Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! No Disk Errors


  • Please log in to reply

#1
zenapex

zenapex

    Member

  • Member
  • PipPip
  • 14 posts
I need help guys, I get no disk errors every now and then, here is my HiJackThis log. Please help, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:39 PM, on 4/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Fonts\syn00-0C-6E-BA-1B-E6\system\smss.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6167F471-EF2B-41DD-A5E5-C26ACDB5C096} - C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\syn00-0C-6E-BA-1B-E6\system\smss.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [mfchlp32] C:\WINDOWS\mfchlp32.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [inudhya] C:\WINDOWS\Fonts\syn00-0C-6E-BA-1B-E6\system\1a.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [DXDLG32] DXDLG.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - AppInit_DLLs: mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.d
ll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,y
dgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dsce
f.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.d
ll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbd
b.dll,rhs.dll,atehhz.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,f
xgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.
dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll,
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 7681 bytes
  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello zenapex and Welcome to Geeks to Go!

Sorry for the delay in response time. Rough week.

Let's start.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#3
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
New problem, computer restarts during the scan. Any ideas? Thanks!
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Let's try this. :)

Please download this file - combofix.exe by sUBs
  • Save it to your Desktop
  • Please, never rename Combofix unless instructed.
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll


  • Click OK and this will start ComboFix in a special way.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

  • 0

#5
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
When I run ComboFix as instructed my PC still restarts during the scan. :) I'm guessing I'm helpless???
  • 0

#6
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Don't loose hope, there's always a way.
Let's try this first and see how it turns out. :)

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#7
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright, that worked out. Here is the report given:



SDFix: Version 1.170
Run by Bong on 2008-04-13 at 13:35

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDfix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 13:42:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{5929073C-0874-4A22-B58C-5F555E2B4249}.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

Remaining Files :


File Backups: - C:\SDfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 4 Apr 2008 13,887 A.SH. --- "C:\WINDOWS\system32\msosping00.dll"
Sat 22 Mar 2008 8,042 ..SH. --- "C:\WINDOWS\system32\slcs.dll"
Tue 22 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 12 Oct 2007 19,968 ...H. --- "C:\Documents and Settings\Bong\Desktop\~WRL1653.tmp"
Thu 20 Sep 2007 444 ...HR --- "C:\Documents and Settings\Bong\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Good but we still have a long way to go.

Next,

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#9
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright, here is the Vundofix.txt and the new HiJackThis log.


VundoFix V7.0.3

Scan started at 16:37:00 2008-04-14

Listing files found while scanning....

C:\Program Files\PowerISO\PWRISOSH.DLL


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08, on 2008-04-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5596 bytes
  • 0

#10
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Still a long way to go. :)

Next,

Please download AVG's free antivirus .

This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools here. DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more. Uninstall any existing antivirus programs if you're going to install AVG.

Then,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

Advertisements


#11
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright here is the update, this is the most recent scan log.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2008 at 05:10 PM

Application Version : 4.0.1154

Core Rules Database Version : 3438
Trace Rules Database Version: 1430

Scan type : Complete Scan
Total Scan Time : 00:23:46

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 6537
Registry threats detected : 0
File items scanned : 24495
File threats detected : 1

Trojan.Unclassified/WDFMGR-Fake
H:\NTLDR.EXE

Edited by zenapex, 15 April 2008 - 05:43 PM.

  • 0

#12
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Next,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

then,
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#13
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright here are the main.txt and the extra.txt.


Deckard's System Scanner v20071014.68
Run by Bong on 2008-04-17 00:09:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-04-17 06:09:29 UTC - RP24 - Deckard's System Scanner Restore Point
23: 2008-04-17 01:17:07 UTC - RP23 - System Checkpoint
22: 2008-04-16 00:53:46 UTC - RP22 - Installed AVG 7.5
21: 2008-04-16 00:43:04 UTC - RP21 - Removed SUPERAntiSpyware Free Edition
20: 2008-04-15 21:38:03 UTC - RP20 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-04-04 02:46:11 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.8 GiB (less than 15%) free.


-- HijackThis (run as Bong.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10, on 2008-04-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bong\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HB Kernel] RUNDLL32.EXE C:\WINDOWS\System32\HBKrnl.dll,DllRegisterServer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6420 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080403-201949-421 O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
backup-20080403-202051-218 O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
backup-20080403-202051-862 O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
backup-20080403-202051-998 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080403-202133-868 O20 - AppInit_DLLs: mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.d
ll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,y
dgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dsce
f.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.d
ll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbd
b.dll,rhs.dll,atehhz.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,f
xgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.
dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll,
backup-20080403-202638-530 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (file missing)
backup-20080403-202638-559 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (file missing)
backup-20080403-202638-676 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080403-202639-213 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
backup-20080403-202640-503 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
backup-20080403-202640-509 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
backup-20080404-150947-945 O4 - HKLM\..\Run: [HB Kernel] RUNDLL32.EXE C:\WINDOWS\System32\HBKrnl.dll,DllRegisterServer
backup-20080404-151208-323 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20080404-151208-354 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20080404-151208-458 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20080404-151208-563 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20080404-151208-574 O4 - HKLM\..\Policies\Explorer\Run: [DXDLG32] DXDLG.exe
backup-20080404-151208-590 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20080404-151208-749 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20080404-151208-789 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20080404-151254-813 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
backup-20080404-151414-526 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
backup-20080404-151414-956 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
backup-20080404-151519-900 O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
backup-20080404-152343-484 O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
backup-20080404-152343-516 O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
backup-20080404-152343-694 O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
backup-20080404-152343-829 O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
backup-20080404-152343-880 O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
backup-20080404-152343-912 O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
backup-20080404-153754-848 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
backup-20080404-160439-352 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20080404-160440-595 O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
backup-20080404-160615-293 O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\syn00-0C-6E-BA-1B-E6\system\smss.exe
backup-20080404-160615-816 O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\syn00-0C-6E-BA-1B-E6\system\smss.exe
backup-20080404-160733-610 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
backup-20080404-160753-484 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
backup-20080404-170843-269 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
backup-20080404-170843-427 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
backup-20080404-170843-664 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20080404-170843-821 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
backup-20080404-171148-672 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20080404-171225-836 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\vcdrom.sys (file missing)
S2 mnsf - c:\docume~1\bong\locals~1\temp\tmpd4.tmp (file missing)
S2 msert - c:\windows\system32\drivers\mselk.sys (file missing)
S2 ping - c:\docume~1\bong\locals~1\temp\tmp40.tmp (file missing)
S3 catchme - c:\docume~1\bong\locals~1\temp\catchme.sys (file missing)
S3 HBKernel (HBKernel Driver) - c:\windows\system32\drivers\hbkernel.sys
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 sys_flt - c:\docume~1\bong\locals~1\temp\~90.tmp (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 PSEXESVC (PsExec) - c:\windows\psexesvc.exe <Not Verified; Sysinternals; Sysinternals PsExec>
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_24D3&SUBSYS_80A61043&REV_02\3&267A616A&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_24D3&SUBSYS_80A61043&REV_02\3&267A616A&0&FB
Service:


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-15 21:39:35 0 dr-h----- C:\$VAULT$.AVG
2008-04-15 18:56:10 0 d-------- C:\Documents and Settings\Bong\Application Data\AVG7
2008-04-15 18:54:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-15 18:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-15 15:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-15 15:38:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-15 15:38:04 0 d-------- C:\Documents and Settings\Bong\Application Data\SUPERAntiSpyware.com
2008-04-15 14:57:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-14 23:29:49 0 d-------- C:\Program Files\Veoh Networks
2008-04-14 16:37:00 0 d-------- C:\VundoFix Backups
2008-04-13 13:29:26 0 d-------- C:\WINDOWS\ERUNT
2008-04-13 00:29:55 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-13 00:29:22 68096 --a------ C:\WINDOWS\zip.exe
2008-04-13 00:29:22 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-13 00:29:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-13 00:29:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-13 00:29:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-13 00:29:22 98816 --a------ C:\WINDOWS\sed.exe
2008-04-13 00:29:22 80412 --a------ C:\WINDOWS\grep.exe
2008-04-13 00:29:22 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-10 08:10:04 0 d-------- C:\Documents and Settings\Bong\Application Data\Malwarebytes
2008-04-10 08:09:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-05 00:40:00 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 15:35:44 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-04 12:08:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-03 21:18:45 0 d-------- C:\Program Files\Trend Micro
2008-04-03 12:25:12 7232 --a------ C:\WINDOWS\System32\drivers\HBKernel.sys
2008-04-03 12:25:11 13824 -----n--- C:\WINDOWS\System32\HBKrnl.dll
2008-04-01 17:35:22 0 d-------- C:\WINDOWS\System32\Adobe
2008-04-01 01:01:36 128 --a------ C:\WINDOWS\System32\msosping.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-15 23:05:12 0 d-------- C:\Program Files\SpeedFan
2008-04-15 18:43:06 0 d-------- C:\Program Files\Common Files
2008-04-15 15:31:28 0 d-------- C:\Documents and Settings\Bong\Application Data\Adobe
2008-04-06 10:22:16 0 d-------- C:\Program Files\BitComet
2008-04-06 10:20:27 2560 --a------ C:\WINDOWS\System32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-05 00:46:42 0 d-------- C:\Documents and Settings\Bong\Application Data\Real
2008-04-05 00:41:44 2521 --a------ C:\WINDOWS\mozver.dat
2008-04-05 00:39:56 0 d-------- C:\Program Files\Common Files\Real
2008-03-30 18:08:25 0 d-------- C:\Program Files\Macromedia
2008-03-30 18:06:06 0 d-------- C:\Program Files\Yahoo!
2008-03-30 18:05:39 0 d-------- C:\Documents and Settings\Bong\Application Data\Yahoo!
2008-03-30 18:03:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 05:04:04 256 --a------ C:\WINDOWS\System32\pool.bin
2008-03-17 18:11:14 0 d-------- C:\Documents and Settings\Bong\Application Data\dvdcss
2008-03-14 15:15:56 0 d-------- C:\Program Files\Red Kawa
2008-03-14 15:13:24 0 d-------- C:\Program Files\Seabyrd Technologies
2008-03-09 15:19:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 15:19:33 0 d-------- C:\Program Files\Common Files\Macromedia
2008-02-23 16:04:14 0 d-------- C:\Program Files\Game Cam v1.4
2008-02-23 16:02:45 0 d-------- C:\Program Files\EA GAMES


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HB Kernel"="C:\WINDOWS\System32\HBKrnl.dll" [2008-04-03 12:25]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 10:05]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 07:07]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 13:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-05 00:39]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-29 00:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 18:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\progra~1\valve\steam\steam.exe" [2008-03-30 11:41]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35]
"@"="" []

C:\Documents and Settings\Bong\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-28 09:37:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-28 09:37:56]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACKWIN32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-TROJAN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AUTODOWN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVCONSOL.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVE32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCTRL.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVKSERV.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVNT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPCC.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPDOS32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPM.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPTC32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPUPD.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCHED32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWIN95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWUPD32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKD.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKICE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIADMIN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIAUDIT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95CF.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER3.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95_0.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ECENGINE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ESAFE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPWATCH.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-AGNT95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-STOPW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FESCUE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FINDVIRU.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FP-WIN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FRW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMAPP.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSERV.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMASN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMAVSP.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOAD95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOADNT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICMON.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPP95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPPNT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IFACE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IOMON98.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JEDI.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVsvc.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSvcUI.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVwsc.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchUI.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOCKDOWN2000.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo_1.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOOKOUT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUALL.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MAILMON.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MOOLIVE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFTRAY.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\N32SCANW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapw32.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVLU32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVNT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVWNT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NISUM.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NMain.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NORMIST.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NUPGRADE.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVC95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVCL.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSCHED.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCCWIN98.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCFWALLICON.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PERSFW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7WIN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVmon.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVmonD.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVtimer.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rising.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SAFEWEB.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANPM.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCRSCAN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SERV95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPHINX.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWEEP95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCA.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-98.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-NT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET95.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VETTRAY.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSCAN40.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSECOMR.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSHWIN32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSSTAT.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBSCANX.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WFINDV32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVP32.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVPCC.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVPM.EXE]
Debugger=net

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Đ̃¸´¹¤¾ß.exe]
Debugger=net

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HB Kernel]
RUNDLL32.EXE C:\WINDOWS\System32\HBKrnl.dll,DllRegisterServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install




-- End of Deckard's System Scanner: finished at 2008-04-17 00:11:04 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1535.29 MiB / 1039.78 MiB
Pagefile Memory (total/avail): 3435.18 MiB / 3208.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 143.48 GiB total, 2.8 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Fixed (FAT32) - 5.55 GiB total, 4.2 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 5.56 GiB - H:
\PARTITION1 (bootable) - Installable File System - 143.48 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bong\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RIVERA
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bong
LOGONSERVER=\\RIVERA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Plazmic CDK 4.2.2\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bong\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bong\LOCALS~1\Temp
USERDOMAIN=RIVERA
USERNAME=Bong
USERPROFILE=C:\Documents and Settings\Bong
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bong (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v2.3.3 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitComet 0.86 --> C:\Program Files\BitComet\uninst.exe
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}
BlackBerry Email and MDS Services Simulators 4.1.2 --> MsiExec.exe /X{6C65C8BB-B975-44D4-A8F5-61129CDDF4C3}
BlackBerry JDE 4.2.0 --> MsiExec.exe /X{B784FE9A-B271-4A93-AD97-E0C50190AEB7}
BlackBerry MDS Studio 1.1.1 --> "C:\Program Files\Research In Motion\BlackBerry MDS Studio 1.1.1\Uninstall_BlackBerry MDS Studio 1.1.1\Uninstall BlackBerry MDS Studio 1.1.1.exe"
Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
CityBars Mod v1.0 --> C:\Program Files\Mafia\Uninstal.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GGPO Client --> "C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe" REMOVE=TRUE MODIFY=FALSE
GGPO Client --> C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Introduction to the Practice of Statistics --> C:\WINDOWS\iun6002.exe "C:\Program Files\IPS5e\irunin.ini"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Mafia --> c:\program files\Mafia\patch.exe
Mafia Game --> C:\WINDOWS\System32\MafiaSetup.exe
Mafia Gangstar mod 1.2 --> "C:\Documents and Settings\Bong\Desktop\Mafia Gangstar mod 1.2\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B662D841-AAA0-41E8-B2AB-E374560DC5B1}
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 5.5.1 --> C:\Program Files\netbeans-5.5.1\_uninst\uninstaller.exe
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Plazmic CDK 4.2.2 for BlackBerry --> "C:\Program Files\Plazmic CDK 4.2.2\Uninstall Plazmic CDK 4.2.2 for BlackBerry\Uninstall Plazmic CDK 4.2.2 for BlackBerry.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rome - Total War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}\setup.exe" -l0x9 -removeonly
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tournament.com 1.0.0.163 --> "C:\Program Files\Tournament.com\unins000.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora Xbox 360 Converter 2.25 --> C:\Program Files\
  • 0

#14
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
First to clarify things, did you fix HijackThis entries on your own? If so, why?
Second your DSS log is incomplete.

Next,

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

post with daft log.
  • 0

#15
zenapex

zenapex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
To clarify things, yes I did fix HiJackThis entries on my own, I did it out of frustration, it first began with entries I knew it was necessary for, then I got carried away and did it for who knows what else. Sorry if it makes your task much more difficult. It was stupid on my part, and thanks for sticking with me on this!


DAFT Log saved on 2008-04-17 07:43:04
-----------------------------------------------------------------------
All associations okay!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP