Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Kill box Log

Started by Country , Aug 17 2006 08:24 PM

Please log in to reply

#1
Country

Posted 17 August 2006 - 08:24 PM

Member

Member
13 posts

Ok so a few weeks ago I started getting popups like crazy even with my Nortan AV always running.
Then pretty soon everything else started going wacko. Computer started turning off, browser opening by
itself, even when I'm doing other things, pop up adds from desk top, you name it. Now, a while back when all
of this started I had downloaded spysherrif or whatever it's called. I uninstalled it but I think that may be some of problem. So since then I have scanned with numerous trojan programs, many of which don't find anything,
tried to do Trend Micro's Pc online scan, and it doesnt' get past the starting scan phase, even after I cleared out
temp files and what not it still wont' scan. So I unistalled NAV and installed PCCILLAN, webroot spy, trojan hunter. Ran them all in safe mode, mind you I had been running spybot SD,AdaWare, and NAV and still managed to become infected. I can't even do a system restore.
So after doing what you suggested before doing the hijack log, trojan hunter found some trojans and some
other things as did webroot spy. They were all supposidly removed, but TrendMicro keeps popping up with
AD alerts and if I do a file search for the directy and/or file that PC CIllan says is AD whatever, it isn't found.
So... most of today I have been having no trouble at all. Oh did i mention that I quit using IE and started using
Firefox, (just yesterday, so it was AFTER the attacks). Anyways, all of a sudden I start getting IE popups, then
my computer shuts itself down and then it looses connection to the internet. Webroot and trojan found the SAME viruses yet again, even after they said they had been quarantined and removed. OMG HELP.
I do a ton of Graphic design and what not I can't afford to have my comp crashing and full of viruses.

here is a log before your remedies and then one after.
Logfile of HijackThis v1.99.1
Scan saved at 7:07:43 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sys101948818672.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\jdffsuaA.exe
C:\WINDOWS\system32\XPAgent.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Common Files\{74289CF0-0D48-1033-1116-040824040001}\Update.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\iolo\System Mechanic 6\SMTrayNotify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {D6C4CDDF-D982-8BBB-6FCB-25ED1FB4ED31} - C:\WINDOWS\cwbbkadk.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\eMachines Bay Reader\shwiconem.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] "C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe"
O4 - HKLM\..\Run: [CrazyTalk Serve] "rundll32.exe" C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [loaddr] C:\qbsxo.exe
O4 - HKLM\..\Run: [sys101948818672] C:\WINDOWS\sys101948818672.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [jdffsuaA] C:\WINDOWS\jdffsuaA.exe
O4 - HKLM\..\RunOnce: [IEU01] "regsvr32.exe" /u /s C:\WINDOWS\system32\msrating.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (RhapsodyPlayerEngineCtrl Class) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O20 - Winlogon Notify: ssttt - ssttt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: comcat.exe - Unknown owner - C:\WINDOWS\system32\comcat.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

AFTER SUPPOSID REMEDIES BELOW
Logfile of HijackThis v1.99.1
Scan saved at 7:43:08 PM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FilmLoop Player\FilmLoop.exe
C:\WINDOWS\sys101948818672.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\jdffsuaA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\XPAgent.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {D6C4CDDF-D982-8BBB-6FCB-25ED1FB4ED31} - C:\WINDOWS\cwbbkadk.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\eMachines Bay Reader\shwiconem.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] "C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe"
O4 - HKLM\..\Run: [CrazyTalk Serve] "rundll32.exe" C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [sys101948818672] C:\WINDOWS\sys101948818672.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [jdffsuaA] C:\WINDOWS\jdffsuaA.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (RhapsodyPlayerEngineCtrl Class) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O20 - Winlogon Notify: ssttt - ssttt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: comcat.exe - Unknown owner - C:\WINDOWS\system32\comcat.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

#2
Buckeye_Sam

Posted 17 August 2006 - 08:30 PM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#3
Country

Posted 17 August 2006 - 08:57 PM

Member

Topic Starter
Member
13 posts

Here is the COMBOFIX log But as soon as I downloaded that I got a pop up message from trojan hunter saying
this that I had prorat.256

Here is the combofix log:
Start Time= Thu 08/17/2006 20:48:00.85
Running from: C:\Documents and Settings\Owner

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-17 12:13:54 ( .D... ) "C:\Documents and Settings\Owner\Application Data\MayaWebBrowser"
2006-08-17 08:22:58 ( .D... ) "C:\Program Files\Ken Ward's Zipper"
2006-08-17 07:09:36 ( .D... ) "C:\Program Files\QuickTime"
2006-08-17 06:58:40 ( .D... ) "C:\Program Files\Common Files\Alias Shared"
2006-08-17 06:54:18 ( .D... ) "C:\Program Files\Alias"
2006-08-17 05:59:12 ( .D... ) "C:\Documents and Settings\Owner\Application Data\CyberMotion 3D-Designer"
2006-08-17 05:58:50 ( .D... ) "C:\Program Files\CyberMotion 3D-Designer v11.0"
2006-08-17 05:58:10 ( .D... ) "C:\Program Files\Landscape Studio"
2006-08-16 20:26:28 ( .D... ) "C:\Documents and Settings\Owner\Application Data\TrojanHunter"
2006-08-16 19:25:30 59392 ( ....R ) "C:\WINDOWS\system32\streamhlp.dll"
2006-08-16 19:25:28 ( .D... ) "C:\Program Files\TrojanHunter 4.5"
2006-08-16 18:06:56 ( .D... ) "C:\Program Files\ToolBar888"
2006-08-16 17:32:38 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Mozilla"
2006-08-16 17:32:36 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-08-16 17:32:20 5118736 ( A.... ) "C:\Program Files\Firefox Setup 1.5.0.6.exe"
2006-08-16 17:17:44 ( .D... ) "C:\Program Files\Windows Defender"
2006-08-16 17:17:18 5763072 ( A.... ) "C:\Program Files\WindowsDefender.msi"
2006-08-16 17:11:04 52461 ( A.... ) "C:\Program Files\delcwssk.zip"
2006-08-16 17:04:50 28608 ( A.... ) "C:\Program Files\ibprocman.zip"
2006-08-16 14:07:44 106496 ( A.... ) "C:\WINDOWS\Duce6.exe"
2006-08-16 13:31:20 10698768 ( A.... ) "C:\Program Files\sspsetup1_1.exe"
2006-08-16 12:33:02 0 ( A.... ) "C:\vabd.exe"
2006-08-16 12:32:50 0 ( A.... ) "C:\ujuwclxi.exe"
2006-08-16 12:32:32 16384 ( A.... ) "C:\WINDOWS\system32\loadadv559.exe"
2006-08-16 12:24:14 5250 ( A.... ) "C:\Program Files\Common Files\mehov"
2006-08-16 12:18:42 ( .D... ) "C:\Program Files\Webroot"
2006-08-16 12:18:42 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Webroot"
2006-08-16 12:17:44 10728112 ( A.... ) "C:\Program Files\ssftrialsnrsetup4930_1882648213.exe"
2006-08-16 11:03:36 5250 ( A.... ) "C:\WINDOWS\cwbbkadk.dll"
2006-08-16 11:00:44 1167 ( A.... ) "C:\WINDOWS\system32\vzt175e4.sys"
2006-08-16 11:00:44 1167 ( A.... ) "C:\WINDOWS\system32\vzt175e4.sys"
2006-08-16 09:44:34 8464 ( A.... ) "C:\WINDOWS\system32\SpOrder.dll"
2006-08-16 09:43:34 ( .D... ) "C:\Program Files\InetGet2"
2006-08-16 09:41:22 ( .D... ) "C:\Program Files\Common Files\{74289CF0-0D48-1033-1116-040824040001}"
2006-08-16 09:41:18 155648 ( A.... ) "C:\WINDOWS\win320767219488182006.exe"
2006-08-16 09:41:16 155648 ( A.... ) "C:\WINDOWS\sys101948818672.exe"
2006-08-16 09:37:18 115160 ( A.... ) "C:\WINDOWS\Eim03.exe"
2006-08-16 09:37:16 115157 ( A.... ) "C:\WINDOWS\Justin.exe"
2006-08-16 09:37:16 73728 ( A.... ) "C:\vbjo.exe"
2006-08-16 09:37:08 69632 ( A.... ) "C:\drsmartload.exe"
2006-08-16 09:37:06 ( .D... ) "C:\Program Files\PSLister"
2006-08-16 09:37:04 186223 ( A.... ) "C:\WINDOWS\srvansvrqo.exe"
2006-08-16 09:36:58 353280 ( A.... ) "C:\803_104.exe"
2006-08-16 09:36:36 214749 ( A.... ) "C:\WINDOWS\srvmjhqlbh.exe"
2006-08-16 09:36:34 507904 ( A.... ) "C:\814.exe"
2006-08-16 09:26:40 ( .D... ) "C:\Program Files\Trend Micro"
2006-08-16 09:26:36 47748928 ( A.... ) "C:\Program Files\pcc_14_1_win_en_us_1041.exe"
2006-08-15 10:45:56 ( .D... ) "C:\Program Files\iolo"
2006-08-15 10:45:04 12657592 ( A.... ) "C:\Program Files\SystemMechanic6.exe"
2006-08-15 10:40:04 512 ( A.... ) "C:\Program Files\aswclnr.log"
2006-08-15 10:35:00 649876 ( A.... ) "C:\Program Files\fixregistry.exe"
2006-08-15 10:26:16 403072 ( A.... ) "C:\Program Files\aswclnr.exe"
2006-08-15 10:23:14 610672 ( A.... ) "C:\Program Files\BugdoctorSetup.exe"
2006-08-15 09:13:30 148535 ( A.... ) "C:\WINDOWS\system32\XPAgent.exe"
2006-08-14 09:32:32 ( .D... ) "C:\Program Files\Zone Labs"
2006-08-14 09:32:06 27873704 ( A.... ) "C:\Program Files\zaSuiteSetup_65_722_000_en.exe"
2006-08-14 07:58:38 23098 ( A.... ) "C:\MTE3NDI6ODoxNg.exe"
2006-08-14 07:58:18 23098 ( A.... ) "C:\MTE3NDI6ODoxNgnew.exe"
2006-08-14 07:58:08 94208 ( A.... ) "C:\kybrdfh_10.exe"
2006-08-14 07:58:00 55218 ( A.... ) "C:\fym9bvo.exe"
2006-08-13 09:44:04 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-08-13 09:43:56 2566736 ( A.... ) "C:\Program Files\spywareblastersetup351.exe"
2006-08-12 08:16:12 1574 ( A.... ) "C:\PPCleanDeleteAtReboot.bat"
2006-08-11 11:23:34 ( .D... ) "C:\Documents and Settings\Owner\Application Data\WholeSecurity"
2006-08-10 08:30:04 ( .D... ) "C:\Program Files\Spyware Doctor"
2006-08-06 13:36:42 ( .D.HR ) "C:\Documents and Settings\Owner\Application Data\yahoo!"
2006-08-04 21:19:58 ( .D... ) "C:\Program Files\Common"
2006-08-04 14:56:12 ( .D... ) "C:\Documents and Settings\Owner\Application Data\FilmLoop"
2006-08-04 14:56:10 663552 ( A.... ) "C:\WINDOWS\system32\FlSaver.scr"
2006-08-04 14:56:10 ( .D... ) "C:\Program Files\FilmLoop Player"
2006-08-03 20:02:12 253440 ( A.... ) "C:\WINDOWS\WRUninstall.dll"
2006-08-03 20:01:56 8704 ( A.... ) "C:\WINDOWS\system32\ssiefr.EXE"
2006-08-03 20:01:54 20992 ( A.... ) "C:\WINDOWS\system32\wrlzma.dll"
2006-08-03 19:34:50 208896 ( A.... ) "C:\WINDOWS\system32\WRLogonNtf.dll"
2006-08-02 12:15:44 169504 ( A.... ) "C:\WINDOWS\system32Fastmp3_Setup1.exe"
2006-08-02 08:49:52 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Leadertech"
2006-07-31 13:34:38 60549 ( A.... ) "C:\Program Files\symphonie.zip"
2006-07-28 19:05:42 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Google"
2006-07-27 14:01:56 2996 ( A.... ) "C:\Documents and Settings\Owner\Application Data\wklnhst.dat"
2006-07-18 14:39:02 ( .D... ) "C:\Program Files\THQ"
2006-07-18 14:27:32 518769470 ( A.... ) "C:\Program Files\titanquest_fp.zip"
2006-07-18 12:54:46 497327 ( A.... ) "C:\Program Files\irthlaunch_1.zip"
2006-07-18 09:39:52 212992 ( A.... ) "C:\Program Files\CivilizationIIIGoldSetup-dm.exe.tcf"
2006-07-17 17:34:00 2066509242 ( A.... ) "C:\Program Files\DAoC_14-Day_Trial_Setup.exe"
2006-07-16 15:47:04 8276752 ( A.... ) "C:\Program Files\aom10to110.exe"
2006-07-16 15:39:30 353578952 ( A.... ) "C:\Program Files\AOMTrial.exe"
2006-07-16 15:30:24 38028824 ( A.... ) "C:\Program Files\Age2XTrial.exe"
2006-07-16 01:17:32 ( .D... ) "C:\Program Files\Total War"
2006-07-16 01:17:04 ( .D... ) "C:\Program Files\mtw_demo"
2006-07-16 01:08:36 246800384 ( A.... ) "C:\Program Files\mtw_demo.exe"
2006-07-15 16:52:38 447485608 ( A.... ) "C:\Program Files\aoe3trial.exe"
2006-07-15 12:54:16 202332904 ( A.... ) "C:\Program Files\dsdemo_102.exe"
2006-07-15 12:34:44 30851360 ( A.... ) "C:\Program Files\DungeonSiegeUpdate1.0-1.11.1462_English.exe"
2006-07-15 12:31:36 49083656 ( A.... ) "C:\Program Files\AoE2demo.exe"
2006-07-15 10:48:34 ( .D... ) "C:\Program Files\Microsoft Games"
2006-07-15 10:48:26 24785176 ( A.... ) "C:\Program Files\MSAoE.exe"
2006-07-14 09:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 19:05:50 ( .D... ) "C:\Program Files\DeicideOnline"
2006-07-13 19:05:36 575992016 ( A.... ) "C:\Program Files\DeicideSetup_060615.exe"
2006-07-08 13:12:56 ( .D... ) "C:\Program Files\Resource Kit"
2006-07-08 13:12:32 586032 ( A.... ) "C:\Program Files\setspn_setup.exe"
2006-07-08 12:48:36 519023 ( A.... ) "C:\Program Files\EscapeToNorrath.zip"
2006-07-01 20:19:16 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Apple Computer"
2006-07-01 20:14:18 ( .D... ) "C:\Program Files\iTunes"
2006-07-01 20:14:18 ( .D... ) "C:\Program Files\iPod"
2006-07-01 20:13:14 37518744 ( A.... ) "C:\Program Files\iTunesSetup.exe"
2006-06-19 12:38:58 53248 ( A.... ) "C:\WINDOWS\uni_ehhhh.exe"
2006-06-19 12:38:08 49152 ( A.... ) "C:\WINDOWS\uninst104.exe"
2006-06-18 17:54:24 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-06-18 17:54:18 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-17 05:16:22 ( .D... ) "C:\Program Files\Lineage II"
2006-06-16 19:48:40 1180623810 ( A.... ) "C:\Program Files\USLin_204_01.exe"
2006-06-06 14:44:20 1557 ( A.... ) "C:\Documents and Settings\Owner\Application Data\AdobeDLM.log"
2006-06-06 14:44:20 0 ( A.... ) "C:\Documents and Settings\Owner\Application Data\dm.ini"
2006-05-23 17:25:52 402736 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19 06:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 06:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 06:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2005-08-30 14:54:42 1169 ( A.... ) "C:\Program Files\index.html"
2005-08-09 12:37:08 34304 ( A.... ) "C:\Program Files\IBProcMan.exe"
2002-01-14 19:30:34 21823560 ( A.... ) "C:\Program Files\dotnetfx.exe"

Rootkit driver pe386 is present. A rootkit scan is required

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-08-16 12:33 0 C:\vabd.exe
2006-08-16 12:32 0 C:\ujuwclxi.exe
2006-08-16 12:18 8,704 C:\WINDOWS\system32\ssiefr.EXE
2006-08-16 12:18 253,440 C:\WINDOWS\WRUninstall.dll
2006-08-16 12:18 208,896 C:\WINDOWS\system32\WRLogonNtf.dll
2006-08-16 12:18 20,992 C:\WINDOWS\system32\wrlzma.dll
2006-08-16 11:03 5,250 C:\WINDOWS\cwbbkadk.dll
2006-08-16 09:42 106,496 C:\WINDOWS\Duce6.exe
2006-08-16 09:41 155,648 C:\WINDOWS\win320767219488182006.exe
2006-08-16 09:41 155,648 C:\WINDOWS\sys101948818672.exe
2006-08-16 09:37 69,632 C:\drsmartload.exe
2006-08-16 09:37 186,223 C:\WINDOWS\srvansvrqo.exe
2006-08-16 09:37 115,160 C:\WINDOWS\Eim03.exe
2006-08-16 09:37 115,157 C:\WINDOWS\Justin.exe
2006-08-16 09:37 1,167 C:\WINDOWS\system32\vzt175e4.sys
2006-08-16 09:36 507,904 C:\814.exe
2006-08-16 09:36 374,816 C:\WINDOWS\jdffsuaA.exe
2006-08-16 09:36 353,280 C:\803_104.exe
2006-08-16 09:36 214,749 C:\WINDOWS\srvmjhqlbh.exe
2006-08-15 10:46 41,472 C:\WINDOWS\system32\iolobtdfg.exe
2006-08-15 10:46 25,264 C:\WINDOWS\system32\smrgdf.exe
2006-08-15 10:45 1,212,928 C:\WINDOWS\system32\Incinerator.dll
2006-08-14 09:32 83,960 C:\WINDOWS\system32\vsdata.dll
2006-08-14 09:32 8,464 C:\WINDOWS\system32\SpOrder.dll
2006-08-14 09:32 100,344 C:\WINDOWS\system32\vsxml.dll
2006-08-14 08:31 <DIR> C:\WINDOWS\McAfee.com
2006-08-14 07:58 94,208 C:\kybrdfh_10.exe
2006-08-14 07:58 73,728 C:\vbjo.exe
2006-08-14 07:58 23,098 C:\MTE3NDI6ODoxNgnew.exe
2006-08-14 07:58 23,098 C:\MTE3NDI6ODoxNg.exe
2006-08-14 07:57 55,218 C:\fym9bvo.exe
2006-08-07 20:43 16,384 C:\WINDOWS\system32\loadadv559.exe
2006-08-04 21:25 1,574 C:\PPCleanDeleteAtReboot.bat
2006-08-04 21:19 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-08-04 14:56 663,552 C:\WINDOWS\system32\FlSaver.scr
2006-08-02 12:15 169,504 C:\WINDOWS\system32Fastmp3_Setup1.exe
2006-08-02 12:15 148,535 C:\WINDOWS\system32\XPAgent.exe
2006-07-28 19:05 49,250 C:\WINDOWS\system32\javaw.exe
2006-07-28 19:05 49,248 C:\WINDOWS\system32\java.exe
2006-07-28 19:05 127,078 C:\WINDOWS\system32\javaws.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTHelper"="CTHELPER.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"SunKistEM"="\"C:\\Program Files\\eMachines Bay Reader\\shwiconem.exe\""
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"AdobeVersionCue"="\"C:\\Program Files\\Adobe\\Adobe Version Cue\\ControlPanel\\VersionCueTray.exe\""
"CrazyTalk Serve"="\"rundll32.exe\" C:\\WINDOWS\\system32\\CrazyTalk.dll,DllServeMediaFile"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"StopSignSsTsMon"="\"Rundll32.exe\" \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus"
"webscan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"FilmLoop"="\"C:\\Program Files\\FilmLoop Player\\FilmLoop.exe\" -hide"
"sys101948818672"="C:\\WINDOWS\\sys101948818672.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"TheMonitor"="C:\\WINDOWS\\Duce6.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"jdffsuaA"="C:\\WINDOWS\\jdffsuaA.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"XPAgent"="C:\\WINDOWS\\system32\\XPAgent.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\setup]
" IEradicator 2001"=""
" © 1999-2003 LitePC Technologies"=""
" [url="http://www.LitePC.com"="""]http://www.LitePC.com"=""[/url]
" ___________________________"=""
" "=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{74289CF0-0D48-1033-1116-040824040001}"="\"C:\\Program Files\\Common Files\\{74289CF0-0D48-1033-1116-040824040001}\\Update.exe\" mc-110-12-0000509"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,dc,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"="MIDIDEF.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"="MIDIDEF.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Thu 08/17/2006 20:48:33.54
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

:whistling:

#4
Country

Posted 17 August 2006 - 09:12 PM

Member

Topic Starter
Member
13 posts

HELP now my Trend macr PC window popped up and says i have unkown computers connected to my network!!! FOUR OF THEM, now i have other computers in my home but they are all turned OFFF. what is going on.

OMG PLSE HELP!!!!!

#5
Country

Posted 17 August 2006 - 09:14 PM

Member

Topic Starter
Member
13 posts

OMG please help my trend pc cillan just popped up and says i have other computers connected to my network!!! FOUR OF THEM!!!! I have other computers in my home connected via router, but they are not on and it is not FOUR OF THEM!!!! HELP what do i do

#6
Country

Posted 17 August 2006 - 09:16 PM

Member

Topic Starter
Member
13 posts

Trend Macro PC cillan just popped up and said I have four other computers connected to my network!!
I have three total computers in my home connected to a netgear router, NOT FOUR, and the other two aren't eve turned on!! OMG HELP

#7
Country

Posted 17 August 2006 - 09:26 PM

Member

Topic Starter
Member
13 posts

#8
Country

Posted 17 August 2006 - 11:13 PM

Member

Topic Starter
Member
13 posts

Trojan Hunter flagged Combofix as a virus. I downloaded it and ran it per instructions from here and as soon as i did i got a virus, So the trojan hunter took care of it but when it did a full scan it then found a worm in that program?? Not sure if this is false positive or if the hijackers got this program too.
Combo Fix File you requested to see is in my post below entitled Worse problems lol. Thanks :whistling:

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\Documents and Settings\Administrator.BUSINESS\Desktop\combofix.exe/1or.exe (Worm.Qiv.100)
Error: Error while pre-processing C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\dndsetup_us_trial.exe: Failed to create FileMappingView
Win32: Not enough storage is available to process this command (8)
Error: Error while calling IsValidPeFile: Failed to create FileMappingView
Win32: Not enough storage is available to process this command (8)
Found possible trojan file: C:\Documents and Settings\Owner\My Documents\Unzipped\Fastmp3_Setup.exe (Possible trojan downloader) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Error: FileChecker.ScanFile: File C:\kybrdfh_10.exe not found
Error: Error while pre-processing C:\Program Files\DAoC_14-Day_Trial_Setup.exe: Failed to create FileMappingView
Win32: Not enough storage is available to process this command (8)
Error: Error while calling IsValidPeFile: Failed to create FileMappingView
Win32: Not enough storage is available to process this command (8)
Error: Error while pre-processing C:\Program Files\USLin_204_01.exe: Failed to create FileMappingView
Win32: Not enough storage is available to process this command (8)
Error: Error while calling IsValidPeFile: Failed to create FileMappingView
Win32: Not enough storage is available to process this command (8)
Error: Directory not found: E:\
Error: Directory not found: F:\
Error: Directory not found: G:\
Error: Directory not found: H:\
Error: Directory not found: I:\
Error: Directory not found: J:\
1 files identified
1 possible trojan files found

#9
Vikesrock8411

Posted 18 August 2006 - 12:55 AM

Visiting Staff

Member
456 posts

This is a know False Positive flagged by Trojan Hunter. I know the writer of this tool well and he has tried to address the issue with them and has had no luck.

#10
Buckeye_Sam

Posted 18 August 2006 - 07:43 AM

Malware Expert

Member
10,019 posts

Make sure your firewall is on and enabled. Chances are that the malware that you have currently is trying to trick you into downloading something. Don't fall for it!

Now that I can see what we're dealing with, we can start getting rid of it.

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

============

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
- Delete on Reboot
- then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\vabd.exe
C:\ujuwclxi.exe
C:\WINDOWS\system32\ssiefr.EXE
C:\WINDOWS\system32\wrlzma.dll
C:\WINDOWS\cwbbkadk.dll
C:\WINDOWS\Duce6.exe
C:\WINDOWS\win320767219488182006.exe
C:\WINDOWS\sys101948818672.exe
C:\drsmartload.exe
C:\WINDOWS\srvansvrqo.exe
C:\WINDOWS\Eim03.exe
C:\WINDOWS\Justin.exe
C:\WINDOWS\system32\vzt175e4.sys
C:\814.exe
C:\WINDOWS\jdffsuaA.exe
C:\803_104.exe
C:\WINDOWS\srvmjhqlbh.exe
C:\kybrdfh_10.exe
C:\vbjo.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\MTE3NDI6ODoxNg.exe
C:\fym9bvo.exe
C:\WINDOWS\system32\loadadv559.exe
C:\Program Files\Common Files\{74289CF0-0D48-1033-1116-040824040001}\Update.exe
C:\Program Files\Common Files\{74289CF0-0D48-1033-1116-040824040001}\Services.dll
C:\Program Files\Common Files\{74289CF0-0D48-1033-1116-040824040001}
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.
After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
Post this log in your next reply.

Delete these folders.

C:\Program Files\ToolBar888
C:\Program Files\InetGet2
C:\Program Files\Common Files\{74289CF0-0D48-1033-1116-040824040001}

Please post a new hijackthis log.

#11
Country

Posted 18 August 2006 - 10:16 AM

Member

Topic Starter
Member
13 posts

Here is the Killbox log and I could not find the Toolbar888 file to delete it, I even did a search. I did delete the other files. And the notepad thing you told me to type in and save to desk top. WHen I double click on it it opens up but does not ask me about merge. If I right click on it merge is an option so I clicked merge but I didn't see anything happen unless it is a silent action, no windows or anything popped up. Also, since yesterday my computer has been loosing it's internet connection. The other computers in my home are all
connected to the same unit and I have called my provider, it is my computer that is doing it. I'm not sure if I have PC cillan configured incorrectly but I think it keeps stopping internet traffice and it must be bugged because if I select to allow internet traffice it doesn't fix the problem. And...my computer shows that I have an internet connection that is online but my programs will not connect. So for now I have taken my computer off the router and directly connected it to the cable box to see if that helps.

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 9:10 AM

Killbox Closed(Exit) @ 9:11:44 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 9:12 AM

# 1 [Delete on Reboot]
Path = C:\vabd.exe

I Rebooted @ 9:13:22 AM
Killbox Closed(Exit) @ 9:13:27 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 9:34 AM

Killbox Closed(Exit) @ 9:37:16 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 10:09 AM

#12
ScHwErV

Posted 18 August 2006 - 11:55 AM

Member 5k

Retired Staff
21,285 posts

I merged all 6 of your threads here in the malware removal forum. DO NOT start a new thread. Use the Add Reply button here to reply to sam.

If you start another thread I will close this one and take away your posting ability until you figure out how to properly respond in a forum.

ScHwErV :whistling:

#13
Country

Posted 18 August 2006 - 12:14 PM

Member

Topic Starter
Member
13 posts

I'm sorry I did not mean to caus a problem. I thought we had to start a new thread because at the top of this page it says
Do not 'bump' or reply to your topic. We look first for posts with no replies, and we start with the oldest posts and work forward. Bumping will delay a reply.
So i thought I had to reply in a new thread.

I appologize for any inconvenience.

Country

#14
Country

Posted 19 August 2006 - 10:42 AM

Member

Topic Starter
Member
13 posts

I have been reading other posts and noticed that my kill box log only shows the first entry so I went back and looked at the program and noticed that the "all files" button was not clicked, it had been set on single file so the first two times i did it, it only did the first file. Lol sorry. Anyways I fixed it, reran it, here is the NEW and hopefully done correctly kill box log. Sorry for the troubles, your services are much appreciated.

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 9:10 AM

Killbox Closed(Exit) @ 9:11:44 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 9:12 AM

# 1 [Delete on Reboot]
Path = C:\vabd.exe

I Rebooted @ 9:13:22 AM
Killbox Closed(Exit) @ 9:13:27 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 9:34 AM

Killbox Closed(Exit) @ 9:37:16 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 10:09 AM

Killbox Closed(Exit) @ 10:22:20 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 11:29 PM

# 1 [Delete on Reboot]
Path = C:\ujuwclxi.exe

I Rebooted @ 11:30:06 PM
Killbox Closed(Exit) @ 11:30:27 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Friday, August 18, 2006, 11:33 PM

Killbox Closed(Exit) @ 11:36:17 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Saturday, August 19, 2006, 10:18 AM

Killbox Closed(Exit) @ 10:21:01 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Saturday, August 19, 2006, 10:21 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssiefr.EXE

# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wrlzma.dll

# 3 [Delete on Reboot]
Path = C:\WINDOWS\cwbbkadk.dll

# 4 [Delete on Reboot]
Path = C:\WINDOWS\Eim03.exe

# 5 [Delete on Reboot]
Path = C:\WINDOWS\Justin.exe

# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\vzt175e4.sys

# 7 [Delete on Reboot]
Path = C:\WINDOWS\jdffsuaA.exe

# 8 [Delete on Reboot]
Path = C:\MTE3NDI6ODoxNgnew.exe

# 9 [Delete on Reboot]
Path = C:\MTE3NDI6ODoxNg.exe

I Rebooted @ 10:22:14 AM
Killbox Closed(Exit) @ 10:22:23 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Saturday, August 19, 2006, 10:28 AM