hijack this log

Discussion in 'Windows - Virus and spyware problems' started by lmac222, Nov 28, 2006.

  1. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 12:53:02 PM, on 11/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - D:\Program Files\OIN Search\OINSearch.dll
    O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4902/mcfscan.cab
    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    thanks for any help

    the thing thats irritating is the constant pop ups, it wont do it while im away or idle from my computer, but rest assure i move the mouse and do some surfing bam here they come

    on another note, is it possible for a virus to block a port from my router?

    i got a program i play games with that has a port and its set up correctly within my router, but as soon as i try to connect or host a game the program encounters an error and closes? I figure step 1 though is get rid of this virus/viruses

    ty for any help.
     
    lmac222, Nov 28, 2006
    #1
  2. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    please any help
     
    lmac222, Dec 1, 2006
    #2
  3. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Hello Imac222 I'm studying your log right now and will be back to you a.s.a.p.
     
    spuge9, Dec 1, 2006
    #3
  4. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Hi Again Imac222 Let's Continue.

    1. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall PuritySCAN By OIN, OuterInfo, OIN or similar.



    Please Download Combofix.exe


    And save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply.


    Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

    Also just copy and paste your HJT log.
     
    spuge9, Dec 1, 2006
    #4
  5. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    is this what ya needed?
    Lightning - 06-12-01 14:13:24.06 Service Pack 2
    ComboFix 06.11.27W - Running from: "D:\Documents and Settings\Lightning\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    D:\WINDOWS\system32\components
    D:\Program Files\Common Files\{3CB6E935-0AA8-1033-0704-051220010001}
    D:\Program Files\Common Files\{BCB6E935-0AA8-1033-0704-051220010001}

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\FNTS~1
    D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\ICROSO~1
    D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\MBOLS~1
    D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\SSTEM3~1
    D:\QooBox\Purity\Documents and Settings\Lightning\My Documents\YSTEM~1
    D:\QooBox\Purity\Program Files\ICROSO~1
    D:\QooBox\Purity\Program Files\MCROSO~1
    D:\QooBox\Purity\Program Files\YMBOLS~1
    D:\QooBox\Purity\Program Files\Common Files\SEMBLY~1
    D:\QooBox\Purity\Program Files\YMBOLS~1\scanregw.exe
    D:\QooBox\Purity\Program Files\YMBOLS~1\?ymbols
    D:\QooBox\Purity\WINDOWS\CROSOF~1.NET
    D:\QooBox\Purity\WINDOWS\CROSOF~1.NET\w?nword.exe
    D:\QooBox\Purity\WINDOWS\system32\RACLE~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))


    2006-12-01 13:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL OCP
    2006-12-01 13:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Viewpoint
    2006-12-01 13:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL
    2006-12-01 13:54 <DIR> d-------- D:\Program Files\AIM6
    2006-12-01 12:53 <DIR> d-------- D:\Program Files\Trillian
    2006-12-01 12:02 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\.gaim
    2006-12-01 11:35 <DIR> d-------- D:\Program Files\Common Files\GTK
    2006-11-28 22:05 <DIR> dr-h----- D:\$VAULT$.AVG
    2006-11-28 20:34 88,340 --a------ D:\WINDOWS\system32\ocxbvwoc.exe
    2006-11-28 20:28 88,340 --a------ D:\WINDOWS\system32\qofkicey.exe
    2006-11-28 20:28 132,116 --a------ D:\WINDOWS\system32\hnxtctdk.dll
    2006-11-28 20:28 <DIR> d-------- D:\Program Files\VSAdd-in
    2006-11-28 17:03 126,996 --a------ D:\WINDOWS\system32\hxtjmvbx.dll
    2006-11-28 13:13 <DIR> d-------- D:\Program Files\Lavasoft
    2006-11-28 13:13 <DIR> d-------- D:\Program Files\Adware Away
    2006-11-27 23:56 <DIR> d-------- D:\WINDOWS\McAfee.com
    2006-11-27 23:48 <DIR> d-------- D:\Program Files\ToniArts
    2006-11-27 22:33 88,340 --a------ D:\WINDOWS\system32\dwhemvoi.exe
    2006-11-27 22:03 3,968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
    2006-11-27 22:03 18,240 --a------ D:\WINDOWS\system32\drivers\avgmfx86.sys
    2006-11-27 22:03 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\AVG7
    2006-11-27 22:02 816,672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
    2006-11-27 22:02 4,224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-11-27 22:02 28,416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-11-27 22:02 <DIR> d-------- D:\Program Files\Grisoft
    2006-11-27 22:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
    2006-11-27 22:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7
    2006-11-27 22:01 88,340 --a------ D:\WINDOWS\system32\gggviyne.exe
    2006-11-27 21:56 88,340 --a------ D:\WINDOWS\system32\janvgngn.exe
    2006-11-27 21:56 132,116 --a------ D:\WINDOWS\system32\imeybwkh.dll
    2006-11-27 20:59 88,340 --a------ D:\WINDOWS\system32\xkbqnklr.exe
    2006-11-27 20:54 88,340 --a------ D:\WINDOWS\system32\gsmvmklo.exe
    2006-11-27 20:53 132,116 --a------ D:\WINDOWS\system32\vbwfeunx.dll
    2006-11-27 17:18 88,340 --a------ D:\WINDOWS\system32\edxdiqqu.exe
    2006-11-27 17:02 88,340 --a------ D:\WINDOWS\system32\jkbvsrvu.exe
    2006-11-27 16:57 88,340 --a------ D:\WINDOWS\system32\gxjefbqv.exe
    2006-11-27 16:57 132,116 --a------ D:\WINDOWS\system32\rqcinhso.dll
    2006-11-27 16:39 88,340 --a------ D:\WINDOWS\system32\qdtnqpwd.exe
    2006-11-27 16:33 88,340 --a------ D:\WINDOWS\system32\gridvebm.exe
    2006-11-27 16:33 132,116 --a------ D:\WINDOWS\system32\xmmxglbw.dll
    2006-11-27 16:24 88,340 --a------ D:\WINDOWS\system32\ciomwadp.exe
    2006-11-27 13:19 88,340 --a------ D:\WINDOWS\system32\wisvqrqc.exe
    2006-11-27 13:19 42,516 --a------ D:\WINDOWS\system32\akfymbrl.dll
    2006-11-26 19:27 <DIR> d--hs---- D:\Config.Msi
    2006-11-26 19:26 110,612 --a------ D:\WINDOWS\system32\nlcsxkca.exe
    2006-11-26 19:25 60,436 --a------ D:\WINDOWS\system32\hiljahet.dll
    2006-11-26 19:25 110,612 --a------ D:\WINDOWS\system32\akwyladp.exe
    2006-11-24 21:55 132,116 --a------ D:\WINDOWS\system32\omwvpsqn.dll
    2006-11-23 23:17 38,420 --a------ D:\WINDOWS\system32\mkpucgdi.dll
    2006-11-22 23:43 132,116 --a------ D:\WINDOWS\system32\hckbkian.dll
    2006-11-22 22:41 132,116 --a------ D:\WINDOWS\system32\hwravluw.dll
    2006-11-22 21:46 132,116 --a------ D:\WINDOWS\system32\djfcenge.dll
    2006-11-21 22:24 132,116 --a------ D:\WINDOWS\system32\mtafrexd.dll
    2006-11-12 21:34 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\çasks
    2006-11-07 18:05 <DIR> d-------- D:\Program Files\MySpace
    2006-11-01 23:03 <DIR> d-------- D:\Documents and Settings\Lightning\Application Data\Lavasoft


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-01 14:15 -------- d-------- D:\Program Files\Common Files
    2006-12-01 13:55 -------- d-------- D:\Program Files\Common Files\AOL
    2006-12-01 13:49 -------- d-------- D:\Program Files\Mozilla Firefox
    2006-12-01 12:48 -------- d-------- D:\Program Files\AIM95
    2006-12-01 12:15 -------- d-------- D:\Documents and Settings\Lightning\Application Data\.gaim
    2006-12-01 12:06 -------- d-------- D:\Documents and Settings\Lightning\Application Data\uTorrent
    2006-11-28 20:34 -------- d-------- D:\Documents and Settings\Lightning\Application Data\Aim
    2006-11-28 20:30 -------- d-------- D:\Program Files\AIM
    2006-11-27 23:48 -------- d--h----- D:\Program Files\InstallShield Installation Information
    2006-11-25 22:02 -------- d-------- D:\Documents and Settings\Lightning\Application Data\Vso
    2006-11-20 20:30 2 --a------ D:\WINDOWS\system32\wnscpsv.exe
    2006-11-18 22:39 -------- d-------- D:\Program Files\Lx_cats
    2006-11-15 03:01 -------- d-------- D:\Program Files\Internet Explorer
    2006-11-02 13:20 -------- d-------- D:\Program Files\AviSynth 2.5
    2006-10-31 23:00 -------- d-------- D:\Program Files\Spybot - Search & Destroy
    2006-10-31 22:36 -------- d-------- D:\Program Files\VSToolbar
    2006-10-29 12:35 -------- d-------- D:\Program Files\PeerGuardian2
    2006-10-19 22:37 0 ---hs---- D:\WINDOWS\system32\xxyyaxy.dll
    2006-10-19 22:04 -------- d-------- D:\Program Files\ISOpen
    2006-10-19 22:04 -------- d-------- D:\Program Files\Acoustica CD Label Maker
    2006-10-18 19:21 461 --a------ D:\Program Files\INSTALL.LOG
    2006-10-18 12:58 -------- d-------- D:\Program Files\Common Files\Softwin
    2006-10-18 09:14 -------- d-------- D:\Program Files\Common Files\Symantec Shared
    2006-10-18 08:15 -------- d-------- D:\Program Files\Common Files\Real
    2006-10-18 08:14 -------- d-------- D:\Program Files\Yahoo!
    2006-10-18 08:12 -------- d-------- D:\Program Files\Viewpoint
    2006-10-18 08:12 -------- d-------- D:\Program Files\Gabest
    2006-10-14 15:22 -------- d-------- D:\Documents and Settings\Lightning\Application Data\FunWebProducts
    2006-10-13 07:35 65536 --a------ D:\WINDOWS\system32\nwwks.dll
    2006-10-13 07:35 64000 --a------ D:\WINDOWS\system32\nwapi32.dll
    2006-10-13 07:35 142336 --a------ D:\WINDOWS\system32\nwprovau.dll
    2006-10-13 05:23 163584 --a------ D:\WINDOWS\system32\drivers\nwrdr.sys
    2006-10-12 15:19 -------- d-------- D:\Documents and Settings\Lightning\Application Data\Acoustica
    2006-10-10 12:40 143380 --a------ D:\WINDOWS\system32\foieolvi.exe
    2006-10-05 22:04 -------- d-------- D:\Program Files\McAfee.com
    2006-10-05 22:03 -------- d-------- D:\Program Files\McAfee
    2006-10-05 14:39 -------- d-------- D:\Documents and Settings\Lightning\Application Data\McAfee.com Personal Firewall
    2006-10-05 00:46 -------- d---s---- D:\Documents and Settings\Lightning\Application Data\Microsoft
    2006-10-04 21:24 -------- d-------- D:\Program Files\Electronic Arts
    2006-10-04 21:14 -------- d-------- D:\Program Files\EA SPORTS
    2006-10-04 19:37 93696 --a------ D:\WINDOWS\system32\ysetaed.dll
    2006-10-04 19:37 72704 --a------ D:\WINDOWS\system32\qttbfte.dll
    2006-10-02 20:19 81920 --a------ D:\Documents and Settings\Lightning\Application Data\ezpinst.exe
    2006-10-02 20:19 7176 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.cat
    2006-10-02 20:19 47360 --a------ D:\WINDOWS\system32\drivers\pcouffin.sys
    2006-10-02 20:19 47360 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.sys
    2006-10-02 20:19 34308 --a------ D:\WINDOWS\system32\BASSMOD.dll
    2006-10-02 20:19 34 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.log
    2006-10-02 20:19 1144 --a------ D:\Documents and Settings\Lightning\Application Data\pcouffin.inf
    2006-10-02 20:19 -------- d-------- D:\Program Files\vso
    2006-09-13 00:01 1084416 --a------ D:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Aim6"="\"D:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "DeadAIM"="\"rundll32.exe\" \"D:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
    "AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Lightning^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "path"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
    "backup"="D:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="D:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Lightning^Start Menu^Programs^Startup^neoDVDplus5.lnk]
    "path"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\neoDVDplus5.lnk"
    "backup"="D:\\WINDOWS\\pss\\neoDVDplus5.lnkStartup"
    "location"="Startup"
    "command"="D:\\PROGRA~1\\MEDIOS~1\\NEODVD~1\\neoTasks.exe "
    "item"="neoDVDplus5"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Lightning^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    "path"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
    "backup"="D:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
    "location"="Startup"
    "command"="D:\\Documents and Settings\\Lightning\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
    "item"="PowerReg Scheduler"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AnyDVD"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccApp"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RunDll32 cmicnfg"
    "hkey"="HKLM"
    "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="drvdeb"
    "hkey"="HKLM"
    "command"="rundll32.exe D:\\WINDOWS\\system32\\drvdeb.dll,startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dwewl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="d?dplay"
    "hkey"="HKCU"
    "command"="\"D:\\Documents and Settings\\Lightning\\My Documents\\??mbols\\d?dplay.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Core"
    "hkey"="HKCU"
    "command"="D:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe -silent"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\CA\\eTrust EZ Armor\\eTrust PestPatrol\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ezprint"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fm3032"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="InCD"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LVCOMS"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCGCATS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LXCGtime"
    "hkey"="HKLM"
    "command"="rundll32 D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lxcgmon"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MWSBAR"
    "hkey"="HKLM"
    "command"="rundll32 D:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\MWSBAR.DLL,S"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MySpaceIM"
    "hkey"="HKCU"
    "command"="D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mwsoemon"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pg2"
    "hkey"="HKCU"
    "command"="\"D:\\Program Files\\PeerGuardian2\\pg2.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RealPlay"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpySweeperUI"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UsrPrmpt"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uuwd]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="scanregw"
    "hkey"="HKCU"
    "command"="\"D:\\PROGRA~1\\YMBOLS~1\\scanregw.exe\" -vt yazb"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ViewMgr"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbjsjtv]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="j?vaw"
    "hkey"="HKCU"
    "command"="D:\\Program Files\\Common Files\\??sembly\\j?vaw.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ypager"
    "hkey"="HKCU"
    "command"="D:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ysetaed.dll]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ysetaed"
    "hkey"="HKLM"
    "command"="D:\\WINDOWS\\system32\\rundll32.exe D:\\WINDOWS\\system32\\ysetaed.dll,llnjymf"
    "inimapping"="0"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odcmig
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-01 14:16:41.00
    D:\ComboFix.txt ... 06-12-01 14:16
     
    lmac222, Dec 1, 2006
    #5
  6. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    btw would this be any reason why i cant connect on aim

    ive redld it several times
    dld trillian
    gaim

    all those chat things wont connect to anything, it does let me however connect thru my yahoo chatting messenger
     
    lmac222, Dec 1, 2006
    #6
  7. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Please Post a New HJT Log
     
    spuge9, Dec 1, 2006
    #7
  8. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 2:25:42 PM, on 12/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    D:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\akfymbrl.dll
    O2 - BHO: (no name) - {38714ACE-FDC4-4121-9034-34F400431FF1} - D:\WINDOWS\system32\hnxtctdk.dll
    O2 - BHO: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O2 - BHO: (no name) - {6270CEEB-6E6A-B968-B21F-0144D03A6EED} - D:\WINDOWS\system32\qttbfte.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {8EC9B360-7FD4-48C1-A80A-25AACF4C3AFC} - D:\WINDOWS\addins\odcmig.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\dooktjda.dll (file missing)
    O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4902/mcfscan.cab
    O20 - Winlogon Notify: odcmig - D:\WINDOWS\addins\odcmig.dll (file missing)
    O20 - Winlogon Notify: opnlkli - opnlkli.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

     
    lmac222, Dec 1, 2006
    #8
  9. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Okay, Let's continue :)


    Please download VundoFix.exe to your desktop.

    Double-click VundoFix.exe to run it.
    Click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.
    Please post the contents of C:\vundofix.txt




    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!



    Please post a New HJT-Logfile , vundofix.txt + Smitfraudfix textfile.
     
    Last edited: Dec 1, 2006
    spuge9, Dec 1, 2006
    #9
  10. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 3:18:13 PM, on 12/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\notepad.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\akfymbrl.dll
    O2 - BHO: (no name) - {38714ACE-FDC4-4121-9034-34F400431FF1} - D:\WINDOWS\system32\hnxtctdk.dll
    O2 - BHO: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O2 - BHO: (no name) - {6270CEEB-6E6A-B968-B21F-0144D03A6EED} - D:\WINDOWS\system32\qttbfte.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {8EC9B360-7FD4-48C1-A80A-25AACF4C3AFC} - D:\WINDOWS\addins\odcmig.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\dooktjda.dll (file missing)
    O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4902/mcfscan.cab
    O20 - Winlogon Notify: odcmig - D:\WINDOWS\addins\odcmig.dll (file missing)
    O20 - Winlogon Notify: opnlkli - opnlkli.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    SmitFraudFix v2.126

    Scan done at 15:17:19.23, Fri 12/01/2006
    Run from D:\Documents and Settings\Lightning\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    D:\WINDOWS\system32\ot.ico FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Lightning


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Lightning\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\LIGHTN~1\FAVORI~1

    D:\DOCUME~1\LIGHTN~1\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.3

    Java version is 1.5.0.6

    Scan started at 2:51:25 PM 12/1/2006

    Listing files found while scanning....

    D:\WINDOWS\system32\qttbfte.dll
    D:\WINDOWS\system32\foieolvi.exe
    D:\WINDOWS\addins\odcmig.dll
    D:\WINDOWS\addins\gimcdo.ini
    D:\WINDOWS\addins\gimcdo.bak1
    D:\WINDOWS\addins\gimcdo.bak2
    D:\WINDOWS\addins\gimcdo.ini2
    D:\WINDOWS\addins\gimcdo.tmp

    Beginning removal...

    Attempting to delete D:\WINDOWS\system32\qttbfte.dll
    D:\WINDOWS\system32\qttbfte.dll Has been deleted!

    Attempting to delete D:\WINDOWS\system32\foieolvi.exe
    D:\WINDOWS\system32\foieolvi.exe Has been deleted!

    Attempting to delete D:\WINDOWS\addins\gimcdo.ini
    D:\WINDOWS\addins\gimcdo.ini Has been deleted!

    Attempting to delete D:\WINDOWS\addins\gimcdo.bak1
    D:\WINDOWS\addins\gimcdo.bak1 Has been deleted!

    Attempting to delete D:\WINDOWS\addins\gimcdo.bak2
    D:\WINDOWS\addins\gimcdo.bak2 Has been deleted!

    Attempting to delete D:\WINDOWS\addins\gimcdo.ini2
    D:\WINDOWS\addins\gimcdo.ini2 Has been deleted!

    Attempting to delete D:\WINDOWS\addins\gimcdo.tmp
    D:\WINDOWS\addins\gimcdo.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!


    im going to work now, so ill be on later 2night 2 see my next step

    and again i totally appreciate all your help
     
    lmac222, Dec 1, 2006
    #10
  11. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    ok im back, whats the word
     
    lmac222, Dec 1, 2006
    #11
  12. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    HI Imac! I'm really sorry for the long wait, Thank you for your patience.

    Let's get your system cleaned up! ;)


    Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':



    R3 - URLSearchHook: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\akfymbrl.dll
    O2 - BHO: (no name) - {38714ACE-FDC4-4121-9034-34F400431FF1} - D:\WINDOWS\system32\hnxtctdk.dll
    O2 - BHO: (no name) - {47932A47-CE81-BF2D-D7F8-B26935A9DBB2} - (no file)
    O2 - BHO: (no name) - {6270CEEB-6E6A-B968-B21F-0144D03A6EED} - D:\WINDOWS\system32\qttbfte.dll (file missing)
    O2 - BHO: (no name) - {8EC9B360-7FD4-48C1-A80A-25AACF4C3AFC} - D:\WINDOWS\addins\odcmig.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - D:\WINDOWS\system32\dooktjda.dll (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O20 - Winlogon Notify: odcmig - D:\WINDOWS\addins\odcmig.dll (file missing)
    O20 - Winlogon Notify: opnlkli - opnlkli.dll (file missing)




    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.

    Save it to your desktop.
    Please double-click Killbox.exe to run it.
    Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    D:\WINDOWS\system32\qofkicey.exe
    D:\WINDOWS\system32\hnxtctdk.dll
    D:\WINDOWS\system32\hxtjmvbx.dll
    D:\WINDOWS\system32\dwhemvoi.exe
    D:\WINDOWS\system32\gggviyne.exe
    D:\WINDOWS\system32\janvgngn.exe
    D:\WINDOWS\system32\imeybwkh.dll
    D:\WINDOWS\system32\xkbqnklr.exe
    D:\WINDOWS\system32\gsmvmklo.exe
    D:\WINDOWS\system32\vbwfeunx.dll
    D:\WINDOWS\system32\edxdiqqu.exe
    D:\WINDOWS\system32\jkbvsrvu.exe
    D:\WINDOWS\system32\gxjefbqv.exe
    D:\WINDOWS\system32\rqcinhso.dll
    D:\WINDOWS\system32\qdtnqpwd.exe
    D:\WINDOWS\system32\gridvebm.exe
    D:\WINDOWS\system32\xmmxglbw.dll
    D:\WINDOWS\system32\ciomwadp.exe
    D:\WINDOWS\system32\wisvqrqc.exe
    D:\WINDOWS\system32\akfymbrl.dll
    D:\WINDOWS\system32\nlcsxkca.exe
    D:\WINDOWS\system32\hiljahet.dll
    D:\WINDOWS\system32\akwyladp.exe
    D:\WINDOWS\system32\omwvpsqn.dll
    D:\WINDOWS\system32\mkpucgdi.dll
    D:\WINDOWS\system32\hckbkian.dll
    D:\WINDOWS\system32\hwravluw.dll
    D:\WINDOWS\system32\djfcenge.dll
    D:\WINDOWS\system32\mtafrexd.dll
    D:\WINDOWS\system32\wnscpsv.exe
    D:\WINDOWS\system32\xxyyaxy.dll
    D:\WINDOWS\system32\foieolvi.exe
    D:\WINDOWS\system32\ysetaed.dll
    D:\WINDOWS\system32\qttbfte.dll

    Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    Select Delete on Reboot
    then Click on the Single File button.
    Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).



    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox,

    Click here.     to download and run missingfilesetup.exe. Then try Killbox again.




    Backup your registry

    Start
    Run
    Type the following to the box and hit Ok: regedit
    A window opens, click on File
    Choose Export form the menu
    Change the save location to C:\
    Give the filename, RegBackUp
    Make sure that the filetype is set to Registryfiles (*.reg)
    Click on Save and Close the window.

    Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :

    Make sure there are NO blank lines before REGEDIT4
    Make sure there IS one blank line at the end of the file.

    Save the document to your desktop as Fix.reg and filetype: All Files
    Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

    Please Post a Fresh HJT-Log
     
    spuge9, Dec 6, 2006
    #12
  13. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 2:30:41 PM, on 12/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\PROGRA~1\AIM95\aim.exe
    D:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4902/mcfscan.cab
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



    and btw ive using 2 hard drives, with my system files being on D..so anywhere u made mention to C: or whatever i did D: im assuming this is correct?
     
    lmac222, Dec 6, 2006
    #13
  14. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Open HijackThis, scan and when complete, remove the following entrie by checking the box to the left and clicking 'fix checked':



    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)





    Click on the below link to begin the Kaspersky Online scanner program.


    Kaspersky On-line Scanner

    When you are prompted to install an ActiveX component from Kaspersky, Click Yes.

    The program will launch and then begin downloading the latest definition files
    When the files finish downloading click on NEXT
    Now click on Scan Settings
    In Scan Settings make sure that the following are selected:
    Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)

    Scan Options:

    Scan Archives
    Scan Mail Bases

    Click OK

    Now under select a target to scan:
    Select My Computer
    This program will start and scan your system.
    Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
    When the scan has completed, it will display whether your system has been infected or not
    Click on the Save as Text button:
    Save the file to your desktop or another folder where you can locate it later.
    Attach this file to your next message.
     
    spuge9, Dec 12, 2006
    #14
  15. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Please Let me know in your next reply how things are now.
     
    Last edited: Dec 12, 2006
    spuge9, Dec 12, 2006
    #15
  16. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, December 12, 2006 11:17:32 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 12/12/2006
    Kaspersky Anti-Virus database records: 236282


    Scan Settings
    Scan using the following antivirus database
    standard
    Scan Archives
    true
    Scan Mail Bases
    true

    Scan Target
    My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics
    Total number of scanned objects
    105797
    Number of viruses found
    2
    Number of infected objects
    4 / 0
    Number of suspicious objects
    0
    Duration of the scan process
    03:00:12


    Infected Object Name
    Virus Name
    Last Action
    C:\eaef4e277531e170b398fb\i386\update\update.exe
    Object is locked
    skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase
    Object is locked
    skipped

    C:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0078677.exe
    Object is locked
    skipped

    C:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP265\change.log
    Object is locked
    skipped

    D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log
    Object is locked
    skipped

    D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\cert8.db
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\history.dat
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\key3.db
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\parent.lock
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Cookies\index.dat
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_001_
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_002_
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_003_
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro0sw12h.default\Cache\_CACHE_MAP_
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\History\History.IE5\index.dat
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\NTUSER.DAT
    Object is locked
    skipped

    D:\Documents and Settings\Lightning\NTUSER.DAT.LOG
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\Cookies\index.dat
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\NTUSER.DAT
    Object is locked
    skipped

    D:\Documents and Settings\LocalService\ntuser.dat.LOG
    Object is locked
    skipped

    D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    Object is locked
    skipped

    D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    Object is locked
    skipped

    D:\Documents and Settings\NetworkService\NTUSER.DAT
    Object is locked
    skipped

    D:\Documents and Settings\NetworkService\ntuser.dat.LOG
    Object is locked
    skipped

    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-12-12.11-44-38.log
    Object is locked
    skipped

    D:\QooBox\Purity\Program Files\YMBOLS~1\scanregw.exe
    Object is locked
    skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP205\A0078659.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP205\A0078660.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079659.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079660.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079705.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079706.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079726.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079727.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079746.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0079747.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0080743.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0080744.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081755.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081756.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081826.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP207\A0081827.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0081867.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0081868.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082132.exe
    Infected: Trojan-Downloader.Win32.Zlob.avy
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082133.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082167.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP208\A0082231.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP209\A0083231.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP211\A0083316.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP212\A0083359.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP212\A0084317.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP213\A0085317.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP213\A0085326.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP215\A0086330.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP215\A0087328.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP216\A0087368.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP216\A0087385.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP216\A0088367.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP217\A0090367.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP217\A0091367.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP217\A0092367.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP218\A0092408.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP219\A0093088.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP219\A0093410.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP219\A0094367.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP220\A0096366.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP221\A0098381.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP222\A0099381.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP222\A0100381.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0101387.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0101392.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0102381.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP225\A0103381.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP226\A0103446.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP227\A0104448.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP228\A0104558.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP228\A0104582.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP228\A0104603.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP229\A0104617.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP229\A0104628.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP229\A0104629.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104727.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104737.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104747.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104754.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0104764.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP230\A0105791.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP236\A0109356.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP238\A0110387.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116419.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116441.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116450.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116454.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116472.exe
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116482.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116488.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116507.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP248\A0116515.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP252\A0118858.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP252\A0118859.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP254\A0119322.dll
    Infected: Trojan-Downloader.Win32.Busky.gen
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP255\A0120387.dll
    Object is locked
    skipped

    D:\System Volume Information\_restore{1DA044B0-EB5C-472B-BE23-AD0E582E2BED}\RP265\change.log
    Object is locked
    skipped

    D:\VundoFix Backups\qttbfte.dll.bad
    Infected: Trojan-Downloader.Win32.Busky.gen
    skipped

    D:\WINDOWS\CSC\00000001
    Object is locked
    skipped

    D:\WINDOWS\Debug\PASSWD.LOG
    Object is locked
    skipped

    D:\WINDOWS\SchedLgU.Txt
    Object is locked
    skipped

    D:\WINDOWS\SoftwareDistribution\ReportingEvents.log
    Object is locked
    skipped

    D:\WINDOWS\Sti_Trace.log
    Object is locked
    skipped

    D:\WINDOWS\system32\CatRoot2\edb.log
    Object is locked
    skipped

    D:\WINDOWS\system32\CatRoot2\tmp.edb
    Object is locked
    skipped

    D:\WINDOWS\system32\config\AppEvent.Evt
    Object is locked
    skipped

    D:\WINDOWS\system32\config\default
    Object is locked
    skipped

    D:\WINDOWS\system32\config\default.LOG
    Object is locked
    skipped

    D:\WINDOWS\system32\config\SAM
    Object is locked
    skipped

    D:\WINDOWS\system32\config\SAM.LOG
    Object is locked
    skipped

    D:\WINDOWS\system32\config\SecEvent.Evt
    Object is locked
    skipped

    D:\WINDOWS\system32\config\SECURITY
    Object is locked
    skipped

    D:\WINDOWS\system32\config\SECURITY.LOG
    Object is locked
    skipped

    D:\WINDOWS\system32\config\software
    Object is locked
    skipped

    D:\WINDOWS\system32\config\software.LOG
    Object is locked
    skipped

    D:\WINDOWS\system32\config\SysEvent.Evt
    Object is locked
    skipped

    D:\WINDOWS\system32\config\system
    Object is locked
    skipped

    D:\WINDOWS\system32\config\system.LOG
    Object is locked
    skipped

    D:\WINDOWS\system32\h323log.txt
    Object is locked
    skipped

    D:\WINDOWS\system32\hiljahet.dll
    Object is locked
    skipped

    D:\WINDOWS\system32\hxtjmvbx.dll
    Object is locked
    skipped

    D:\WINDOWS\system32\mkpucgdi.dll
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
    Object is locked
    skipped

    D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
    Object is locked
    skipped

    D:\WINDOWS\system32\ysetaed.dll
    Infected: Trojan-Downloader.Win32.Busky.gen
    skipped

    D:\WINDOWS\wiadebug.log
    Object is locked
    skipped

    D:\WINDOWS\wiaservc.log
    Object is locked
    skipped

    D:\WINDOWS\WindowsUpdate.log
    Object is locked
    skipped

    Scan process completed.
     
    lmac222, Dec 12, 2006
    #16
  17. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Search the following file, and delete (if found)


    D:\WINDOWS\system32\ysetaed.dll


    And empty this folder: C:\VundoFix Backups




    Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
    Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.

    Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

    Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.

    Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.

    Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.

    Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.

    Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.

    Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.

    Keep your systen up-to-date
    Visit Windows Update regularly.

    Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.

    Safe surfing ;)
     
    spuge9, Dec 13, 2006
    #17
  18. bkf

    bkf Guest

    Speuge9: That is a great list. Thanks for taking the time to post it.
     
    bkf, Dec 14, 2006
    #18
  19. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    Thank you Bkf :)

    @Imac222 How is your computer working for you now? Any problems?
     
    spuge9, Dec 16, 2006
    #19
  20. lmac222

    lmac222 Regular member

    Joined:
    Dec 20, 2004
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    26
    running good now my man
    thanks for all the help

    quick question not really pertaining this
    I run a program to play a video game online, not sure if you have ever heard of it.......its called nesticle. Anyways i connect/host to servers to play. When i disable my router it all works fine, but when enabled It sometimes encounters an error as soon as i hit start/connect server....sometimes it will let me play about 5 minutes but everytime it says the same thing

    like theres an issue with the port number or something

    heres a post that might show ya more in detail what the error looks like http://www.knobbe.org/phpBB2/viewtopic.php?t=8486&highlight=

    ive reset my router and everything, no dice
     
    lmac222, Dec 16, 2006
    #20

Share This Page