Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Need help! Please analyze my HJT log!

Thread Solved
1 2

Join Date: Jun 2006
Posts: 27
Reputation: ferrarilover is an unknown quantity at this point 
Solved Threads: 0
ferrarilover ferrarilover is offline Offline
Light Poster

Re: Need help! Please analyze my HJT log!

 
0
  #11
Jun 25th, 2006
ok so went through that, here is the VX2 Finder results:

Files Found---

User Agent String---
{EA89D347-665A-9B37-B7B1-3013EEF92CD6}

------------------------------------------------------------
and once again a WinPFind log:


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 02/10/05 4:45:58 PM RH 5578784 C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 15/06/06 9:20:10 AM 42736 C:\WINDOWS\icont.exe
UPX! 04/04/06 5:10:14 PM 2541151 C:\WINDOWS\hot_exotic_ferraris.scr
UPX! 04/04/06 5:10:14 PM 220582 C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts

Checking %System% folder...
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent 01/10/05 1:21:26 PM 3362 C:\WINDOWS\SYSTEM\58ba5roi.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\mqihnd.dll
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ne372aqv.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\btackbox.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\snnsapi.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\prwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\phwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\FW20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\pidrv.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\wtpui.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\mnoeacct.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CEYPTNET.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SONCUI.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\DOUSIC32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\wdpshell.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\OPEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\DZ32GT.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\FIWPP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DRTIME.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wppcd.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DAIMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
25/06/06 10:28:00 PM RH 1400864 C:\WINDOWS\USER.DAT
25/06/06 10:28:00 PM RH 7733286 C:\WINDOWS\SYSTEM.DAT
24/06/06 11:50:58 AM H 54156 C:\WINDOWS\QTFont.qfn
25/06/06 10:13:54 PM H 826369 C:\WINDOWS\ShellIconCache
24/06/06 3:21:52 PM H 5416 C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\snnsapi.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DRTIME.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wppcd.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DAIMAN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IOM32.DLL
03/06/06 11:45:12 AM HS 11776 C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM HS 400 C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM HS 313544 C:\WINDOWS\All Users\DRM\IndivBox.key
25/06/06 10:19:40 PM HS 1368 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
25/06/06 10:25:18 PM H 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
25/06/06 10:27:36 PM H 1348 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM H 760 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM H 464 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM H 1012 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM H 560 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM H 548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
25/06/06 10:14:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/08/99 10:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 30/10/01 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 10/02/99 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc. 08/04/04 2:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc. 26/08/96 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems 13/02/06 11:53:30 AM 61555 C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
23/06/06 5:38:34 PM 25658 C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM 15144 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
SpySweeper "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 25/06/06 10:28:54 PM


------------------------------------------------------------
Ongoing thanks and awaiting patiently your reply!
Chris
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Need help! Please analyze my HJT log!

 
0
  #12
Jun 26th, 2006
Hi,
Those files are still there! Now, we have to remove them manually! Open a new file in NotePad and copy the contents of the below "Quote" box to NotePad:-
cd\
cd WINDOWS
cd SYSTEM
attrib -s -r -h MKJET35.DLL
del MKJET35.DLL
attrib -s -r -h SOUB32.DLL
del SOUB32.DLL
attrib -s -r -h MBEXCH40.DLL
del MBEXCH40.DLL
attrib -s -r -h AYIPITA.DLL
del AYIPITA.DLL
attrib -s -r -h OUEDLG.DLL
del OUEDLG.DLL
attrib -s -r -h PGNMAP.DLL
del PGNMAP.DLL
attrib -s -r -h SMLFX.DLL
del SMLFX.DLL
attrib -s -r -h MPCMS.DLL
del MPCMS.DLL
attrib -s -r -h RAANP.DLL
del RAANP.DLL
attrib -s -r -h IUROP.DLL
del IUROP.DLL
attrib -s -r -h IKNPSTUB.DLL
del IKNPSTUB.DLL
attrib -s -r -h JYEG1X32.DLL
del JYEG1X32.DLL
attrib -s -r -h CDGMGR32.DLL
del CDGMGR32.DLL
attrib -s -r -h EOAPI162.DLL
del EOAPI162.DLL
attrib -s -r -h IZ50_QCX.DLL
del IZ50_QCX.DLL
attrib -s -r -h JNBEXEC.DLL
del JNBEXEC.DLL
attrib -s -r -h 58ba5roi.ini
del 58ba5roi.ini
attrib -s -r -h ecs0f2l3.ini
del ecs0f2l3.ini
attrib -s -r -h ne372aqv.ini
del ne372aqv.ini
attrib -s -r -h CZL3D32.DLL
del CZL3D32.DLL
attrib -s -r -h btackbox.dll
del btackbox.dll
attrib -s -r -h EYUSBIN.DLL
del EYUSBIN.DLL
attrib -s -r -h prwave.dll
del prwave.dll
attrib -s -r -h whspdmoe.dll
del whspdmoe.dll
attrib -s -r -h jzsh400.dll
del jzsh400.dll
attrib -s -r -h jfdw400.dll
del jfdw400.dll
attrib -s -r -h phwave.dll
del phwave.dll
attrib -s -r -h wfspdmoe.dll
del wfspdmoe.dll
attrib -s -r -h pygfilt.dll
del pygfilt.dll
attrib -s -r -h RAR20.DLL
del RAR20.DLL
attrib -s -r -h CFPMAN.DLL
del CFPMAN.DLL
attrib -s -r -h SZSCLASS.DLL
del SZSCLASS.DLL
attrib -s -r -h FW20.DLL
del FW20.DLL
attrib -s -r -h pidrv.dll
del pidrv.dll
attrib -s -r -h MTCPXL32.DLL
del MTCPXL32.DLL
attrib -s -r -h MNCDevice.dll
del MNCDevice.dll
attrib -s -r -h SOUDF.DLL
del SOUDF.DLL
attrib -s -r -h wtpui.dll
del wtpui.dll
attrib -s -r -h mnoeacct.dll
del mnoeacct.dll
attrib -s -r -h CEYPTNET.DLL
del CEYPTNET.DLL
attrib -s -r -h SONCUI.DLL
del SONCUI.DLL
attrib -s -r -h DOUSIC32.DLL
del DOUSIC32.DLL
attrib -s -r -h wdpshell.dll
del wdpshell.dll
attrib -s -r -h OPEDLG.DLL
del OPEDLG.DLL
attrib -s -r -h DZ32GT.DLL
del DZ32GT.DLL
attrib -s -r -h FIWPP.DLL
del FIWPP.DLL
attrib -s -r -h JNBEXEC.DLL
del JNBEXEC.DLL
attrib -s -r -h mqihnd.dll
del mqihnd.dll
attrib -s -r -h QRARTZ.DLL
del QRARTZ.DLL
attrib -s -r -h pwdrv.dll
del pwdrv.dll
In NotePad, go to File Menu > Save AS and type the filename as RemFile.BAT and save the file in C:\ drive. Exit from NotePad.


Restart the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Command Prompt Mode and press Enter key.


At the Command Prompt, type RemFile and press Enter key.


After the completion of batch file, reboot the PC by pressing CTRL-ALT-DEL keys, to Normal Mode.


Run WinPFind again and scan the system and please post the new log.
Last edited by swatkat; Jun 26th, 2006 at 6:50 pm.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Jun 2006
Posts: 27
Reputation: ferrarilover is an unknown quantity at this point 
Solved Threads: 0
ferrarilover ferrarilover is offline Offline
Light Poster

Re: Need help! Please analyze my HJT log!

 
0
  #13
Jun 26th, 2006
Done as directed, this is getting pretty involved....what next?

Heres the WinPFind Log:


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 02/10/05 4:45:58 PM RH 5578784 C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 15/06/06 9:20:10 AM 42736 C:\WINDOWS\icont.exe
UPX! 04/04/06 5:10:14 PM 2541151 C:\WINDOWS\hot_exotic_ferraris.scr
UPX! 04/04/06 5:10:14 PM 220582 C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts

Checking %System% folder...
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\snnsapi.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DRTIME.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wppcd.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DAIMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IOM32.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
26/06/06 9:02:56 PM RH 1400864 C:\WINDOWS\USER.DAT
26/06/06 9:00:22 PM RH 7733286 C:\WINDOWS\SYSTEM.DAT
24/06/06 11:50:58 AM H 54156 C:\WINDOWS\QTFont.qfn
26/06/06 8:52:58 PM H 826747 C:\WINDOWS\ShellIconCache
24/06/06 3:21:52 PM H 5416 C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\snnsapi.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DRTIME.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wppcd.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DAIMAN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IOM32.DLL
03/06/06 11:45:12 AM HS 11776 C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM HS 400 C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM HS 313544 C:\WINDOWS\All Users\DRM\IndivBox.key
26/06/06 8:59:44 PM HS 1368 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
26/06/06 8:50:06 PM H 2336 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
25/06/06 10:27:36 PM H 1348 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM H 760 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM H 464 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM H 1012 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM H 560 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM H 548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
25/06/06 10:42:04 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
26/06/06 6:20:58 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
26/06/06 6:21:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\OPERG5IJ\desktop.ini
26/06/06 6:21:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\S8JZSI1O\desktop.ini
26/06/06 6:21:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\6MRONBG9\desktop.ini
26/06/06 8:59:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/08/99 10:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 30/10/01 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 10/02/99 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc. 08/04/04 2:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc. 26/08/96 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems 13/02/06 11:53:30 AM 61555 C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
23/06/06 5:38:34 PM 25658 C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM 15144 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
SpySweeper "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 26/06/06 9:05:38 PM



<><><>

thanks again
Chris
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Need help! Please analyze my HJT log!

 
0
  #14
Jun 27th, 2006
Hi,
Ok, most of the "bad" files are gone. Please download L2M9XFix and extract it to a folder. Now, inside this extracted folder, there will be a file named RunThis.bat. Double-click on this file. A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Jun 2006
Posts: 27
Reputation: ferrarilover is an unknown quantity at this point 
Solved Threads: 0
ferrarilover ferrarilover is offline Offline
Light Poster

Re: Need help! Please analyze my HJT log!

 
0
  #15
Jun 27th, 2006
Ok log #1 is L2M9XFIX:

Log of L2M9XFix v1.01a

************

Running from directory:
C:\WINDOWS\Desktop\repair\L2M9XFIX\l2m9xfix

************

Files found:

C:\WINDOWS\system\DAIMAN.DLL
C:\WINDOWS\system\DOMSSHRN.DLL
C:\WINDOWS\system\DRTIME.DLL
C:\WINDOWS\system\IOM32.DLL
C:\WINDOWS\system\MNCDevice.dll
C:\WINDOWS\system\snnsapi.dll
C:\WINDOWS\system\wppcd.dll

************

Registry entries found:


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{EA89D347-665A-9B37-B7B1-3013EEF92CD6}"=""

************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!

<><><><><><><><><><><><><><><><><><>

And log #2 is HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:28:29 PM, on 27/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\REPAIR\HIJACKTHIS.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab


<><><><>

Note: I have noticed since before this last series of tasks that I don't have popups anymore like I did before (which was VERY annoying!).

Chris
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Need help! Please analyze my HJT log!

 
0
  #16
Jun 28th, 2006
Hi,
Look2Me's gone! Log looks clean Please post back if you still get any popups or have any problems with the PC.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC