Skip to main content

Deathflash10

24 Posts

November 8th, 2007 02:00

Oh, BTW, Its also giving me a Data excecution prevention error and says Windows has to close this program and its name is WIndows Explorer...after that it just reboots.

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 8th, 2007 11:00

You have quite a collection of malware there. Even if we can clean the malware off your system, I cannot guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognize and logs won't show.
Also, I cannot promise you that we can repair all the damage it caused. After cleaning the malware, you can still get errors afterwards because of the damage. Solving these problems is not always possible since it will take endless hours, and will be like "searching for a needle in a haystack" to find the right cause and solution.
We can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

* If you have posted this log on another forum, please provide a link to the topic.

* If you are using any cracked software, please remove it.
Definition of cracked software:
http://en.wikipedia.org/wiki/Software_cracking

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.
The nature of such software and the high incidence of malware in files downloaded with them are counter productive to restoring your PC to a healthy state.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log. Please do not do anything else until you get further instructions.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

* Please disable realtime monitoring, except for your anti-virus, so it does not interfere while we are fixing your system. Refer to this page for information on disabling any realtime monitoring before we start working on a fix for your problem.

Disable Realtime Monitoring

Also disable your Symantec ScriptBlocking:
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.

Please move Hijackthis to a folder of its own. Rightclick on an empty space on your desktop and choose New > Folder
Name it HijackThis (HJT, or whatever)
Rightclick HijackThis.exe, choose Cut.
Doubleclick (to open) the folder you created.
Rightclick inside and choose Paste.

Please launch Hijackthis again.
At the Main window select "Open the misc tool section"
Then select "Open uninstall manager"
Then "save list" and save it to your desktop.

Copy and paste that list as a reply to this thread. Thanks.

Deathflash10

24 Posts

November 8th, 2007 14:00

I hav'nt posted on any other forums.
I've deleted all the crack software.
Removed all P2P stuff like torrents and bittorrent..
It is my computer and I have full authority to make changes.
This is the first time I am using HijackThis, but have good computing skills to follow directions.
Disabled all realtime stuff.
 
Here is the uninstall log:
 
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
aspi
Athan Basic 3.0
Build Your Own Net Dream (remove only)
ccCommon
CCHelp
CCScore
CleanUp!
CR2
Dell Driver Reset Tool
DivX Web Player
E2give Plug-in
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
Free Sticky Notes 2.0
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
HTML TOOLS Toolbar (remove only)
ijji Auto Installer
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KSU
LeadTool
LimeWire 4.14.8
Loader
Macromedia Flash Player
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Modem Helper
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 Parser and SDK
MyMouse 4.3
Notifier
OTtBP
PCDADDIN
PCDHELP
PCDLNCH
PCDrdsho
QuickTime
Radioshack USB-to-Serial cable
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SFR
SFR2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB MassStorage CardReader
Verizon Servicepoint 1.3.21
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WinZip
Workspace Macro Pro 6.5
Yahoo! Messenger

Oh yea, btw: Im always gonna have to be on safe mode w/ networking...since if i log in the regular way, it'll auto reboot. Don't worry about how much we can save, lets just get as much as we can done. thanks alot man.


Message Edited by Deathflash10 on 11-08-2007 10:40 AM

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 8th, 2007 15:00

Please go to Add/Remove Programs and remove the following:
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.14.8

Reboot.

Please download Combofix from here:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
** Take note that the link is case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
See if you can reboot into Normal mode at this point.
3. Post the contents of the CF log in your next reply with a new HijackThis log.

Note:
Do not mouseclick Combofix's window while it is running. That may cause your system to stall/hang.
Do not proceed with the rest of the fix if you fail to run ComboFix.


Note: The above instructions have been created specifically for this user. If you are not this user, do NOT follow these directions.

Deathflash10

24 Posts

November 8th, 2007 16:00

C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1386476.sdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\531510
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578081
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578140
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85062
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90358
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\3371.dat
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_greencard.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Timmy Khan\Application Data.\AVSystemCare
C:\Documents and Settings\Timmy Khan\Application Data.\AVSystemCare\avtasks.dat
C:\Documents and Settings\Timmy Khan\Application Data.\AVSystemCare\Logs\av.log
C:\Documents and Settings\Timmy Khan\Application Data.\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Timmy Khan\Application Data.\AVSystemCare\Logs\update.log
C:\Documents and Settings\Timmy Khan\Application Data.\AVSystemCare\PGE.dat
C:\Documents and Settings\Timmy Khan\Application Data\install.dat
C:\Documents and Settings\Timmy Khan\Application Data\install_en[1].exe
C:\Documents and Settings\Timmy Khan\Application Data\SpamBlocker
C:\Documents and Settings\Timmy Khan\Application Data\SpamBlockerUtility
C:\Documents and Settings\Timmy Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\Timmy Khan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx

Deathflash10

24 Posts

November 8th, 2007 16:00

Succesfully removed:
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.14.8
 
Combofix Log:

 
ComboFix 07-11-08.1 - Timmy Khan 2007-11-08 13:08:14.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.303 [GMT -5:00]
Running from: C:\Documents and Settings\Timmy Khan\Desktop\ComboFix.exe
.
 Unable to gain System Privileges
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\Documents and Settings\All Users\Application Data.\Starware
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Shafan Khan\Application Data\SpamBlockerUtility

Deathflash10

24 Posts

November 8th, 2007 16:00

HJT log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:03 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Timmy Khan\Desktop\Desktop\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com/linktrack.aspx?linktrackid=4205
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84A103F0-B7D0-44BF-BDDE-4226F9908A25} - C:\WINDOWS\system32\d3d8th.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {AF9705FD-D3CB-46CE-9F64-3BC945440122} - C:\WINDOWS\system32\d3d8th.dll
O2 - BHO: (no name) - {B9FD001B-62A3-4387-ACFA-4A1A344D6B7F} - C:\WINDOWS\system32\d3d8th.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Audio Device Manager] sfhgj.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Timmy Khan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163107623687
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B56FF813-9B72-439D-BFF3-E722EBAECA8E} (CDISCoverOS Object) - http://rockford.discoverconsole.com/onlinespotlight/OnSpotDiscover.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.38/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c6.cab?d57370afcab988f6ff2369e33ed8ddf998dc3bfef4bc6cf2d38af2acc1b1cabf5c15be1c382d7716c5eb1d5c9fb584fe54157788c078265795c3c4d0e14cc40eb3ad7583cce2:86ce58ef4ad882ce96e46115b5703919
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing)
--
End of file - 13771 bytes
_Also, removed Limewire and the Java one. i can get on regular, but it freezes up after a while, and in the start up, I Still get a winlogon.exe error although it DOESNT reboot.

Deathflash10

24 Posts

November 8th, 2007 16:00

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\ 000C2AFD.dat
C:\Program Files\ipwins
C:\Program Files\ipwins\count.dat
C:\Program Files\ipwins\data.dat
C:\Program Files\ipwins\date.dat
C:\Program Files\ipwins\s1cc.dat
C:\Program Files\ipwins\s538.dat
C:\Program Files\ipwins\settings.dat
C:\Program Files\ipwins\settingsDate.dat
C:\Program Files\License_Manager
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\regifast
C:\Program Files\regifast\TEM18\PopUpMgr.plg
C:\Program Files\regifast\TEM18\skin.jpg
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Wallpaper\Bikini.com - Jennifer.jpg
C:\Program Files\screensavers.com\Wallpaper\Michael Vick.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\snowball wars
C:\Program Files\snowball wars\License.txt
C:\Program Files\spamblockerutility
C:\Program Files\spamblockerutility\SpamBlockerUtility.log
C:\Program Files\surfsidekick 3
C:\Program Files\surfsidekick 3\Ssk(2).exe
C:\Program Files\surfsidekick 3\SskBho(2).dll
C:\Program Files\surfsidekick 3\SskCore(2).dll
C:\Program Files\windows
C:\Program Files\windows\WinUpdate.fld
C:\Program Files\winupdates
C:\UGA6P
C:\WINDOWS\b.exe
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\away.exe.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cloudsim.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\asc3550p.sys
C:\WINDOWS\system32\drivers\FJA36.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\jiub5f27y.hhy
C:\WINDOWS\system32\kernelw.sys
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\m1ax1d1213216143v.exe
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vedxga8me6.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\whcc-giant.exe
C:\WINDOWS\xpupdate.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ASC3550P
-------\LEGACY_DRIVER
-------\LEGACY_FJA36
-------\LEGACY_FMTR
-------\LEGACY_IPRIP
-------\asc3550p
-------\Driver
-------\Iprip

(((((((((((((((((((((((((   Files Created from 2007-10-08 to 2007-11-08  )))))))))))))))))))))))))))))))
.
2007-11-08 13:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 10:00 2,720 --a------ C:\WINDOWS\system32\create.exe
2007-11-07 22:55   d-------- C:\VundoFix Backups
2007-11-07 22:47   d-------- C:\Program Files\Trend Micro
2007-11-07 20:50   d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-07 19:52 124,258 --a------ C:\WINDOWS\noskrnl.exe
2007-11-07 19:52 92,672 --a------ C:\WINDOWS\system32\d3d8th.dll
2007-11-07 13:06 58,368 --a------ C:\hflhfol.exe
2007-11-07 13:06 20,480 --a------ C:\WINDOWS\system32\smsccdcc.dll
2007-11-06 11:01 37,016 --a------ C:\WINDOWS\img4851.zip
2007-11-06 11:01 36,864 -r-hs---- C:\WINDOWS\sfhgj.exe
2007-10-28 17:47 909,680,588 --a------ C:\SilkroadOnline_GlobalOffi1.exe
2007-10-27 13:36 5,689,344 --a------ C:\mplayerc.exe
2007-10-27 13:32   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Media Player Classic
2007-10-27 13:25   d-------- C:\Program Files\Elecard
2007-10-27 13:25   d-------- C:\Program Files\Common Files\Elecard
2007-10-26 18:46   d--h----- C:\Documents and Settings\Timmy Khan\igLoader Files
2007-10-26 15:04   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Aim
2007-10-26 13:40   d-------- C:\Documents and Settings\Shafan Khan\Application Data\HP
2007-10-26 13:40   d-------- C:\Documents and Settings\Shafan Khan\Application Data\FaxCtr
2007-10-26 13:27   d-------- C:\Documents and Settings\Timmy Khan\Application Data\QQ Games Plugin
2007-10-26 13:27   d-------- C:\Documents and Settings\Timmy Khan\Application Data\acccore
2007-10-26 13:25   d-------- C:\Program Files\Tencent
2007-10-25 16:57 1,335,276 --a------ C:\mm20enu.exe
2007-10-25 14:47   d-------- C:\Program Files\Loader
2007-10-21 10:36   d-------- C:\Program Files\Common Files\xing shared
2007-10-18 15:13   d-------- C:\Documents and Settings\Timmy Khan\Application Data\PowerChallenge
2007-10-15 20:18   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Printer Info Cache
2007-10-15 20:18   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Image Zone Express
2007-10-15 19:57   d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2007-10-15 19:51   d-------- C:\Documents and Settings\Timmy Khan\Application Data\HP
2007-10-15 19:47   d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-15 19:46   d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-10-15 19:45   d-------- C:\Program Files\Common Files\HP
2007-10-15 19:44   d-------- C:\Program Files\Hewlett-Packard
2007-10-15 19:44   d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-15 19:41 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-10-15 19:41 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-10-15 19:40   d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-15 19:40 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-10-15 19:40 117,760 --a------ C:\WINDOWS\system32\hpzll4v2.dll
2007-10-15 19:39 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-10-15 19:38 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2007-10-15 19:38 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2007-10-15 19:38 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2007-10-15 19:38 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2007-10-15 19:38 294,912 -ra------ C:\WINDOWS\system32\hpovst10.dll
2007-10-15 19:35   d-------- C:\HP
2007-10-15 19:34   d-------- C:\Program Files\HP
2007-10-15 19:34 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-15 19:34 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-15 19:24 130,902 --a------ C:\WINDOWS\hpoins12.dat
2007-10-15 19:24 1,470 --------- C:\WINDOWS\hpomdl12.dat
2007-10-09 16:08   d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-10-09 16:01   d-------- C:\Documents and Settings\Timmy Khan\Application Data\FaxCtr
2007-10-08 20:01 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-10-08 20:01 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-10-08 20:01 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-10-08 20:01 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-10-08 20:01 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-10-08 20:00   d-------- C:\Program Files\Lexmark Fax Solutions
2007-10-08 20:00   d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr

Deathflash10

24 Posts

November 8th, 2007 16:00

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 18:02 --------- d-----w C:\Program Files\LimeWire
2007-11-08 03:16 --------- d-----w C:\Program Files\Viewpoint
2007-11-08 03:16 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\Viewpoint
2007-11-08 03:14 --------- d-----w C:\Program Files\SoundSpectrum
2007-11-08 01:07 --------- d-----w C:\Program Files\Silkroad
2007-11-06 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-31 01:34 --------- d-----w C:\Program Files\AIM
2007-10-28 21:11 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\uTorrent
2007-10-26 20:04 --------- d-----w C:\Program Files\AOD
2007-10-26 20:01 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-26 20:01 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\AOL
2007-10-26 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-26 20:00 --------- d-----w C:\Program Files\All Sound Recorder XP
2007-10-26 18:35 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\CuteReminder
2007-10-26 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-21 15:36 --------- d-----w C:\Program Files\Real
2007-10-21 15:35 --------- d-----w C:\Program Files\Common Files\Real
2007-10-18 20:20 --------- d-----w C:\Program Files\Java
2007-10-09 10:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 00:54 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-07 16:06 --------- d-----w C:\Program Files\Audio Tools Factory
2007-10-07 14:15 --------- d-----w C:\Program Files\HiFisoftware
2007-10-07 11:13 --------- d-----w C:\Program Files\DivX
2007-10-07 11:12 --------- d-----w C:\Program Files\verizon
2007-10-07 11:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 11:10 --------- d-----w C:\Program Files\Intel
2007-10-07 11:09 --------- d-----w C:\Program Files\Dell
2007-10-07 11:08 --------- d-----w C:\Program Files\Sticky Notes
2007-10-02 19:11 --------- d-----w C:\Program Files\Free Sticky Notes
2007-10-02 19:07 --------- d-----w C:\Program Files\MoRUN.net
2007-10-02 19:03 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-02 19:00 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\TK8 Software
2007-10-02 01:13 --------- d-----w C:\Program Files\NoteGenie
2007-10-02 01:12 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\CS Desktop Notes
2007-10-02 01:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-02 01:09 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-02 01:06 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\3M
2007-09-23 15:50 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\My Games
2007-09-23 03:47 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\Firaxis Games
2007-09-17 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
2007-09-16 21:46 --------- d-----w C:\Program Files\NHN USA
2007-09-16 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-14 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-09-12 00:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\64 manager beep
2007-09-10 15:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-09-08 20:03 --------- d-----w C:\Program Files\Google
2007-09-08 02:38 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\64 manager beep
2007-04-17 18:57 24,088 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\GDIPFONTCACHEV1.DAT
2007-02-13 00:42 49 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb8467.dat
2007-02-13 00:42 337 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb1942.dat
2007-02-09 23:40 20,480 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb4827.dat
2007-01-26 22:55 9,216 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb6334.dat
2007-01-26 22:55 0 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb6500.dat
2007-01-26 22:55 0 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb5436.dat
2006-06-27 19:22 0 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb41.dat
2006-06-23 23:46 0 ---ha-w C:\Program Files\ToolBar888(2)
2006-06-23 23:46 0 ---ha-w C:\Program Files\Internet Optimizer(2)
2006-06-23 23:46 0 ---ha-w C:\Program Files\Common Files\InetGet(2)
2005-11-28 00:57 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-03-09 00:59:31 56 --sh--r C:\WINDOWS\system32\425B3640D2.sys
2006-08-12 15:26:36 1,274,476 --sh--w C:\WINDOWS\system32\fgjlm.ini2
2007-03-09 00:59:31 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-12 23:25:04 103,753,304 --sha-w C:\WINDOWS\system32\psG.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF9705FD-D3CB-46CE-9F64-3BC945440122}]
2004-08-10 05:00 92672 --a------ C:\WINDOWS\system32\d3d8th.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9FD001B-62A3-4387-ACFA-4A1A344D6B7F}]
2004-08-10 05:00 92672 --a------ C:\WINDOWS\system32\d3d8th.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-15 15:33]
"Athan"="C:\Program Files\Athan\Athan.exe" [2005-10-08 18:45]
"ML1HelperStartUp"="C:\PROGRA~1\MIDNIG~1\ML1HEL~1.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-06 11:54]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 18:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"NWEReboot"="" []
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 17:56]
"HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 10:34]
"Audio Device Manager"="sfhgj.exe" [2007-10-28 20:00 C:\WINDOWS\sfhgj.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 13:08]
"License Manager"="C:\Program Files\License_Manager\license_manager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 15:02]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-08 15:02:08]
HP Digital Imaging Monitor.lnk - C:\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-31 13:54:18]
Workspace Macro Pro Hotkeys.lnk - C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe [2005-09-25 16:25:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]
sysfldr.dll 2006-07-05 05:55 12800 C:\WINDOWS\system32\sysfldr.dll
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\system32\noskrnl.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 13:16:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 13:17:31 - machine was rebooted
.
 --- E O F ---

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 8th, 2007 17:00

Your HijackThis needs to be in a folder where it can save backups.
Rightclick on an empty space on your desktop and choose New > Folder
Name it HijackThis (HJT, or whatever)
Rightclick HijackThis.exe, choose Cut.
Doubleclick (to open) the folder you created.
Rightclick inside and choose Paste.

Please disable your Symantec Script Blocking from within your Norton so it does not interfere with anything during our fixes now or later. You can enable this whenever we have verified that your system is clean.To disable Norton AntiVirus Script Blocking:
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.

Open Notepad and copy/paste the following text between the dotted lines into it. Do not copy the dotted lines.
** Make sure you copy/paste ALL the text at once.
----------------------------------------------------------------------------------------------- 

Folder::
C:\Program Files\ToolBar888(2)
C:\Program Files\Internet Optimizer(2)
C:\Program Files\License_Manager


File::
C:\hflhfol.exe
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\sysfldr.dll
C:\WINDOWS\system32\d3d8th.dll
C:\WINDOWS\sfhgj.exe


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF9705FD-D3CB-46CE-9F64-3BC945440122}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9FD001B-62A3-4387-ACFA-4A1A344D6B7F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Audio Device Manager"=-
"License Manager"="-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]

--------------------------------------------------------------------------------------------------------

Save this as CFScript.txt

Photo Sharing and Video Hosting at Photobucket

Referring to the picture above, drag CFScript into ComboFix.exe
You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with all others requested.
  • Click Close to exit the program.


In addition, please provide the contents of the new ComboFix log in your next reply along with a new HijackThis log, and let me know how things are running. We will have more to do.

Deathflash10

24 Posts

November 8th, 2007 18:00

I am having a problem because I cannot find my Norton antivirus. All I can find is Norton Security Center and that doesn't give me the option of selecting "options" or disableing scripts...Where is it?

Basically: I cant find out where to open Norton from...isnt there a way to just delete it from my computer?


Message Edited by Deathflash10 on 11-08-2007 03:25 PM

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 8th, 2007 19:00

The anti-virus is a component of the Security Center. Let's see if we can stop the service this way.

* Go to Start > Run and type cmd in the Open: line. Click OK.
* Type: sc stop SBService
Click Enter
* Reboot the system

Deathflash10

24 Posts

November 8th, 2007 20:00

Ok, all that happened is a black box came up and dissapeared...

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 8th, 2007 20:00

Try this:
Go to start > run and type: “services.msc “ (without quotes)
Then you will see ALL "services" running on the computer.
Look for the name SBService, and set it to DISABLE/ STOP. If it is already set to DISABLED, you were successful the first time.

Deathflash10

24 Posts

November 8th, 2007 21:00

Combo Fix Log
 
ComboFix 07-11-08.1 - Timmy Khan 2007-11-08 18:43:33.2 - NTFSx86
Running from: C:\Documents and Settings\Timmy Khan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Timmy Khan\Desktop\CFScript.txt
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\d3d8th.dll
C:\WINDOWS\system32\drivers\ljnabwmm.dat
C:\WINDOWS\system32\drivers\mzwccuvs.dat
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ASDYRFKG
-------\asdyrfkg

(((((((((((((((((((((((((   Files Created from 2007-10-08 to 2007-11-08  )))))))))))))))))))))))))))))))
.
2007-11-08 18:00   d-------- C:\Program Files\SUPERAntiSpyware
2007-11-08 18:00   d-------- C:\Documents and Settings\Timmy Khan\Application Data\SUPERAntiSpyware.com
2007-11-08 18:00   d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-08 17:59   d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-08 17:20   d-------- C:\Program Files\SpaceMonger
2007-11-08 17:20   d-------- C:\Documents and Settings\Timmy Khan\Application Data\SpaceMonger
2007-11-08 13:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 10:00 2,720 --a------ C:\WINDOWS\system32\create.exe
2007-11-07 22:55   d-------- C:\VundoFix Backups
2007-11-07 22:47   d-------- C:\Program Files\Trend Micro
2007-11-07 13:06 58,368 --a------ C:\hflhfol.exe
2007-11-06 11:01 37,016 --a------ C:\WINDOWS\img4851.zip
2007-10-27 13:36 5,689,344 --a------ C:\mplayerc.exe
2007-10-27 13:32   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Media Player Classic
2007-10-27 13:25   d-------- C:\Program Files\Elecard
2007-10-27 13:25   d-------- C:\Program Files\Common Files\Elecard
2007-10-26 18:46   d--h----- C:\Documents and Settings\Timmy Khan\igLoader Files
2007-10-26 15:04   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Aim
2007-10-26 13:40   d-------- C:\Documents and Settings\Shafan Khan\Application Data\HP
2007-10-26 13:40   d-------- C:\Documents and Settings\Shafan Khan\Application Data\FaxCtr
2007-10-26 13:27   d-------- C:\Documents and Settings\Timmy Khan\Application Data\QQ Games Plugin
2007-10-26 13:27   d-------- C:\Documents and Settings\Timmy Khan\Application Data\acccore
2007-10-26 13:25   d-------- C:\Program Files\Tencent
2007-10-25 16:57 1,335,276 --a------ C:\mm20enu.exe
2007-10-25 14:47   d-------- C:\Program Files\Loader
2007-10-21 10:36   d-------- C:\Program Files\Common Files\xing shared
2007-10-18 15:13   d-------- C:\Documents and Settings\Timmy Khan\Application Data\PowerChallenge
2007-10-15 20:18   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Printer Info Cache
2007-10-15 20:18   d-------- C:\Documents and Settings\Timmy Khan\Application Data\Image Zone Express
2007-10-15 19:57   d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2007-10-15 19:51   d-------- C:\Documents and Settings\Timmy Khan\Application Data\HP
2007-10-15 19:47   d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-15 19:46   d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-10-15 19:45   d-------- C:\Program Files\Common Files\HP
2007-10-15 19:44   d-------- C:\Program Files\Hewlett-Packard
2007-10-15 19:44   d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-15 19:41 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-10-15 19:41 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-10-15 19:40   d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-15 19:40 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-10-15 19:40 117,760 --a------ C:\WINDOWS\system32\hpzll4v2.dll
2007-10-15 19:39 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-10-15 19:38 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2007-10-15 19:38 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2007-10-15 19:38 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2007-10-15 19:38 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2007-10-15 19:38 294,912 -ra------ C:\WINDOWS\system32\hpovst10.dll
2007-10-15 19:35   d-------- C:\HP
2007-10-15 19:34   d-------- C:\Program Files\HP
2007-10-15 19:34 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-15 19:34 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-15 19:24 130,902 --a------ C:\WINDOWS\hpoins12.dat
2007-10-15 19:24 1,470 --------- C:\WINDOWS\hpomdl12.dat
2007-10-09 16:08   d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-10-09 16:01   d-------- C:\Documents and Settings\Timmy Khan\Application Data\FaxCtr
2007-10-08 20:01 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-10-08 20:01 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-10-08 20:01 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-10-08 20:01 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-10-08 20:01 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-10-08 20:00   d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 23:42 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\64 manager beep
2007-11-08 23:42 --------- d-----w C:\Documents and Settings\LocalService\Application Data\64 manager beep
2007-11-08 22:37 --------- d-----w C:\Program Files\Sony Setup
2007-11-08 18:19 --------- d-----w C:\Program Files\Real
2007-11-08 03:16 --------- d-----w C:\Program Files\Viewpoint
2007-11-08 03:16 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\Viewpoint
2007-11-08 03:14 --------- d-----w C:\Program Files\SoundSpectrum
2007-11-08 01:07 --------- d-----w C:\Program Files\Silkroad
2007-11-06 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-31 01:34 --------- d-----w C:\Program Files\AIM
2007-10-28 21:11 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\uTorrent
2007-10-26 20:04 --------- d-----w C:\Program Files\AOD
2007-10-26 20:01 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-26 20:01 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\AOL
2007-10-26 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-26 20:00 --------- d-----w C:\Program Files\All Sound Recorder XP
2007-10-26 18:35 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\CuteReminder
2007-10-21 15:35 --------- d-----w C:\Program Files\Common Files\Real
2007-10-18 20:20 --------- d-----w C:\Program Files\Java
2007-10-09 10:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 00:54 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-07 16:06 --------- d-----w C:\Program Files\Audio Tools Factory
2007-10-07 14:15 --------- d-----w C:\Program Files\HiFisoftware
2007-10-07 11:13 --------- d-----w C:\Program Files\DivX
2007-10-07 11:12 --------- d-----w C:\Program Files\verizon
2007-10-07 11:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 11:10 --------- d-----w C:\Program Files\Intel
2007-10-07 11:09 --------- d-----w C:\Program Files\Dell
2007-10-07 11:08 --------- d-----w C:\Program Files\Sticky Notes
2007-10-02 19:11 --------- d-----w C:\Program Files\Free Sticky Notes
2007-10-02 19:07 --------- d-----w C:\Program Files\MoRUN.net
2007-10-02 19:03 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-02 19:00 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\TK8 Software
2007-10-02 01:13 --------- d-----w C:\Program Files\NoteGenie
2007-10-02 01:12 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\CS Desktop Notes
2007-10-02 01:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-02 01:09 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-02 01:06 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\3M
2007-09-23 15:50 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\My Games
2007-09-23 03:47 --------- d-----w C:\Documents and Settings\Timmy Khan\Application Data\Firaxis Games
2007-09-17 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
2007-09-16 21:46 --------- d-----w C:\Program Files\NHN USA
2007-09-16 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-14 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-09-10 15:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-09-08 20:03 --------- d-----w C:\Program Files\Google
2007-04-17 18:57 24,088 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\GDIPFONTCACHEV1.DAT
2007-02-13 00:42 49 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb8467.dat
2007-02-13 00:42 337 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb1942.dat
2007-02-09 23:40 20,480 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb4827.dat
2007-01-26 22:55 9,216 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb6334.dat
2007-01-26 22:55 0 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb6500.dat
2007-01-26 22:55 0 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb5436.dat
2006-06-27 19:22 0 ----a-w C:\Documents and Settings\Timmy Khan\Application Data\internaldb41.dat
2006-06-23 23:46 0 ---ha-w C:\Program Files\ToolBar888(2)
2006-06-23 23:46 0 ---ha-w C:\Program Files\Internet Optimizer(2)
2006-06-23 23:46 0 ---ha-w C:\Program Files\Common Files\InetGet(2)
2005-11-28 00:57 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-03-09 00:59:31 56 --sh--r C:\WINDOWS\system32\425B3640D2.sys
2006-08-12 15:26:36 1,274,476 --sh--w C:\WINDOWS\system32\fgjlm.ini2
2007-03-09 00:59:31 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-12 23:25:04 103,753,304 --sha-w C:\WINDOWS\system32\psG.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Athan"="C:\Program Files\Athan\Athan.exe" [2005-10-08 18:45]
"ML1HelperStartUp"="C:\PROGRA~1\MIDNIG~1\ML1HEL~1.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-06 11:54]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 18:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"NWEReboot"="" []
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" []
"HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 10:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 13:08]
"License Manager"="C:\Program Files\License_Manager\license_manager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 15:02]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-08 15:02:08]
HP Digital Imaging Monitor.lnk - C:\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-31 13:54:18]
Workspace Macro Pro Hotkeys.lnk - C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe [2005-09-25 16:25:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]
sysfldr.dll 2006-07-05 05:55 12800 C:\WINDOWS\system32\sysfldr.dll
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\system32\noskrnl.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 18:49:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 18:50:47 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-08 13:17
.
 --- E O F ---

Was this post helpful?

View All

No Events found!

Top