Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinTools [RESOLVED]


  • This topic is locked This topic is locked

#16
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore
[syntax: Author, Software, Age ]

[Unknown], 532customer, Old
[Unknown], elpnnd, Old
[Unknown], Licenses, Old
[Unknown], Popup Manager, Old
[Unknown], WinSock2, Old
[Unknown], XoftSpy, Old
[Unknown], shockwave.com, Old
[Unknown], WinRAR SFX, Old
[Unknown], Apple Computer, Inc., Old
Acudata, Sheriff, Old
Adobe, Adobe SVG Viewer, Old
Adobe, CommonFiles, Old
Adobe, Reader, Old
Adobe, Acrobat Reader, Old
Adobe, Acrobat, Old
Ahead, Cover Designer, Old
Ahead, Nero Wave Editor, Old
Ahead, Shared, Old
Ahead, Nero - Burning Rom, Old
Apple Computer, Inc., IPod, Old
Apple Computer, Inc., ITunes, Old
Apple Computer, Inc., QuickTime, Old
ArcSoft, Panorama Maker, Old
ArcSoft, VideoMVP, Old
Asio, NVIDIA ASIO Driver, Old
C07ft5Y, Nhl2002, Old
C07ft5Y, WinXP, Old
Cddb, Control, Old
Chilkat Software, Inc., ChilkatXml.ChilkatXml, Old
Eacom, Update, Old
Eastman Kodak Company, Digital Cameras, Old
Electronic Arts, 3D Data, Old
Ewido, Config, Old
Ewido, Guard, Old
Ewido, Update, Old
Gemplus, Cryptography, Old
GIANTCompany, AntiSpyware, Old
Gnu, Ffdshow, Old
Gnu, Ffdshow_audio, Old
Google, NavClient, Old
Google, Picasa, Old
Gtek, Aod, Old
Hewlett-Packard, HPDJ Printing System Config, Old
Hewlett-Packard, Hpo, Old
Hewlett-Packard, Hpz, Old
Hewlett-Packard, ScanJet, Old
Hewlett-Packard, DigitalImaging, Old
IC Media Corp., Icm532, Old
Icm532a, Default, Old
InstallShield, Driver, Old
Intel, Psis, Old
Intel, Indeo, Old
InterTrust, DocBox, Old
InterVideo, Dvd6, Old
JavaSoft, Java Plug-in, Old
JavaSoft, Java Runtime Environment, Old
JavaSoft, Java Update, Old
JavaSoft, Java Web Start, Old
Kodak, Cardreader2, Old
Kodak, Cardreader8in1, Old
Kodak, Common, Old
Kodak, EasyShareSetup, Old
Kodak, ESSAdpt, Old
Kodak, Essanup, Old
Kodak, ESSBrwr, Old
Kodak, Esscam, Old
Kodak, Esscdbk, Old
Kodak, Essct, Old
Kodak, ESSgui, Old
Kodak, Esshelp, Old
Kodak, ESSini, Old
Kodak, Esspcd, Old
Kodak, Esssonic, Old
Kodak, Esstutor, Old
Kodak, ESSvpaht, Old
Kodak, ESSvpot, Old
Kodak, Hlpcctr, Old
Kodak, HLPIndex, Old
Kodak, Hlpoptn, Old
Kodak, Hlppdock, Old
Kodak, IniFileMapping, Old
Kodak, KODAK Camera Connection Software, Old
Kodak, Kodak Camera Connection Software Help, Old
Kodak, KODAK One Touch To Better Pictures, Old
Kodak, KODAK Software Updater, Old
Kodak, Kodak_master_installer, Old
Kodak, Notifier, Old
Kodak, OTtBPSDK, Old
Kodak, Pcdlnch, Old
Kodak, Pd6000, Old
Kodak, Sfr, Old
Kodak, Sfr2, Old
Kodak, Vcamcen, Old
Kodak, Vprintol, Old
Kodak, EasyShareSetup, Old
Kodak, KODAK EasyShare Software, Old
Kodak, KODAK Picture Transfer Software, Old
KsL Software, Rfa, Old
Local AppWizard-Generated Applications, DestComp, Old
Local AppWizard-Generated Applications, Hpqptc08, Old
Local AppWizard-Generated Applications, Kodak EasyShare, Old
Macromedia, FlashPlayer, Old
Macromedia, Shockwave 10, Old
Macromedia, SwInstall, Old
Magnet, Handlers, Old
Motive, Asst, Old
Mozilla, Desktop, Old
Mozilla, Mozilla Firefox 1.0.3, Old
Mozilla, Mozilla, Old
Mozilla, Mozilla Firefox, Old
Mozilla, Mozilla Firefox 1.0.4, Old
Mozilla.org, Mozilla, Old
MozillaPlugins, @real.com/nppl3260;version=6.0.11.2088, Old
MozillaPlugins, @real.com/nprjplug;version=1.0.2.2146, Old
MozillaPlugins, @real.com/nprpjplug;version=6.0.12.1069, Old
MozillaPlugins, @real.com/nsJSRealPlayerPlugin;version=, Old
Netscape, Netscape Installer, Old
Netscape, Netscape Navigator, Old
NVIDIA Corporation, Global, Old
Oak Technology, Omsg, Old
Panda Software, ActiveScan, Old
PepiMK Software, SpybotSnD, Old
RealGames, Preferences, Old
RealNetworks, Rnadmin, Old
RealNetworks, Visualizations, Old
RealNetworks, Games, Old
RealNetworks, Gemini, Old
RealNetworks, Msg, Old
RealNetworks, Preferences, Old
RealNetworks, RealArcade, Old
RealNetworks, RealJukebox, Old
RealNetworks, RealMediaSDK, Old
RealNetworks, RealPlayer, Old
RealNetworks, RealSystemMP, Old
RealNetworks, UninstallDoFolderScan, Old
RealNetworks, Update, Old
RichFX, Player, Old
Schlumberger, Smart Cards And Terminals, Old
Soeperman Enterprises Ltd., HijackThis, Old
SpywareBlaster, Settings, Old
Stevengould.org, CleanUp!, Old
Symantec, Ids, Old
Symantec, InstalledApps, Old
Symantec, PatchInst, Old
Symantec, ScriptBlocking, Old
Symantec, Shared Technology, Old
Symantec, SharedDefs, Old
Symantec, SharedUsage, Old
Symantec, Symevent, Old
Symantec, SymInterface, Old
Symantec, SymNetDrv, Old
Symantec, SymSC, Old
Symantec, Norton AntiVirus, Old
Trymedia Systems, ActiveMARK Software, Old
WinRAR, ArcHistory, Old
WinRAR, DialogEditHistory, Old
WinRAR, FileList, Old
WinRAR, Formats, Old
WinRAR, General, Old
WinRAR, Interface, Old
WinRAR, Profiles, Old
WinRAR, Setup, Old
WinRAR, Viewer, Old
WinRAR, VirusScan, Old
Wise Solutions, Wise Installation System, Old
Xing Technology Corp., SharedDlls, Old
Yahoo, Companion, Old
Yahoo, Skin, Old
Yahoo, Pager, Old
Yahoo, YServer, Old

:tazz:
  • 0

Advertisements


#17
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi elite,

there are a few items that I dont recognize in that list but I dont recognize anything as adware / spyware.


Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#18
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
it simply shuts down while running .. and i cant burn anymore either .. let me restore this to an earlier point and see wt i can do .. sigh ..
  • 0

#19
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I think i made a break through! anyways here is what the rookit revealer revealed :tazz:

HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\{E475D6DC-81B7-4148-ABF0-32A300888E82} 7/2/2005 5:34 PM 120 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\{E475D6DC-81B7-4148-ABF0-32A300888E82} 7/2/2005 5:34 PM 120 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\LocalService\My Documents 7/2/2005 7:29 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\My Documents\desktop.ini 7/2/2005 7:29 PM 77 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\My Documents\RootkitReveal.txt 7/2/2005 7:29 PM 171 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Recent 7/2/2005 7:22 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Recent\Desktop.ini 7/2/2005 7:22 PM 150 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Application Data\Mozilla\Firefox\Profiles\b9yhi25x.default\Cache\7B05A283d01 7/2/2005 7:23 PM 50.88 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Application Data\Mozilla\Firefox\Profiles\b9yhi25x.default\Cache\D2244CE0d01 7/2/2005 7:27 PM 17.94 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Application Data\Mozilla\Firefox\Profiles\b9yhi25x.default\Cache\EB8CA9AFd01 7/2/2005 7:23 PM 20.80 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Application Data\Mozilla\Firefox\Profiles\b9yhi25x.default\Cache\FE22AE72d01 7/2/2005 7:23 PM 69.65 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Cookies\mustafa@housecall[2].txt 7/2/2005 7:24 PM 110 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Cookies\mustafa@msn[1].txt 7/2/2005 5:44 PM 337 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Mustafa\Cookies\mustafa@msn[3].txt 7/2/2005 7:24 PM 530 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Cookies\mustafa@trendmicro[1].txt 7/2/2005 7:29 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Cookies\mustafa@wdcs.trendmicro[1].txt 7/2/2005 7:24 PM 149 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temp\hsperfdata_Mustafa 7/2/2005 7:23 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temp\hsperfdata_Mustafa\268 7/2/2005 7:23 PM 16.00 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temp\XScanResult 7/2/2005 7:29 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temp\XScanResult\$L7.tmp 7/2/2005 7:29 PM 383 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\bg-dotted-h[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\dcs[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\dcs[2].gif 7/2/2005 7:25 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\dcs[3].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\DWT{VNOK`-1DQELM,FZBGB[1].jpg 7/2/2005 7:24 PM 26.81 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\fs[1].gif 7/2/2005 7:24 PM 441 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\header-language02[1].gif 7/2/2005 7:24 PM 89 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\header-language04[1].gif 7/2/2005 7:29 PM 82 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\header-logo[1].gif 7/2/2005 7:29 PM 1.38 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\homepage-nav-dottedvert[1].gif 7/2/2005 7:29 PM 54 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\homepage-nav-products[1].gif 7/2/2005 7:29 PM 397 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\homepage-nav-purchase[1].gif 7/2/2005 7:29 PM 405 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\homepage-nav-security[1].gif 7/2/2005 7:29 PM 495 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\homepage-wrapper-top[1].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\icon-star[1].gif 7/2/2005 7:24 PM 129 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\icsa[1].gif 7/2/2005 7:24 PM 1.20 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\ip1012[1].js 7/2/2005 7:24 PM 2.09 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\px[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\px_999999[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\spacer[1].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\spdbupdate[1].htm 7/2/2005 7:23 PM 54 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\style2[1].css 7/2/2005 7:24 PM 1.77 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\tab-partners-off[1].gif 7/2/2005 7:29 PM 601 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\tn-about-over[1].gif 7/2/2005 7:29 PM 481 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\tn-on-left[1].gif 7/2/2005 7:24 PM 90 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\tn-security-over[1].gif 7/2/2005 7:24 PM 607 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\tn-security[1].gif 7/2/2005 7:24 PM 532 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\xscan53[1].cab 7/2/2005 7:25 PM 753.18 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\01234567\YE[@MCD9M24QU+B+B@}@S[1].jpg 7/2/2005 7:24 PM 5.92 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\666[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\bg-leftnav[1].gif 7/2/2005 7:24 PM 125 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\black-pixel[1].gif 7/2/2005 7:29 PM 49 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CA016R8D.HTM 7/2/2005 7:25 PM 1.06 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\carat[1].gif 7/2/2005 7:24 PM 63 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\dcs[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\header-language01[1].gif 7/2/2005 7:24 PM 84 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\header-language03[1].gif 7/2/2005 7:24 PM 124 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\header-language03[2].gif 7/2/2005 7:29 PM 124 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homeentantispyware[1].gif 7/2/2005 7:29 PM 15.22 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage-nav-partners[1].gif 7/2/2005 7:29 PM 396 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage-nav-support[1].gif 7/2/2005 7:29 PM 381 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage-wrapper-bottom[1].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage-wrapper-bottomleft[1].gif 7/2/2005 7:29 PM 51 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage-wrapper-bottomright[1].gif 7/2/2005 7:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage-wrapper-topright[1].gif 7/2/2005 7:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\homepage[1].css 7/2/2005 7:29 PM 2.20 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\hpcl1012[1].css 7/2/2005 7:24 PM 1.06 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\kelkeapromobanner[1].gif 7/2/2005 7:29 PM 8.11 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\OOB1029[1].js 7/2/2005 7:24 PM 4.59 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\px[1].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\start_corp[1].htm 7/2/2005 7:24 PM 47.43 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\style1[1].css 7/2/2005 7:24 PM 4.13 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tn-dotted[1].gif 7/2/2005 7:24 PM 68 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tn-home-over[1].gif 7/2/2005 7:24 PM 401 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tn-on-right[1].gif 7/2/2005 7:24 PM 90 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tn-partners-over[1].gif 7/2/2005 7:24 PM 491 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tn-partners[1].gif 7/2/2005 7:24 PM 426 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\YLEH4BI1]6H1E759W`,QZ[1].jpg 7/2/2005 7:24 PM 1.96 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\A0@615YC421HK}5PU@`QG[1].jpg 7/2/2005 7:24 PM 2.00 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\bg_leftnav_rmargin[1].gif 7/2/2005 7:24 PM 46 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\footer[1].js 7/2/2005 7:24 PM 4.13 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\header-language01[1].gif 7/2/2005 7:29 PM 103 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\header-language02[1].gif 7/2/2005 7:29 PM 83 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\header-language04[1].gif 7/2/2005 7:24 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\header-logo[1].gif 7/2/2005 7:24 PM 1.38 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\homepage-nav-about[1].gif 7/2/2005 7:29 PM 403 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\homepage-wrapper-topleft[1].gif 7/2/2005 7:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\housecall_animation2[1].gif 7/2/2005 7:24 PM 5.34 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\hp1021[1].css 7/2/2005 7:24 PM 11.63 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\hp1021[1].js 7/2/2005 7:24 PM 4.45 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\icon-arrow[1].gif 7/2/2005 7:29 PM 55 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\icon-email[1].gif 7/2/2005 7:24 PM 142 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\O4LO9`8+{I`[-RRD,}37G[1].jpg 7/2/2005 7:24 PM 7.72 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\px-999999[1].gif 7/2/2005 7:24 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\scripts[1].js 7/2/2005 7:24 PM 1.99 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\start_corp[1].htm 7/2/2005 7:25 PM 50.88 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\status-yellow[1].gif 7/2/2005 7:29 PM 53 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tab-enterprise-on[1].gif 7/2/2005 7:29 PM 594 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tab-smallmedium-off[1].gif 7/2/2005 7:29 PM 726 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-about-over[1].gif 7/2/2005 7:24 PM 481 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-home-over[1].gif 7/2/2005 7:29 PM 401 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-home[1].gif 7/2/2005 7:24 PM 328 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-products-over[1].gif 7/2/2005 7:24 PM 493 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-products-over[2].gif 7/2/2005 7:29 PM 493 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-purchase[1].gif 7/2/2005 7:24 PM 433 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\tn-security-over[1].gif 7/2/2005 7:29 PM 607 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\0000007945_000000000000000197070[1].swf 7/2/2005 7:24 PM 16.15 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\1px-nav[1].gif 7/2/2005 7:24 PM 51 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\bg-leftnav-rmargin[1].gif 7/2/2005 7:24 PM 46 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\bg-topnav[1].gif 7/2/2005 7:24 PM 79 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\dcsav[1].js 7/2/2005 7:24 PM 624 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\dcsav[2].js 7/2/2005 7:29 PM 624 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\enterprise[1].htm 7/2/2005 7:29 PM 44.56 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\header-submit[1].gif 7/2/2005 7:24 PM 127 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\header-submit[2].gif 7/2/2005 7:29 PM 127 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\homepage-wrapper-left[1].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\homepage-wrapper-right[1].gif 7/2/2005 7:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\icon-arrow[1].gif 7/2/2005 7:29 PM 55 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\IE1015[1].css 7/2/2005 7:24 PM 807 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\msft94[1].gif 7/2/2005 7:24 PM 893 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\scripts[1].js 7/2/2005 7:29 PM 1.99 KB Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\spacer[1].gif 7/2/2005 7:24 PM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\srch-arrw[1].gif 7/2/2005 7:24 PM 73 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\status-gray[1].gif 7/2/2005 7:29 PM 53 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tab-personal-off[1].gif 7/2/2005 7:29 PM 571 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-about[1].gif 7/2/2005 7:24 PM 418 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-partners-over[1].gif 7/2/2005 7:29 PM 491 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-products-on[1].gif 7/2/2005 7:24 PM 433 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-purchase-over[1].gif 7/2/2005 7:24 PM 501 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-purchase-over[2].gif 7/2/2005 7:29 PM 501 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-support-over[1].gif 7/2/2005 7:24 PM 473 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-support-over[2].gif 7/2/2005 7:29 PM 473 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\tn-support[1].gif 7/2/2005 7:24 PM 410 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\My Documents\English\RootkitReveal.txt 7/2/2005 7:30 PM 171 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\NTUSER.DAT.LOG:KAVICHS 7/2/2005 7:31 PM 36 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Recent\English.lnk 7/2/2005 7:30 PM 425 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Recent\RootkitReveal.lnk 7/2/2005 7:22 PM 571 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Recent\system32.lnk 7/2/2005 7:22 PM 483 bytes Hidden from Windows API.
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1644049401_group.dat 7/2/2005 7:31 PM 199 bytes Hidden from Windows API.
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\4240022773_group.dat 7/2/2005 7:23 PM 183 bytes Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006168.EXE 4/15/2005 9:29 PM 280.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006169.DLL 4/15/2005 9:29 PM 68.06 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006170.DLL 4/15/2005 9:29 PM 496.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006171.dll 4/13/2005 8:25 PM 70.07 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006172.exe 1/10/2005 5:17 PM 166.07 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006173.ini 4/13/2005 8:25 PM 674 bytes Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006174.dll 3/5/2004 11:35 AM 42.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006175.dll 2/18/2005 6:40 PM 1020.08 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006176.ini 6/9/2005 10:27 PM 648 bytes Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006177.ini 6/9/2005 10:27 PM 10 bytes Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006178.ini 6/9/2005 10:26 PM 24.70 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006179.ini 6/9/2005 10:26 PM 170 bytes Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006180.dll 7/23/1999 10:53 AM 126.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006181.ini 7/23/1999 1:46 PM 116 bytes Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006182.dll 6/9/2005 10:26 PM 42.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-8F46-870E7EC2CC25}\RP4\A0006183.dll 6/9/2005 10:26 PM 1020.08 KB Hidden from Windows API.
C:\System Volume Information\_restore{DB2E448F-A106-4CB0-

Edited by elite, 02 July 2005 - 05:55 PM.

  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi elite,


Please download CleanUp and save it on your PC.


Reboot the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).


Make sure that the PC is not connected to the internet. In case you have DSl /Cable connectivity, then remove the cable connecting the modem and the PC.


Run CleanUp and delete all temp files. Also include in the list cookies and internet temporary files.

Reboot the PC in Normal Mode. Connect back the modem and the PC to restore internet connectivity.

Post a fresh HJT log here
  • 0

#21
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
will dOo right now :tazz:
  • 0

#22
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:25:24 PM, on 07/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SWWKD - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\SWWKD.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: YA - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\YA.exe (file missing)
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi elite,

Lets fix a few things first.

Click on Start ---> Run. Type Services.msc and hit enter.

In the right hand pane, Locate the item - SWWKD. Right click on it and then click on Properties. In the Startup Type choose the option Disable.

Repeat the process with the item - YA.


Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O23 - Service: SWWKD - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\SWWKD.exe (file missing)
O23 - Service: YA - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\YA.exe (file missing)



Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC.

Run rootkitrevealer again and post the rootkitrevealer log along with HJT log here.
  • 0

#24
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here is the RKR log :

HKLM\SOFTWARE\TrendMicro\PC-cillin\ScanInfo\LastScanFile 7/3/2005 6:59 PM 98 bytes Windows API length not consistent with raw hive data.
C:\Documents and Settings\LocalService\My Documents\RootkitReveal2.txt 7/3/2005 7:00 PM 138 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\NTUSER.DAT.LOG:KAVICHS 7/3/2005 7:01 PM 36 bytes Hidden from Windows API.
C:\Documents and Settings\Mustafa\Recent\RootkitReveal2.lnk 7/3/2005 7:00 PM 490 bytes Hidden from Windows API.
  • 0

#25
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
here's the HTJ log:

Logfile of HijackThis v1.99.1
Scan saved at 9:22:33 PM, on 07/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E475D6DC-81B7-4148-ABF0-32A300888E82}: NameServer = 207.136.100.40 209.148.64.40
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LLNDYR - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\LLNDYR.exe (file missing)
O23 - Service: MGJPKSVOY - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\MGJPKSVOY.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: YYKWES - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\YYKWES.exe (file missing)
  • 0

Advertisements


#26
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi elite,

Few more items to fix.

Click on Start ---> Run. Type Services.msc and hit enter.

In the right hand pane, Locate the item - LLNDYR. Right click on it and then click on Properties. In the Startup Type choose the option Disable.

Repeat the process with the item - MGJPKSVOY and YYKWES.

Run Hijack This and click on scan. The following items need to be fixed -

O23 - Service: LLNDYR - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\LLNDYR.exe (file missing)
O23 - Service: MGJPKSVOY - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\MGJPKSVOY.exe (file missing)
O23 - Service: YYKWES - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\YYKWES.exe (file missing)


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC and post the fresh HJT log here.

Edited by tampabelle, 04 July 2005 - 03:26 PM.

  • 0

#27
elite

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hey TP,

I had my pc reformatted! guess what the main problem was .. it was heating up to 90 degrees celsius .. the techy said the normal range is abt 45-50 degrees .. so now its reformatted and has a coolant/cooler .. so its all good u can lock the thread :tazz:

thank you for all your assistance ;)
  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP