Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HIJACKTHIS LOG - i really need help PLEASE HELP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 14th, 2008, 4:25 am

sorry for the late respond. i was out for the weekend.


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-14 00:24:05
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSystemDebugControl
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 01522093 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01522A1B C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 015240EE C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 015224C7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 01523EC5 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!ReleaseDC 77D4869D 5 Bytes JMP 0152330A C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetDC 77D486C7 5 Bytes JMP 015230E6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!PostMessageW 77D48CCB 5 Bytes JMP 01523653 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetWindowDC 77D49021 5 Bytes JMP 01522CEF C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SendMessageW 77D4B8BA 1 Byte [ E9 ]
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SendMessageW + 2 77D4B8BC 3 Bytes [ 7F, 7D, 89 ]
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!PostMessageA 77D4CB85 5 Bytes JMP 015235E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetWindowTextW 77D4CDB6 7 Bytes JMP 01523D53 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowLongA 77D4D60D 5 Bytes JMP 015235AB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetAsyncKeyState 77D4E655 5 Bytes JMP 01523F34 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 01522788 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SendMessageA 77D5F39A 5 Bytes JMP 015236C6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowWord 77D603B3 5 Bytes JMP 01523576 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetClipboardViewer 77D6044B 5 Bytes JMP 01523AB7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 0152263E C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetWindowTextA 77D6213C 7 Bytes JMP 01523BD6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!BitBlt 77F16FB2 5 Bytes JMP 015233A6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!StretchDIBits 77F1B06F 5 Bytes JMP 015234E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!CreateDCA 77F1B251 5 Bytes JMP 01522F10 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!StretchBlt 77F1BAF2 5 Bytes JMP 0152344C C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!CreateDCW 77F1BE91 5 Bytes JMP 01522FFB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] ADVAPI32.dll!StartServiceW 77DEBBAC 7 Bytes JMP 01522252 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[1600] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\iPod\bin\iPodService.exe[1764] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10002093 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 10002A1B C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 100040EE C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 100024C7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 10003EC5 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!ReleaseDC 77D4869D 5 Bytes JMP 1000330A C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetDC 77D486C7 5 Bytes JMP 100030E6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!PostMessageW 77D48CCB 5 Bytes JMP 10003653 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetWindowDC 77D49021 5 Bytes JMP 10002CEF C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SendMessageW 77D4B8BA 1 Byte [ E9 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SendMessageW + 2 77D4B8BC 3 Bytes [ 7F, 2B, 98 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!PostMessageA 77D4CB85 5 Bytes JMP 100035E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetWindowTextW 77D4CDB6 7 Bytes JMP 10003D53 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowLongA 77D4D60D 5 Bytes JMP 100035AB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetAsyncKeyState 77D4E655 5 Bytes JMP 10003F34 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 10002788 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SendMessageA 77D5F39A 5 Bytes JMP 100036C6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowWord 77D603B3 5 Bytes JMP 10003576 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetClipboardViewer 77D6044B 5 Bytes JMP 10003AB7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 1000263E C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetWindowTextA 77D6213C 7 Bytes JMP 10003BD6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!BitBlt 77F16FB2 5 Bytes JMP 100033A6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!StretchDIBits 77F1B06F 5 Bytes JMP 100034E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!CreateDCA 77F1B251 5 Bytes JMP 10002F10 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!StretchBlt 77F1BAF2 5 Bytes JMP 1000344C C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!CreateDCW 77F1BE91 5 Bytes JMP 10002FFB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] ADVAPI32.dll!StartServiceW 77DEBBAC 7 Bytes JMP 10002252 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\GMER\gmer.exe[1960] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wuauclt.exe[2424] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\conime.exe[3240] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\explorer.exe[3648] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F748AC00] pxfsf.sys

Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [B66D5E42] AKEProtect.sys
Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [B66D5E42] AKEProtect.sys

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F748AC00] pxfsf.sys

---- EOF - GMER 1.0.13 ----


--------------------------------


for the totalscan should i click on " disinfect" ?



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-14 00:25:56
PROTECTIONS: 1
MALWARE: 56
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan 4.4 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow
00032710 adware/transponder Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.bin
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.008
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar
00047993 adware/powerscan Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan
00117113 adware/neededware Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{17B8B110-FD82-4A50-9A46-328BB50C6CA4}
00117113 adware/neededware Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{84564147-251A-4F06-8FC5-8AE36B3A55AB}
00117113 adware/neededware Adware No 1 Yes No hkey_classes_root\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}
00117113 adware/neededware Adware No 1 Yes No hkey_classes_root\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}
00117113 adware/neededware Adware No 1 Yes No hkey_local_machine\software\ndwserv030105
00132447 adware program Adware No 0 Yes No c:\windows\system32\log.~
00132447 adware program Adware No 0 Yes No c:\windows\system32\key.~
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.atdmt.com/]
00144867 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007498.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.mediaplex.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@belnk[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@dist.belnk[2].txt
00164527 Adware/Neededware Adware No 1 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007501.dll
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@888[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@888[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
00179624 Trj/Downloader.CZM Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007502.dll
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@bravenet[2].txt
00193207 Adware/Look2Me Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Windows Media Player\wmplayer.exe.tmp.vir
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.go.com/]
00204758 Application/MyWay HackTools No 0 Yes No C:\WINDOWS\Downloaded Program Files\s4initialsetup1.0.0.7.inf
00219061 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007499.dll
00224718 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[2search.dll]
00225945 adware/enhancemsearch Adware No 0 Yes No c:\windows\searchen.dat
00237571 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007500.dll
00256489 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007494.sys
00256489 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007493.sys
00261183 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[uninstall.exe]
00261184 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[main.exe]
00261185 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[get.exe]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.atwola.com/]
00267678 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe[the007guard.ocx]
00267679 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe[the007installer.exe]
00437692 Generic Adware Spyware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007503.dll
00437692 Generic Adware Spyware No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe.vir[DLP.dll]
00437692 Generic Adware Spyware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP20\A0007581.exe[DLP.dll]
00778774 Adware/DealHelper Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007492.exe
00895678 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007497.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP17\A0007473.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007508.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP19\A0007543.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP19\A0007575.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jason\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jason\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP20\A0007600.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP21\A0007618.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP22\A0007659.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01649856 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Jason\My Documents\Unzipped\aefdisk32v11\aefdisk32.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm
Advertisement
Register to Remove

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 14th, 2008, 12:10 pm

Do you know what aefdisk32v11 is ?

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    c:\windows\system32\winupdt.bin
    c:\windows\system32\winupdt.008
    c:\windows\system32\log.~
    c:\windows\system32\key.~
    C:\WINDOWS\Downloaded Program Files\s4initialsetup1.0.0.7.inf
    c:\windows\searchen.dat
    
    Registry::
    [-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow]
    [-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1]
    [-hkey_classes_root\install.install.1]
    [-hkey_classes_root\install.install]
    [-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar]
    [-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan]
    [-hkey_classes_root\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}]
    [-hkey_classes_root\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}]
    [-hkey_local_machine\software\ndwserv030105]
    [-hkey_LOCAL_MACHINE\software\classes\CLSID\{17B8B110-FD82-4A50-9A46-328BB50C6CA4}]
    [-hkey_LOCAL_MACHINE\software\classes\CLSID\{84564147-251A-4F06-8FC5-8AE36B3A55AB}]
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

=========================================================================================
These following tools will produce Very Big logs, create a folder on your desktop and put all the logs into it.
When you have finished all the scans Right-Click the folder and select Send to >> Compressed folder please attach the compressed folder to your reply
=========================================================================================
Download and Run SR Engineer
Please download SREng.
  • Extract it to your desktop.
  • Double click SREng.exe to run it.
  • Select Smart Scan and tick Verify Digital Signatures.
  • Click on the Scan button.
  • When finished click on the Save Reports button and save the log to your desktop.


GetSystemInfo

Please download GetSystemInfo from HERE
Double click GetSysteminfo.exe
It will ask you where to save the report, please save it to your desktop or somewhere that you can find it easily.
It will display it's progress on your screen, when the box disappears it has finished.


Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\\Program Files\\EsetOnlineScanner\\log.txt. Please include this on your post.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • ComboFix Log >> Please post this as normal
      Put the following in the folder
    • SREng Log
    • Nod 32 Log
    • GetSystemInfo Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 16th, 2008, 2:47 am

it says i need an updated combofix and combofix just deleted by itself

what should i do?


so sorry again for the late response
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 16th, 2008, 8:58 am

Please download a fresh copy and then run the CFScript
Download Combofix from one of the links below :

ComboFix.exe 1
ComboFix.exe 2
ComboFix.exe 3
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 19th, 2008, 5:03 am

sorry i try post but it wouldn't let me


ComboFix 08-01-17.3 - Jason 2008-01-19 0:47:36.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.725 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\Downloaded Program Files\s4initialsetup1.0.0.7.inf
c:\windows\searchen.dat
c:\windows\system32\key.~
c:\windows\system32\log.~
c:\windows\system32\winupdt.008
c:\windows\system32\winupdt.bin
.

((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-17 16:06 . 2008-01-17 16:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 16:06 . 2008-01-17 16:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 16:05 . 2008-01-17 19:05 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-16 20:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 22:53 . 2008-01-13 22:53 250 --a------ C:\WINDOWS\gmer.ini
2008-01-13 22:51 . 2008-01-13 22:53 <DIR> d-------- C:\Program Files\GMER
2008-01-13 22:09 . 2008-01-13 22:09 <DIR> d-------- C:\Program Files\Panda Security
2008-01-13 22:09 . 2008-01-13 22:09 1,657 --a------ C:\WINDOWS\mozver.dat
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 10:12 . 2008-01-17 16:12 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 17:22 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-20 06:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 06:05 --------- d-----w C:\Documents and Settings\Jason\Application Data\Aim
2008-01-08 18:05 --------- d-----w C:\Program Files\World of Warcraft
2008-01-06 07:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 11:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 12:03 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 08:03 --------- d-----w C:\Program Files\Peepop
2007-12-18 04:59 --------- d-----w C:\Program Files\Trend Micro
2007-12-18 02:17 --------- d-----w C:\Program Files\Anti Keylogger Elite
2007-12-17 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-12-16 14:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\Spybot - Search & Destroy
2007-12-15 22:36 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 22:36 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 21:05 --------- d-----w C:\Documents and Settings\Jason\Application Data\PC Tools
2006-01-18 04:35 25,672 ----a-w C:\Documents and Settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 05:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-16_20.19.29.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 04:15:21 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-19 08:47:19 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
- 2008-01-17 04:15:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 08:47:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 04:15:21 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-19 08:47:19 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-17 04:15:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 08:47:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 04:15:22 8,077,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-19 08:47:19 8,089,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 04:15:22 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 08:47:19 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-07-27 23:49:02 196,683 ----a-w C:\WINDOWS\LastGood\system32\lnod32apiA.dll
+ 2007-07-27 23:49:02 225,355 ----a-w C:\WINDOWS\LastGood\system32\lnod32apiW.dll
+ 2005-12-06 04:25:22 139,264 ----a-w C:\WINDOWS\LastGood\system32\lnod32umc.dll
+ 2005-12-05 21:37:10 106,496 ----a-w C:\WINDOWS\LastGood\system32\lnod32upd.dll
+ 2007-08-03 02:11:28 253,952 ----a-w C:\WINDOWS\LastGood\system32\OnlineScannerDLLA.dll
+ 2007-08-03 02:11:14 241,664 ----a-w C:\WINDOWS\LastGood\system32\OnlineScannerDLLW.dll
+ 2007-08-09 00:30:12 19,456 ----a-w C:\WINDOWS\LastGood\system32\OnlineScannerLang.dll
+ 2007-06-13 19:10:34 77,824 ----a-w C:\WINDOWS\LastGood\system32\OnlineScannerUninstaller.exe
+ 2007-07-27 23:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 23:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 04:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 21:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-03 02:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-03 02:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-09 00:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 19:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\valve\steam\steam.exe" [2007-12-02 16:58 1266936]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37 7094272]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 14:18 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:22 3739648]
"판도라TV미니"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"ÆCμμ¶oTV¹I´I"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 10:28 151552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\System32\NOWMEMDF.sys [2005-11-02 03:23]

*Newly Created Service* - AVGASCLN
*Newly Created Service* - GMER
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 08:49:00 C:\WINDOWS\Tasks\ ().job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-19 08:49:00 C:\WINDOWS\Tasks\ (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-15 02:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 08:18:10 C:\WINDOWS\Tasks\McAfee.com Update Check (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 00:49:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 0:50:21
ComboFix-quarantined-files.txt 2008-01-19 08:50:06
ComboFix2.txt 2008-01-17 04:19:58
ComboFix3.txt 2008-01-10 09:55:12
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 19th, 2008, 5:15 am

Code: Select all

2008-01-17,01:00:39

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Steam><"c:\valve\steam\steam.exe" -silent>  [(Verified)Valve]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <AIM><C:\Program Files\AIM\aim.exe -cnetwait.odl>  [N/A]
    <googletalk><"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart>  [Google]
    <판도라TV미니><C:\Program Files\PandoraTVMini\MiniUpdate.exe>  [N/A]
    <Veoh><"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide>  [Veoh Networks]
    <ÆCμμ¶oTV¹I´I><C:\Program Files\PandoraTVMini\MiniUpdate.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <diagent><"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <MCUpdateExe><C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe>  [McAfee.com Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
    <Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
Startup Folders
[Microsoft Office]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Stopped/Disabled]
  <C:\WINDOWS\System32\CTsvcCDA.exe><Creative Technology Ltd>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[McAfee.com McShield / McShield][Stopped/Manual Start]
  <c:\PROGRA~1\mcafee.com\vso\mcshield.exe><>
[McAfee.com VirusScan Online Realtime Engine / MCVSRte][Stopped/Manual Start]
  <c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding><Mcafee.com Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Prevx Agent / PrevxAgent][Running/Auto Start]
  <C:\Program Files\PREVX\Prevx Home\PXAgent.exe -f><Prevx Ltd.>
[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
  <C:\Program Files\Spyware Doctor\svcntaux.exe><PC Tools>
[PC Tools Security Service / sdCoreService][Stopped/Manual Start]
  <C:\Program Files\Spyware Doctor\swdsvc.exe><PC Tools>
[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]
  <C:\WINDOWS\System32\MsPMSPSv.exe><Microsoft Corporation>

==================================
Drivers
[AKEProtect / AKEProtect][Running/Auto Start]
  <\??\C:\Program Files\Anti Keylogger Elite\AKEProtect.sys><ISecSoft Inc.>
[ASPI32 / ASPI32][Running/Auto Start]
  <System32\drivers\aspi32.sys><Adaptec>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Creative SoundFont Management Device Driver / ctsfm2k][Stopped/Manual Start]
  <System32\DRIVERS\ctsfm2k.sys><Creative Technology Ltd>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems>
[File Security Driver / IKFileSec][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\ikfilesec.sys><PCTools Research Pty Ltd.>
[System Filter Driver / IKSysFlt][Stopped/Manual Start]
  <system32\drivers\iksysflt.sys><PCTools Research Pty Ltd.>
[System Security Driver / IKSysSec][Stopped/Manual Start]
  <system32\drivers\iksyssec.sys><PCTools Research Pty Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[NaiFiltr / NaiFiltr][Stopped/Manual Start]
  <System32\DRIVERS\NaiFiltr.sys><>
[neokdss / neokdss][Stopped/Manual Start]
  <system32\Drivers\neokdss.sys><N/A>
[NOWMEMDF / NOWMEMDF][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\NOWMEMDF.sys><(c)NOWCOM>
[NPPTNT2 / NPPTNT2][Running/System Start]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OMCI / OMCI][Running/System Start]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Creative OS Services Driver / ossrv][Stopped/Manual Start]
  <System32\DRIVERS\ctoss2k.sys><Creative Technology Ltd.>
[Creative SB Live! Series (WDM) / P16X][Running/Manual Start]
  <system32\drivers\P16X.sys><Creative Technology Ltd.>
[PfModNT / PfModNT][Running/Auto Start]
  <\??\C:\WINDOWS\System32\PfModNT.sys><Creative Technology Ltd.>
[Prevx Driver / PREVXDriver][Running/Boot Start]
  <\SystemRoot\System32\drivers\pxfsf.sys><Prevx Ltd>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[PCTools Browser Monitor]
  {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, N/A>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, America Online, Inc.>
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Java Plug-in 1.5.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_01]
  {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Veoh Browser Plug-in]
  {D0943516-5076-4020-A3B5-AEFAF26AB263} <C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll, Veoh Networks Inc>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[VeohClientVersion2 Class]
  {FC6510B5-9379-4FBE-BC44-6D1A047DB704} <C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohClientVersion2.dll, Veoh Networks>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 572 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 604 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 1068 / Jason][C:\Program Files\AIM\aim.exe]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\AIM_xmlp.dll]  [N/A, ]
    [C:\Program Files\AIM\Xprt.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\oscore.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\Xpcs.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\Xptl.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\idlemon.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\ATE32.dll]  [America Online, Inc., 2.5.18.0]
    [C:\Program Files\AIM\oscres.dll]  [N/A, ]
    [C:\Program Files\AIM\DUNZIP32.dll]  [Inner Media, Inc., 5.00.00]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\AIM\CoolSocket.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\aimres.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\CoolBucky.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\AimCoreSvcs.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\CoolBos.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\AimSecondarySvcs.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\oscarui.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\WNDUTILS.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\AIMAX.dll]  [N/A, ]
    [C:\Program Files\AIM\proto.ocm]  [America Online, Inc., 0.0.0.0]
    [C:\Program Files\AIM\CoolHttp.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\Program Files\AIM\startup.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\aimapi.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\buddyui.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\icbmui.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\rtvideo.dll]  [America Online, Inc., 1.0.1.1]
    [C:\Program Files\AIM\locateui.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\browse.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\chatui.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\ticker.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\alertui.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\oscmain.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\miscui.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\osclogin.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\stats.ocm]  [N/A, ]
    [C:\Program Files\AIM\popup.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\oscsrch.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\rvapps.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\oscmail.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\NTP.ocm]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\ateima32.dll]  [America Online, Inc., 5.5.3595]
    [C:\Program Files\AIM\CoolSecNss.dll]  [America Online, Inc., 3.6.8.2277]
    [C:\WINDOWS\System32\quartz.dll]  [, ]
    [C:\WINDOWS\System32\devenum.dll]  [, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\AIM\inetsocket.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\Program Files\Anti Keylogger Elite\ateap.DLL]  [N/A, ]
    [C:\Program Files\Cucusoft\ipod-converter\Filter\RealMedia.dll]  [Gabest, 1, 0, 0, 9]
    [C:\WINDOWS\system32\ac3filter.ax]  [, 0.68b]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\L3CODECX.AX]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\AIM\nss3.dll]  [Netscape Communications Corporation, 3.9]
    [C:\Program Files\AIM\softokn3.dll]  [Netscape Communications Corporation, 3.9]
    [C:\Program Files\AIM\plc4.dll]  [Netscape Communications Corporation, 4.4.1]
    [C:\Program Files\AIM\nspr4.dll]  [Netscape Communications Corporation, 4.4.1]
    [C:\Program Files\AIM\plds4.dll]  [Netscape Communications Corporation, 4.4.1]
    [C:\Program Files\AIM\ssl3.dll]  [Netscape Communications Corporation, 3.9]
    [C:\Program Files\AIM\smime3.dll]  [Netscape Communications Corporation, 3.9]
    [C:\PROGRA~1\AIM\nssckbi.dll]  [N/A, ]
[PID: 1596 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.6177]
[PID: 1808 / SYSTEM][C:\Program Files\PREVX\Prevx Home\PXAgent.exe]  [Prevx Ltd., 2.0.12.0]
    [C:\Program Files\PREVX\Prevx Home\ZLIB.DLL]  [N/A, ]
    [C:\Program Files\PREVX\Prevx Home\modules\paws.dll]  [Prevx Ltd., 1.0.0.4]
    [C:\Program Files\PREVX\Prevx Home\PME.DLL]  [Prevx Ltd., 1.0.0.4]
    [C:\Program Files\PREVX\Prevx Home\modules\LCLBRK.dll]  [Prevx Ltd., 2.0.15.0]
    [C:\Program Files\PREVX\Prevx Home\LIBAPI.DLL]  [Prevx Ltd., 2.0.6.2]
    [C:\Program Files\PREVX\Prevx Home\LIBCOM.DLL]  [Prevx Ltd., 2.0.10.0]
    [C:\Program Files\PREVX\Prevx Home\modules\BCOM.dll]  [Prevx Ltd., 2.0.10.0]
    [C:\Program Files\PREVX\Prevx Home\modules\kcom.dll]  [Prevx Ltd., 2.0.15.0]
[PID: 1896 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 188 / SYSTEM][C:\WINDOWS\System32\MsPMSPSv.exe]  [Microsoft Corporation, 7.00.00.1954]
[PID: 1832 / Jason][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Anti Keylogger Elite\ateap.DLL]  [N/A, ]
[PID: 2440 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2424 / Jason][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1764 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 7.0.2.16]
    [C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
    [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 1600 / Jason][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.11: 2007112718]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.7]
    [C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.7]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.7]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.64]
    [C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\WINDOWS\System32\quartz.dll]  [, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Mozilla Firefox\components\xpinstal.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\Program Files\Panda Security\TotalScan\ascstubie.dll]  [Panda Security, 1, 0, 0, 7]
    [C:\Program Files\Panda Security\TotalScan\ASCGuiIE.dll]  [Panda Security, 1, 1, 0, 2]
    [C:\Program Files\Panda Security\TotalScan\ascauditor.dll]  [Panda Security, 1, 1, 0, 2]
    [C:\Program Files\Panda Security\TotalScan\psscoms.dll]  [Panda Software International, 1, 0, 0, 11]
    [C:\Program Files\Panda Security\TotalScan\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Panda Security\TotalScan\KREExent.dll]  [N/A, ]
    [C:\Program Files\Panda Security\TotalScan\ascscanner.dll]  [Panda Security, 1, 1, 0, 2]
    [C:\Program Files\Panda Security\TotalScan\ascdata.dll]  [Panda Security, 1, 1, 0, 2]
    [C:\Program Files\Panda Security\TotalScan\libxml2.dll]  [N/A, ]
    [C:\Program Files\Panda Security\TotalScan\npwrapper.dll]  [Panda Security, 1, 1, 0, 2]
    [C:\Program Files\Panda Security\TotalScan\pavdet.dll]  [Panda Software International, 1, 4, 1, 37]
    [C:\Program Files\Panda Security\TotalScan\PsScan.dll]  [Panda Software International, 10, 5, 0, 19]
    [C:\Program Files\Panda Security\TotalScan\pskas.dll]  [Panda Software International, 1, 4, 3, 8]
    [C:\Program Files\Panda Security\TotalScan\PSKUTIL.dll]  [Panda Software International, 1, 4, 3, 10]
    [C:\Program Files\Panda Security\TotalScan\PSKVFILE.dll]  [Panda Software International, 1, 4, 3, 3]
    [C:\Program Files\Panda Security\TotalScan\PSKALLOC.dll]  [Panda Software International, 1, 4, 3, 10]
    [C:\Program Files\Panda Security\TotalScan\pskvfs.dll]  [Panda Software International, 1, 4, 3, 25]
    [C:\Program Files\Panda Security\TotalScan\PSKCMP.dll]  [Panda Software International, 1, 4, 3, 29]
    [C:\Program Files\Panda Security\TotalScan\PSKPACK.DLL]  [Panda Software International, 1, 4, 3, 1]
    [C:\Program Files\Panda Security\TotalScan\PSKVM.DLL]  [Panda Software International, 1, 4, 3, 9]
    [C:\Program Files\Panda Security\TotalScan\PSKHTML.dll]  [Panda Software International, 1, 4, 3, 3]
    [C:\Program Files\Panda Security\TotalScan\Rawvfile.dll]  [Panda Software International, 2, 0, 1, 11]
    [C:\Program Files\Panda Security\TotalScan\pskscs.dll]  [Panda Software International, 1, 4, 3, 30]
    [C:\Program Files\Panda Security\TotalScan\pskavs.dll]  [Panda Software International, 1, 4, 3, 30]
    [C:\Program Files\Panda Security\TotalScan\pskfss.dll]  [Panda Software International, 1, 4, 3, 16]
    [C:\Program Files\Panda Security\TotalScan\prcvfile.dll]  [Panda Software International, 2, 0, 0, 2]
    [C:\Program Files\Panda Security\TotalScan\Pavoe.dll]  [Panda Software International, 3, 5, 1, 0]
    [C:\Program Files\Panda Security\TotalScan\TCPVfile.dll]  [Panda Software International, 3, 0, 1, 0]
    [C:\Program Files\Panda Security\TotalScan\pskahk.dll]  [Panda Software International, 1, 4, 3, 7]
    [C:\Program Files\Panda Security\TotalScan\psscpu.dll]  [Panda Software International, 1, 4, 3, 2]
    [C:\Program Files\Panda Security\TotalScan\pskmdfs.dll]  [Panda Software International, 1, 4, 3, 1]
    [C:\Program Files\Panda Security\TotalScan\memvfile.dll]  [Panda Software International, 2, 0, 0, 1]
    [C:\Program Files\Panda Security\TotalScan\PAvExCom.dll]  [Panda Software International, 4, 0, 3, 0]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll]  [Adobe Systems Inc., 7.0.5.2005092300]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1000 / Jason][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2536 / Jason][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.6177]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.6177]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 5, 0, 8]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
[PID: 3528 / Jason][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2848 / Jason][C:\PROGRA~1\WINZIP\winzip32.exe]  [WinZip Computing, Inc., 18.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZVINFO.DLL]  [WinZip Computing, Inc., 1.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZCAB3.DLL]  [WinZip Computing, Inc., 3.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\wz32.dll]  [WinZip Computing, Inc., 18.0 (32-bit)]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
[PID: 3180 / Jason][C:\Documents and Settings\Jason\My Documents\Unzipped\kztechssuite\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\Jason\My Documents\Unzipped\kztechssuite\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeSystemtimePrivilege [PID = 1068, C:\PROGRAM FILES\AIM\AIM.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 1068, C:\PROGRAM FILES\AIM\AIM.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1068, C:\PROGRAM FILES\AIM\AIM.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1596, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 1596, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1808, C:\PROGRAM FILES\PREVX\PREVX HOME\PXAGENT.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 1808, C:\PROGRAM FILES\PREVX\PREVX HOME\PXAGENT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 188, C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 188, C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 2848, C:\PROGRA~1\WINZIP\WINZIP32.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 2848, C:\PROGRA~1\WINZIP\WINZIP32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2848, C:\PROGRA~1\WINZIP\WINZIP32.EXE]

==================================
API HOOK
Entrypoint Error: FreeLibrary (Dangerous Level: High,  Hooked by Module: 0x7170002D)

==================================
Hidden Process
N/A

==================================




_______________________________________________


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2803 (20080117)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=e4b0f13282a5ba428e3f05a125e0f972
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-18 03:05:03
# local_time=2008-01-17 07:05:03 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=229021
# found=5
# scan_time=1911
C:\Documents and Settings\Jason\Desktop\Install_AIM_5.5.3595.exe Win32/Adware.WBug.A application AD1043B7C8EFCB40B0AF3E619DA6BAEE
C:\Documents and Settings\Jason\Desktop\Install_AIM_5.5.3595.exe ≫WISE ≫WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Documents and Settings\Jason\Desktop\Install_AIM_5.5.3595.exe ≫WISE ≫WxBug.EXE ≫WISE ≫MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B
C:\Program Files\AIM\Sysfiles\WxBug.EXE ≫WISE ≫MiniBugTransporter.dll Win32/Adware.WBug.A application 0000000000000000000000000
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 19th, 2008, 5:28 am

getsysteminfo log
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 19th, 2008, 5:30 am

i can't post sysinfo.txt


it says The extension txt is not allowed.
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 19th, 2008, 12:10 pm

These following tools will produce Very Big logs, create a folder on your desktop and put all the logs into it.
When you have finished all the scans Right-Click the folder and select Send to >> Compressed folder.
Please attach the compressed folder.zip to your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 19th, 2008, 4:47 pm

here goes..
You do not have the required permissions to view the files attached to this post.
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 20th, 2008, 5:08 pm

Due to the size of the logs, I have requested a second set of eyes to make sure I don't miss anything.
Please be patient, I will be back ASAP.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 24th, 2008, 8:17 pm

ok.
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 27th, 2008, 7:14 pm

I do apologize for the delay, I haven't forgotten about you.
The logs you posted are being checked very carefully, as we can't find any cause for the problem at the moment.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 28th, 2008, 12:56 pm

We can find no evidence of malware on your machine :(
How do you change the passwords on the site ?
do you receive an e-mail with the new password ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » February 2nd, 2008, 5:09 pm

sorry about the late response usually i got an email saying that there is a new post on malware.

um to change password you go the website, and change it to whatever.


if you lost your password you receive the new password through email.
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware