozilla
C:\Documents and Settings\Andrew\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Real
C:\Documents and Settings\Andrew\Application Data\Sony
C:\Documents and Settings\Andrew\Application Data\Sony Setup
C:\Documents and Settings\Andrew\Application Data\Sun
C:\Documents and Settings\Andrew\Application Data\Symantec
C:\Documents and Settings\Andrew\Application Data\Teamspeak2
C:\Documents and Settings\Andrew\Application Data\Ubi.com
C:\Documents and Settings\Andrew\Application Data\Ventrilo
C:\Documents and Settings\Andrew\Application Data\Vlc
C:\Documents and Settings\Andrew\Application Data\Wholesecurity
C:\Documents and Settings\Andrew\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft





ComboFix 08-01-18.3 - Andrew 2008-01-18 11:48:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.620 [GMT 11:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andrew\Application Data\macromedia\Flash Player\#SharedObjects\QUJR2VX6\www.broadcaster.com
C:\Documents and Settings\Andrew\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Andrew\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\winupdates
C:\WINDOWS\b.exe
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 11:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 11:39 . 2008-01-18 11:42 <DIR> d-------- C:\NoLopBackups
2008-01-16 23:41 . 2008-01-16 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-15 10:53 . 2008-01-15 10:53 <DIR> d-------- C:\Program Files\errormags
2008-01-14 23:52 . 2008-01-14 23:52 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-01-09 22:56 . 2008-01-09 22:56 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2008-01-09 22:38 . 2008-01-09 22:38 <DIR> d-------- C:\Program Files\Real
2008-01-09 22:38 . 2008-01-09 22:38 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-09 22:38 . 2008-01-09 22:38 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-04 11:03 . 2008-01-16 11:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 11:03 . 2008-01-04 11:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 18:15 . 2008-01-09 23:38 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-02 16:16 . 2008-01-02 16:17 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\FreeCap
2007-12-31 15:02 . 2007-12-31 15:02 <DIR> d-------- C:\Program Files\Google
2007-12-28 10:38 . 2007-12-28 10:38 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-26 17:37 . 2006-09-21 17:35 347,648 -ra------ C:\WINDOWS\system32\drivers\A5AGU.sys
2007-12-26 17:37 . 2006-09-21 17:35 149,544 -ra------ C:\WINDOWS\system32\drivers\ar5523.bin
2007-12-26 17:37 . 2006-09-21 17:35 24,576 -ra------ C:\WINDOWS\system32\DWLInst.dll
2007-12-26 17:37 . 2007-12-26 17:37 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{1A9887E3-7A5B-4503-9F27-F2AC052C6352}
2007-12-26 17:12 . 2007-12-26 17:12 <DIR> d-------- C:\Program Files\D-Link
2007-12-26 17:12 . 2007-12-26 17:12 <DIR> d-------- C:\Program Files\ANI
2007-12-23 10:00 . 2007-12-23 10:00 248 --a------ C:\WINDOWS\RomeTW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-18 00:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 13:54 --------- d-----w C:\Documents and Settings\Andrew\Application Data\Lavasoft
2008-01-17 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 03:59 --------- d-----w C:\Program Files\World of Warcraft
2008-01-16 12:42 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 12:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 12:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 12:53 --------- d-----w C:\Program Files\Total War
2008-01-15 12:50 --------- d-----w C:\Program Files\Sierra
2008-01-15 10:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-14 23:54 --------- d-----w C:\Documents and Settings\Andrew\Application Data\errormags
2008-01-14 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\great coal love default
2008-01-02 05:52 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 05:51 --------- d-----w C:\Program Files\Sony
2007-12-31 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\VIEW BASH LOCKS RDR
2007-12-26 12:07 --------- d-----w C:\Documents and Settings\Andrew\Application Data\dvdcss
2007-12-21 23:32 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-21 06:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-20 21:32 --------- d-----w C:\Documents and Settings\Andrew\Application Data\Hamachi
2007-12-01 05:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-22 02:37 --------- d-----w C:\Program Files\GALA-NET
2007-08-22 03:16 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-20 08:59 730,843 -csha-w C:\WINDOWS\system32\sstwa.bak1
2007-06-02 06:11 770,006 -csh--w C:\WINDOWS\system32\sstwa.bak2
2007-06-02 06:13 768,855 -csh--w C:\WINDOWS\system32\sstwa.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"creativemore"="C:\DOCUME~1\Andrew\APPLIC~1\ERRORM ~1\Mp3Sect.exe" [2008-01-15 10:53 457216]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 08:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 21:22 219008]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 23:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.ex e" [2001-07-09 11:50 155648]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-03-21 06:53 327680]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"SpyHunter"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 09:22 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41 282624]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-07-07 11:56 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59 49152]
"Love default global mess"="C:\Documents and Settings\All Users\Application Data\great coal love default\Third mp3.exe" [2008-01-18 11:56 1972224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-09 22:38 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-11-12 17:31:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-02 11:47 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam raid.sys [2004-05-18 19:55]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-07 08:55]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-09-21 17:35]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
S3 cel90xbe;cel90xbe;C:\DOCUME~1\Andrew\LOCALS~1\Temp \cel90xbe.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-07-02 21:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 09:29:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 11:56:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2008-01-18 11:59:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 00:59:02
.
2008-01-16 12:15:55 --- E O F ---
  #4  
Old 17th Jan 2008, 18:27
Moderator Group
  
Looking good so far.


Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe and then click Start.
  • An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now Click OK to start.
    • This is a short scan that will scan the files currently running in memory.
    • If or when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis and click OK
  • Back at the main window, select the Complete scan button.
  • Then click the Green Arrow Start Scanning button on the right and the scan will start.
    • Click Yes to all if it asks if you want to cure/move any file(s).
  • When the scan is done.
  • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  • Copy and paste that log in the next reply

----------

Run a new Hijackthis scan and post the log.

----------

Next post please add
Dr. Web log
New Hijackthis log
__________________
  #5  
Old 17th Jan 2008, 19:08
New Member Group
  
it wont actually let me download drweb curit tells me the page cannot be displayed when i try click download
  #6  
Old 17th Jan 2008, 19:13
Moderator Group
  
Try this link.

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
__________________
  #7  
Old 17th Jan 2008, 19:15
New Member Group
  
says the same thing >.<
  #8  
Old 17th Jan 2008, 19:20
Moderator Group
  
Strange, we will try another route then.

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All and UNCHECK Cookies.
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All and UNCHECK Cookies.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All and UNCHECK Cookies.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main ATF Cleaner menu to close the program.

---------------

Go to THIS POST and get AVG Antispyware. Follow the instructions in order to configure it to clean and saving the log for the next post.

Next post please add
AVG log
New Hijackthis log
__________________
  #9  
Old 17th Jan 2008, 20:27
New Member Group
  
couldnt find were avg had made a log file...so i just took a screenshot of what it found...hope u can still get the info u needed from that

http://img253.imageshack.us/my.php?image=avgak0.png

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Third mp3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [creativemore] C:\DOCUME~1\Andrew\APPLIC~1\ERRORM~1\Mp3Sect.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  #10  
Old 17th Jan 2008, 20:39
Moderator Group
  
Thats fine, I mainly want to see that you deleted/quarantined what was found. Many people take an hour running the scan and use the No Action option. Wasted time.............

You cut off the top of the HJT log. Need the whole thing posted.
__________________
Reply
Page 1 of 3 1 23

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.