Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hello I am hoping for an analysis of my hijackthis log.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby Shaba » December 7th, 2008, 4:11 pm

And they are still there.

Ensure that windows firewall is first on.

Right-click the Zone Alarm icon in the System Tray, and select Shutdown Zone Alarm.

After that, please redo my previous instructions (that one with HijackThis fixes and otmoveit3) and re-enable ZoneAlarm after reboot.

Re-run rsit.

Post:

- otmoveit3 log
- a fresh rsit log (only log.txt will appear)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby OnTheRoadAgain » December 7th, 2008, 4:32 pm

========== FILES ==========
File/Folder C:\WINDOWS\system32\fowerovo.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\AK47\LOCALS~1\Temp\Perflib_Perfdata_694.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\AK47\LOCALS~1\Temp\~DF487E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_52c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT032f4.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_152531

Files moved on Reboot...
File C:\DOCUME~1\AK47\LOCALS~1\Temp\Perflib_Perfdata_694.dat not found!
C:\DOCUME~1\AK47\LOCALS~1\Temp\~DF487E.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_52c.dat not found!
C:\WINDOWS\temp\ZLT032f4.TMP moved successfully.



Logfile of random's system information tool 1.04 (written by random/random)
Run by AK47 at 2008-12-07 15:29:04
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (5%) free of 78 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:20 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AK47.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {a9458dfc-908e-40ad-8b72-92d11731ea74} - C:\WINDOWS\system32\puwareda.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [desojifuwu] Rundll32.exe "C:\WINDOWS\system32\wipakave.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9644709625
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\ruvaluno.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8094 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~2\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9458dfc-908e-40ad-8b72-92d11731ea74}]
C:\WINDOWS\system32\puwareda.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINDOWS\system\msdxm.ocx [2001-09-21 846096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]
"desojifuwu"=C:\WINDOWS\system32\wipakave.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]
"AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\dlm.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AK47^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-08-09 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2008-01-09 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^zPlanner.lnk]
C:\Program Files\zPlanner\zPlanner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeffrey A Link^Start Menu^Programs^Startup^BoontyBox.lnk]
C:\PROGRA~1\Boonty\BOONTY~1\BOONTY~1.EXE /boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3
"Ati HotKey Poller"=2
"LBTServ"=3
"iPod Service"=3
"idsvc"=3
"IDriverT"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\ruvaluno.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-02 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\ruvaluno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Viewpoint\Common\ViewpointService.exe"="C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"="C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe:*:Disabled:ekrn"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Disabled:FEAR Combat"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Disabled:il2fb"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Disabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2008-12-07 13:20:07 ----D---- C:\_OTMoveIt
2008-12-07 10:56:24 ----D---- C:\Program Files\Common Files\Adobe
2008-12-07 04:37:29 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-07 03:15:54 ----A---- C:\log.txt
2008-12-07 02:00:41 ----D---- C:\rsit
2008-12-05 08:22:24 ----D---- C:\Program Files\Common Files\system
2008-12-05 08:22:24 ----D---- C:\Program Files\Common Files\speechengines
2008-12-05 08:22:24 ----D---- C:\Program Files\Common Files\mssoap
2008-12-05 08:22:23 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-05 08:22:23 ----D---- C:\Program Files\common files
2008-12-05 04:14:32 ----D---- C:\Program Files\Innovative Solutions
2008-12-04 08:47:00 ----D---- C:\Program Files\ESET
2008-12-04 08:47:00 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-02 17:10:16 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 17:10:16 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 17:10:16 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 16:17:02 ----D---- C:\Program Files\Trend Micro
2008-12-02 16:02:11 ----A---- C:\jre-6u11-windows-i586-p.exe
2008-12-02 15:46:57 ----D---- C:\Documents and Settings\AK47\Application Data\Malwarebytes
2008-12-02 15:46:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-02 15:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-02 15:32:07 ----SHD---- C:\Config.Msi
2008-12-02 13:58:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 13:57:56 ----D---- C:\Program Files\ThreatFire
2008-12-02 09:14:03 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-12-02 09:14:01 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-12-02 09:14:01 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-12-02 09:13:52 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-12-02 09:13:51 ----D---- C:\Program Files\Zone Labs
2008-12-02 09:13:51 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-12-02 09:13:51 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-12-02 09:13:50 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-12-02 09:13:50 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-12-02 09:10:58 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-12-02 09:10:58 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-12-02 09:10:57 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-12-02 00:42:08 ----SH---- C:\WINDOWS\system32\ipelebol.ini
2008-12-01 00:27:16 ----A---- C:\WINDOWS\ScUnin.exe
2008-11-30 21:20:04 ----D---- C:\Program Files\Guitar Speed Trainer
2008-11-19 04:26:07 ----D---- C:\Documents and Settings\AK47\Application Data\Media Player Classic
2008-11-19 04:25:35 ----D---- C:\Program Files\Real Alternative
2008-11-11 08:21:18 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-12-07 15:29:07 ----D---- C:\WINDOWS\Temp
2008-12-07 15:25:52 ----D---- C:\WINDOWS\Internet Logs
2008-12-07 15:25:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 15:24:20 ----D---- C:\WINDOWS\Prefetch
2008-12-07 14:51:18 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 14:03:30 ----D---- C:\WINDOWS\system32
2008-12-07 13:20:16 ----RD---- C:\Program Files
2008-12-07 12:48:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 10:22:31 ----D---- C:\WINDOWS
2008-12-07 08:31:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-07 08:31:16 ----HD---- C:\WINDOWS\inf
2008-12-07 05:52:02 ----A---- C:\WINDOWS\WININIT.INI
2008-12-07 04:37:29 ----D---- C:\WINDOWS\Debug
2008-12-07 04:36:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-07 03:14:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-07 03:00:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 12:00:59 ----D---- C:\Program Files\IDoser v4
2008-12-05 10:48:11 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-05 09:08:23 ----SHD---- C:\WINDOWS\Installer
2008-12-05 08:05:00 ----D---- C:\Program Files\CF
2008-12-05 07:50:29 ----SHD---- C:\RECYCLER
2008-12-04 08:21:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 08:17:34 ----A---- C:\WINDOWS\imsins.BAK
2008-12-03 10:25:25 ----D---- C:\WINDOWS\Minidump
2008-12-02 17:09:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-02 17:09:24 ----D---- C:\Program Files\Java
2008-12-02 13:10:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 09:10:56 ----D---- C:\WINDOWS\WinSxS
2008-12-01 02:05:41 ----D---- C:\Program Files\Starcraft
2008-11-30 19:35:23 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-20 01:54:55 ----SD---- C:\WINDOWS\Tasks
2008-11-19 08:24:32 ----D---- C:\Program Files\COMODO
2008-11-19 08:24:32 ----D---- C:\Documents and Settings\AK47\Application Data\Comodo
2008-11-19 04:17:10 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 02:56:22 ----D---- C:\WINDOWS\Help
2008-11-11 08:23:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-09-09 30988]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 ausbmon;Advanced USB Port Monitor Filter Driver; \??\C:\WINDOWS\system32\ausbmon.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-06-22 169984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-09-02 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-11-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2007-09-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Creative SB Audigy LS; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-09-02 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys []
S3 al72xih7;al72xih7; C:\WINDOWS\system32\drivers\al72xih7.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys []
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\System32\DRIVERS\atinevxx.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBConexant;Ezonics Ezcam II; C:\WINDOWS\system32\DRIVERS\Usbcone.sys [2000-07-14 82560]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
S3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver; C:\WINDOWS\System32\DRIVERS\FA31XND5.SYS [2002-05-14 16007]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2007-09-02 8576]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-11-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-11-29 78992]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MSW_USB;Microsoft Broadband Networking Wireless USB Driver; C:\WINDOWS\system32\DRIVERS\MSWUSB51.sys [2002-07-14 51712]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NPUSB;NPUSB; C:\WINDOWS\system32\DRIVERS\npusb.sys [2006-07-07 15360]
S3 SaiH0255;SaiH0255; C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 121984]
S3 SaiH053c;SaiH053c; C:\WINDOWS\system32\DRIVERS\SaiH053c.sys [2004-07-26 56576]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-10-20 15616]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-10-20 26752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-10-30 25856]
S3 WBHWDOCT;Winbond GPIO Driver1; C:\WINDOWS\System32\drivers\WBHWDOCT.sys [2003-04-07 7296]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-05 66872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe []
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-02 552960]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S4 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
OnTheRoadAgain
Active Member
 
Posts: 12
Joined: December 2nd, 2008, 6:29 pm

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby Shaba » December 7th, 2008, 4:38 pm

Yep, so it appears to be ZoneAlarm.

First ensure that windows firewall is on.

After that uninstall ZoneAlarm (you can install it back after those registry changes have been done).

After that, please redo my previous instructions (that one with HijackThis fixes and otmoveit3).

Re-run rsit.

Post:

- otmoveit3 log
- a fresh rsit log (only log.txt will appear)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby OnTheRoadAgain » December 7th, 2008, 4:58 pm

========== FILES ==========
File/Folder C:\WINDOWS\system32\fowerovo.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\AK47\LOCALS~1\Temp\Perflib_Perfdata_1f8.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_155208

Files moved on Reboot...
File C:\DOCUME~1\AK47\LOCALS~1\Temp\Perflib_Perfdata_1f8.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat not found!



Logfile of random's system information tool 1.04 (written by random/random)
Run by AK47 at 2008-12-07 15:56:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (5%) free of 78 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:40 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AK47\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AK47.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {a9458dfc-908e-40ad-8b72-92d11731ea74} - C:\WINDOWS\system32\puwareda.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [desojifuwu] Rundll32.exe "C:\WINDOWS\system32\wipakave.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9644709625
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\ruvaluno.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7771 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~2\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9458dfc-908e-40ad-8b72-92d11731ea74}]
C:\WINDOWS\system32\puwareda.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINDOWS\system\msdxm.ocx [2001-09-21 846096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]
"desojifuwu"=C:\WINDOWS\system32\wipakave.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]
"AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\dlm.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AK47^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-08-09 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2008-01-09 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^zPlanner.lnk]
C:\Program Files\zPlanner\zPlanner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeffrey A Link^Start Menu^Programs^Startup^BoontyBox.lnk]
C:\PROGRA~1\Boonty\BOONTY~1\BOONTY~1.EXE /boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3
"Ati HotKey Poller"=2
"LBTServ"=3
"iPod Service"=3
"idsvc"=3
"IDriverT"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\ruvaluno.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-02 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\ruvaluno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Viewpoint\Common\ViewpointService.exe"="C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"="C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe:*:Disabled:ekrn"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Disabled:FEAR Combat"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Disabled:il2fb"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2008-12-07 13:20:07 ----D---- C:\_OTMoveIt
2008-12-07 10:56:24 ----D---- C:\Program Files\Common Files\Adobe
2008-12-07 04:37:29 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-07 03:15:54 ----A---- C:\log.txt
2008-12-07 02:00:41 ----D---- C:\rsit
2008-12-05 08:22:24 ----D---- C:\Program Files\Common Files\system
2008-12-05 08:22:24 ----D---- C:\Program Files\Common Files\speechengines
2008-12-05 08:22:24 ----D---- C:\Program Files\Common Files\mssoap
2008-12-05 08:22:23 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-05 08:22:23 ----D---- C:\Program Files\common files
2008-12-05 04:14:32 ----D---- C:\Program Files\Innovative Solutions
2008-12-04 08:47:00 ----D---- C:\Program Files\ESET
2008-12-04 08:47:00 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-02 17:10:16 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 17:10:16 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 17:10:16 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 16:17:02 ----D---- C:\Program Files\Trend Micro
2008-12-02 16:02:11 ----A---- C:\jre-6u11-windows-i586-p.exe
2008-12-02 15:46:57 ----D---- C:\Documents and Settings\AK47\Application Data\Malwarebytes
2008-12-02 15:46:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-02 15:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-02 15:32:07 ----SHD---- C:\Config.Msi
2008-12-02 13:58:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 13:57:56 ----D---- C:\Program Files\ThreatFire
2008-12-02 09:13:51 ----D---- C:\Program Files\Zone Labs
2008-12-02 09:13:51 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-12-02 09:10:58 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-12-02 09:10:57 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-12-02 00:42:08 ----SH---- C:\WINDOWS\system32\ipelebol.ini
2008-12-01 00:27:16 ----A---- C:\WINDOWS\ScUnin.exe
2008-11-30 21:20:04 ----D---- C:\Program Files\Guitar Speed Trainer
2008-11-19 04:26:07 ----D---- C:\Documents and Settings\AK47\Application Data\Media Player Classic
2008-11-19 04:25:35 ----D---- C:\Program Files\Real Alternative
2008-11-11 08:21:18 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-12-07 15:55:46 ----D---- C:\WINDOWS\Temp
2008-12-07 15:55:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 15:52:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 15:44:02 ----D---- C:\WINDOWS\Internet Logs
2008-12-07 15:43:59 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-07 15:43:56 ----D---- C:\WINDOWS\system32
2008-12-07 15:43:27 ----D---- C:\WINDOWS\Prefetch
2008-12-07 13:20:16 ----RD---- C:\Program Files
2008-12-07 12:48:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 10:22:31 ----D---- C:\WINDOWS
2008-12-07 08:31:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-07 08:31:16 ----HD---- C:\WINDOWS\inf
2008-12-07 05:52:02 ----A---- C:\WINDOWS\WININIT.INI
2008-12-07 04:37:29 ----D---- C:\WINDOWS\Debug
2008-12-07 04:36:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-07 03:14:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-07 03:00:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 12:00:59 ----D---- C:\Program Files\IDoser v4
2008-12-05 09:08:23 ----SHD---- C:\WINDOWS\Installer
2008-12-05 08:05:00 ----D---- C:\Program Files\CF
2008-12-05 07:50:29 ----SHD---- C:\RECYCLER
2008-12-04 08:21:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 08:17:34 ----A---- C:\WINDOWS\imsins.BAK
2008-12-03 10:25:25 ----D---- C:\WINDOWS\Minidump
2008-12-02 17:09:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-02 17:09:24 ----D---- C:\Program Files\Java
2008-12-02 13:10:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 09:10:56 ----D---- C:\WINDOWS\WinSxS
2008-12-01 02:05:41 ----D---- C:\Program Files\Starcraft
2008-11-30 19:35:23 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-20 01:54:55 ----SD---- C:\WINDOWS\Tasks
2008-11-19 08:24:32 ----D---- C:\Program Files\COMODO
2008-11-19 08:24:32 ----D---- C:\Documents and Settings\AK47\Application Data\Comodo
2008-11-19 04:17:10 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 02:56:22 ----D---- C:\WINDOWS\Help
2008-11-11 08:23:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-09-09 30988]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 ausbmon;Advanced USB Port Monitor Filter Driver; \??\C:\WINDOWS\system32\ausbmon.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-06-22 169984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-09-02 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-11-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2007-09-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Creative SB Audigy LS; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-09-02 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
S3 an0piqat;an0piqat; C:\WINDOWS\system32\drivers\an0piqat.sys []
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys []
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\System32\DRIVERS\atinevxx.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBConexant;Ezonics Ezcam II; C:\WINDOWS\system32\DRIVERS\Usbcone.sys [2000-07-14 82560]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
S3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver; C:\WINDOWS\System32\DRIVERS\FA31XND5.SYS [2002-05-14 16007]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2007-09-02 8576]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-11-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-11-29 78992]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MSW_USB;Microsoft Broadband Networking Wireless USB Driver; C:\WINDOWS\system32\DRIVERS\MSWUSB51.sys [2002-07-14 51712]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NPUSB;NPUSB; C:\WINDOWS\system32\DRIVERS\npusb.sys [2006-07-07 15360]
S3 SaiH0255;SaiH0255; C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 121984]
S3 SaiH053c;SaiH053c; C:\WINDOWS\system32\DRIVERS\SaiH053c.sys [2004-07-26 56576]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-10-20 15616]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-10-20 26752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-10-30 25856]
S3 WBHWDOCT;Winbond GPIO Driver1; C:\WINDOWS\System32\drivers\WBHWDOCT.sys [2003-04-07 7296]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-05 66872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe []
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-02 552960]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S4 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


Im also getting an error message on startup that says the wipakave.dll cant be located when i restart
Last edited by OnTheRoadAgain on December 7th, 2008, 5:07 pm, edited 1 time in total.
OnTheRoadAgain
Active Member
 
Posts: 12
Joined: December 2nd, 2008, 6:29 pm

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby OnTheRoadAgain » December 7th, 2008, 5:02 pm

Im also getting an error message on startup that says the wipakave.dll cant be located when i restart
OnTheRoadAgain
Active Member
 
Posts: 12
Joined: December 2nd, 2008, 6:29 pm

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby OnTheRoadAgain » December 7th, 2008, 5:11 pm

Should we throw in the towel ?
OnTheRoadAgain
Active Member
 
Posts: 12
Joined: December 2nd, 2008, 6:29 pm

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby Shaba » December 8th, 2008, 4:44 am

No we won't do that :) We will get rid of those registry entries, by one way or another.

There are not anymore active infections, so nothing to worry about.

Let's do this next:

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {a9458dfc-908e-40ad-8b72-92d11731ea74} - C:\WINDOWS\system32\puwareda.dll (file missing)
O4 - HKLM\..\Run: [desojifuwu] Rundll32.exe "C:\WINDOWS\system32\wipakave.dll",s
O20 - AppInit_DLLs: C:\WINDOWS\system32\ruvaluno.dll


Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hello I am hoping for an analysis of my hijackthis log.

Unread postby Shaba » December 13th, 2008, 6:31 am

Due to lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware