I have a very stubborn virus!!

Posted 9/8/2007 11:26 AM
#53272
User avatar

GunbladerQ Member

Date Joined Nov 2016
Total Posts: 4
Here is the log. Please help ASAP.Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 7:27:15 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Proximotron\Proxomitron.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9D001AB9-38C4-4CDE-B11C-8A0E4470A276} - c:\windows\system32\hbbdhbb.dll
O2 - BHO: (no name) - {A83B8EFB-702A-4D57-BA2E-FE58FBA8E026} - c:\windows\system32\kydjnphy.dll
O2 - BHO: (no name) - {FDEF9056-5756-4EC8-AFAB-07B8BB34967C} - c:\windows\system32\qdqywfaz.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Warcraft.ahk
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615525718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D720A-A9BB-4C6E-9016-9DDAD61207C5}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11C0A34-F432-4198-B837-214D116DE500}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: nyoedsbw - C:\WINDOWS\SYSTEM32\hbbdhbb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Posted 9/8/2007 11:41 AM
#53274
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :scool:







Click here - ->> [color=#0000ff>Before posting a log[/b]





After You have run the scan tools -



Reboot normally



Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic



[/3][/color]




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/8/2007 1:56 PM
#53279
User avatar

GunbladerQ Member

Date Joined Nov 2016
Total Posts: 4
Logfile of HijackThis v1.99.1
Scan saved at 9:55:31 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9D001AB9-38C4-4CDE-B11C-8A0E4470A276} - c:\windows\system32\hbbdhbb.dll
O2 - BHO: (no name) - {A83B8EFB-702A-4D57-BA2E-FE58FBA8E026} - c:\windows\system32\kydjnphy.dll
O2 - BHO: (no name) - {FDEF9056-5756-4EC8-AFAB-07B8BB34967C} - c:\windows\system32\qdqywfaz.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Warcraft.ahk
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615525718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D720A-A9BB-4C6E-9016-9DDAD61207C5}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11C0A34-F432-4198-B837-214D116DE500}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: nyoedsbw - C:\WINDOWS\SYSTEM32\hbbdhbb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:28:05 PM 9/8/2007

+ Scan result:



C:\System Volume Information\_restore{FC1BC3E2-C623-4309-95DD-9B0ECD1499C4}\RP3\A0001049.dll -> Downloader.Agent.cnq : Cleaned with backup (quarantined).
C:\Games\C&C3\Kane\c&c-tr-1.06.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Ignored.
:mozilla.44:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.386:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.428:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.629:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.110:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.119:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.120:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.121:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.122:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.123:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.124:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.125:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.115:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.246:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.247:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.429:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.430:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.431:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.432:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.274:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.275:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.276:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.564:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.60:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.380:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.131:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.377:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.378:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.498:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.499:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.661:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.662:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.673:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.719:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.24:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.25:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.518:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.345:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.433:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.496:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.48:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.49:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.50:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.407:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.422:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.423:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.416:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.417:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.418:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.419:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.105:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.290:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pocitadlo : Cleaned.
:mozilla.256:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.262:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.263:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.264:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.265:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.266:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.267:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.268:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.269:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.611:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.612:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.665:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.666:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.479:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.480:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.481:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.516:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.517:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.536:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.537:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.538:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.539:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.507:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.508:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.509:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.510:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.511:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.512:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.588:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.589:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.336:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.337:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.338:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.339:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.455:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Spinbox : Cleaned.
:mozilla.735:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.736:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.737:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.138:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.142:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.143:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.146:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.147:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.149:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.150:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.239:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.424:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.542:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.543:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.134:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.136:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.137:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\GunBlad3r\Cookies\gunblad3r@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.198:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.199:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.200:C:\Documents and Settings\GunBlad3r\Application Data\Mozilla\Firefox\Profiles\vrah4spw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
Sat 09/08/2007 21:30:46.87

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-08 21:30:47
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,80,3c,cc,c8,5f,f9,59,df,6f,f3,68,e9,1c,1a,59,cd,15,34,03,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,1d,d5,1b,c0,4e,a6,4c,27,00,55,0a,6d,4c,e4,72,bd,..
"khjeh"=hex:47,3b,19,fc,3e,7a,ec,b9,9a,e1,c8,14,72,62,f3,0e,31,cb,bf,18,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,04,00,d0,d6,ac,00,00,00,00,00,e8,ff,ff,ff,20,e0,ac,00,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:86,0a,19,9e,9c,ec,4e,d0,11,e9,96,2b,8f,da,d8,e1,9f,ba,ad,5b,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,80,3c,cc,c8,5f,f9,59,df,6f,f3,68,e9,1c,1a,59,cd,15,34,03,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,1d,d5,1b,c0,4e,a6,4c,27,00,55,0a,6d,4c,e4,72,bd,..
"khjeh"=hex:47,3b,19,fc,3e,7a,ec,b9,9a,e1,c8,14,72,62,f3,0e,31,cb,bf,18,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,04,00,f0,c7,67,00,00,00,73,00,e0,ff,ff,ff,76,6b,05,00,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b7,c7,aa,a1,34,49,30,8c,33,2f,85,1e,bf,a4,83,60,4f,2a,4a,d3,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,80,3c,cc,c8,5f,f9,59,df,6f,f3,68,e9,1c,1a,59,cd,15,34,03,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,1d,d5,1b,c0,4e,a6,4c,27,00,55,0a,6d,4c,e4,72,bd,..
"khjeh"=hex:47,3b,19,fc,3e,7a,ec,b9,9a,e1,c8,14,72,62,f3,0e,31,cb,bf,18,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,04,00,10,93,6a,00,e0,7b,6a,00,a8,ff,ff,ff,40,00,25,00,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b7,c7,aa,a1,34,49,30,8c,33,2f,85,1e,bf,a4,83,60,4f,2a,4a,d3,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,80,3c,cc,c8,5f,f9,59,df,6f,f3,68,e9,1c,1a,59,cd,15,34,03,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,1d,d5,1b,c0,4e,a6,4c,27,00,55,0a,6d,4c,e4,72,bd,..
"khjeh"=hex:47,3b,19,fc,3e,7a,ec,b9,9a,e1,c8,14,72,62,f3,0e,31,cb,bf,18,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,04,00,e8,1e,a4,00,00,00,00,00,e8,ff,ff,ff,20,20,a4,00,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b7,c7,aa,a1,34,49,30,8c,33,2f,85,1e,bf,a4,83,60,4f,2a,4a,d3,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ippflt]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"ImagePath"=str(2):"system32\Drivers\ippflt.sys"
"DisplayName"="IP Packet Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:6c21c9e1
"s2"=dword:b8f2b6ff
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,80,3c,cc,c8,5f,f9,59,df,6f,f3,68,e9,1c,1a,59,cd,15,34,03,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,1d,d5,1b,c0,4e,a6,4c,27,00,55,0a,6d,4c,e4,72,bd,..
"khjeh"=hex:47,3b,19,fc,3e,7a,ec,b9,9a,e1,c8,14,72,62,f3,0e,31,cb,bf,18,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,04,00,88,93,b1,00,00,00,00,00,e8,ff,ff,ff,20,a0,b1,00,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b7,c7,aa,a1,34,49,30,8c,33,2f,85,1e,bf,a4,83,60,4f,2a,4a,d3,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,80,3c,cc,c8,5f,f9,59,df,6f,f3,68,e9,1c,1a,59,cd,15,34,03,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,1d,d5,1b,c0,4e,a6,4c,27,00,55,0a,6d,4c,e4,72,bd,..
"khjeh"=hex:47,3b,19,fc,3e,7a,ec,b9,9a,e1,c8,14,72,62,f3,0e,31,cb,bf,18,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,04,00,50,66,b6,00,00,00,00,00,e8,ff,ff,ff,20,70,b6,00,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b7,c7,aa,a1,34,49,30,8c,33,2f,85,1e,bf,a4,83,60,4f,2a,4a,d3,57,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0


ComboFix 07-09-08.7 - "GunBlad3r" 2007-09-08 21:41:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.658 [GMT 8:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPPFLT


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 20:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-05 19:46 d-------- C:\Program Files\IrfanView
2007-09-05 14:07 101,142 --a------ C:\WINDOWS\system32\kydjnphy.dll
2007-09-04 22:15 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Opera
2007-09-04 22:14 d-------- C:\Program Files\Opera
2007-09-04 20:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-03 22:01 d-------- C:\Program Files\Google
2007-09-03 22:01 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Google
2007-09-03 14:04 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Lavasoft
2007-09-03 14:03 d-------- C:\Program Files\Lavasoft
2007-09-01 14:43 d-------- C:\Program Files\backups
2007-09-01 12:14 67,584 --a------ C:\WINDOWS\system32\qdqywfaz.dll
2007-09-01 02:39 218,112 --a------ C:\Program Files\HJT.exe
2007-09-01 02:39 111,616 --a------ C:\Program Files\VundoFix.exe
2007-08-30 21:18 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-30 21:18 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 21:18 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 21:17 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-29 11:55 756,224 --a------ C:\WINDOWS\system32\xikriubf.dll
2007-08-29 11:55 684,567 --a------ C:\WINDOWS\system32\libeay32.dll
2007-08-29 11:55 48,640 --a------ C:\WINDOWS\system32\arwmomvd.dll
2007-08-29 11:55 46,592 --a------ C:\WINDOWS\system32\gfbfenss.dll
2007-08-29 11:55 147,729 --a------ C:\WINDOWS\system32\libssl32.dll
2007-08-29 11:55 128,512 --a------ C:\WINDOWS\system32\jaxujetp.dll
2007-08-29 11:55 102,912 --a------ C:\WINDOWS\system32\dzzgfnyt.dll
2007-08-29 11:41 82,944 --a------ C:\WINDOWS\system32\hbbdhbb.dll
2007-08-29 11:41 17,280 C:\WINDOWS\system32\drivers\bevsdkdy.sys
2007-08-29 09:39 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-08-25 02:22 d-------- C:\Program Files\AutoHotkey
2007-08-19 21:39 d-------- C:\Program Files\SystemRequirementsLab
2007-08-18 23:40 d-------- C:\Program Files\Codemasters
2007-08-13 11:03 d-------- C:\Program Files\Lexmark 640 Series
2007-08-12 14:36 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-12 14:36 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-08-12 14:33 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-12 14:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-12 14:26 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-08-12 14:26 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-08 19:12 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-08-08 19:11 d-------- C:\Program Files\Bitcomet
2007-08-08 19:05 d-------- C:\Program Files\BCMAX2.5?

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 21:48 382240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-08 21:48 11406112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-08 21:47 38948 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-08 21:47 157988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-08 20:45 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\uTorrent
2007-09-08 20:18 --------- d-------- C:\Program Files\Warcraft III
2007-09-08 19:27 5802 --a------ C:\Program Files\hijackthis.log
2007-09-08 02:04 --------- d-------- C:\Program Files\Granado Espada
2007-08-25 01:25 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Uniblue
2007-08-23 00:44 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Free Download Manager
2007-08-18 23:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 18:50 --------- d-------- C:\Program Files\DAEMON Tools
2007-08-05 21:55 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-08-05 14:41 --------- d-------- C:\Program Files\Winamp
2007-08-03 19:23 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-03 16:30 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 16:30 --------- dr-h----- C:\DOCUME~1\GUNBLA~1\APPLIC~1\SecuROM
2007-08-01 22:52 --------- d-------- C:\Program Files\jap
2007-07-29 18:27 --------- d-------- C:\Program Files\Kaspersky Lab
2007-07-29 16:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-25 19:01 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-25 19:01 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-25 17:34 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-14 16:38 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\dvdcss
2007-07-14 11:32 --------- d-------- C:\Program Files\uTorrent
2007-07-13 19:21 --------- d-------- C:\Program Files\Microsoft Reader
2007-07-12 20:00 --------- d-------- C:\Program Files\MSN Messenger
2007-07-11 08:56 --------- d-------- C:\Program Files\Valve
2007-07-10 21:43 --------- d-------- C:\Program Files\softnyx
2007-07-09 23:37 --------- d-------- C:\Program Files\AutoPatcher
2007-07-01 22:22 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-01 22:22 303104 --------- C:\WINDOWS\Setup1.exe
2007-06-18 23:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-05-31 22:45 2777088 --a------ C:\Program Files\FoxitReader.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-04_210430.53 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 2,039,096 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat\shell\1\shellstyle.dll
-c--a-w 1,930,093 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat2\shell\NormalColor\shellstyle.dll
----a-w 32,768 2007-09-08 13:48:33 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-08 13:48:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-08 13:48:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 8,972 2007-09-04 14:03:19 C:\WINDOWS\system32\Restore\rstrlog.dat
.
----a-w 2,039,096 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat\shell\1\shellstyle.dll
----a-w 1,930,093 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat2\shell\NormalColor\shellstyle.dll
----a-w 32,768 2007-09-04 12:54:52 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-04 12:54:52 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-04 12:54:52 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D001AB9-38C4-4CDE-B11C-8A0E4470A276}]
2007-09-08 14:25 82944 --a------ c:\windows\system32\hbbdhbb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A83B8EFB-702A-4D57-BA2E-FE58FBA8E026}]
2007-09-05 14:07 101142 --a------ c:\windows\system32\kydjnphy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDEF9056-5756-4EC8-AFAB-07B8BB34967C}]
2007-09-08 14:25 67584 --a------ c:\windows\system32\qdqywfaz.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\GUNBLA~1\STARTM~1\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 20:31:46]
Warcraft.ahk [2007-08-25 02:31:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nyoedsbw]
hbbdhbb.dll 2007-09-08 14:25 82944 C:\WINDOWS\system32\hbbdhbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

R0 pjwkdfbt;pjwkdfbt;C:\WINDOWS\system32\drivers\bevsdkdy.sys
R2 cyujqzqx;Floppy Disk Helper;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 lxda_device;lxda_device;C:\WINDOWS\system32\lxdacoms.exe -service
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cyujqzqx

*Newly Created Service* - AVGASCLN
*Newly Created Service* - IPPFLT
.
Contents of the 'Scheduled Tasks' folder
"2007-09-03 17:18:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-24 17:18:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-08 21:50:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\AppCert
C:\WINDOWS\system32\drivers\hd_dirs.cfg
C:\WINDOWS\system32\drivers\hd_files.cfg
C:\WINDOWS\system32\drivers\hd_rkeys.cfg
C:\WINDOWS\system32\drivers\hd_rvals.cfg
C:\WINDOWS\system32\drivers\hd_self.cfg
C:\WINDOWS\system32\drivers\ippflt.sys

scan completed successfully
hidden files: 7

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\ippflt]
"ImagePath"="system32\Drivers\ippflt.sys"
.
Completion time: 2007-09-08 21:53:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 21:53
C:\ComboFix2.txt ... 2007-09-04 21:05
.
--- E O F ---
Posted 9/8/2007 3:45 PM
#53287
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976


Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

File::

c:\windows\system32\hbbdhbb.dll

c:\windows\system32\kydjnphy.dll

c:\windows\system32\qdqywfaz.dll





----------------------------------------------



Save this as CFScript.txt



https://www.fromsej.saknet.dk/billeder/cfscript.gif



Referring to the picture above, drag CFScript.txt into ComboFix.exe.





Post new combofix log along with new hijackthis log and tell how things are running ?


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/8/2007 4:46 PM
#53293
User avatar

GunbladerQ Member

Date Joined Nov 2016
Total Posts: 4
ComboFix 07-09-08.7 - "GunBlad3r" 2007-09-09 0:33:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.660 [GMT 8:00]
Command switches used :: C:\Documents and Settings\GunBlad3r\Desktop\CFScript.txt.txt
* Created a new restore point

FILE::
c:\windows\system32\hbbdhbb.dll
c:\windows\system32\kydjnphy.dll
c:\windows\system32\qdqywfaz.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hbbdhbb.dll . . . . failed to delete
c:\windows\system32\kydjnphy.dll . . . . failed to delete
c:\windows\system32\qdqywfaz.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPPFLT


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 23:29 d-------- C:\Program Files\Trend Micro
2007-09-08 20:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-05 19:46 d-------- C:\Program Files\IrfanView
2007-09-05 14:07 101,142 --a------ C:\WINDOWS\system32\kydjnphy.dll
2007-09-04 22:15 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Opera
2007-09-04 22:14 d-------- C:\Program Files\Opera
2007-09-04 20:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-03 22:01 d-------- C:\Program Files\Google
2007-09-03 22:01 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Google
2007-09-03 14:04 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Lavasoft
2007-09-03 14:03 d-------- C:\Program Files\Lavasoft
2007-09-01 14:43 d-------- C:\Program Files\backups
2007-09-01 02:39 111,616 --a------ C:\Program Files\VundoFix.exe
2007-08-30 21:18 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-30 21:18 d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 21:18 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 21:17 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-29 11:55 756,224 --a------ C:\WINDOWS\system32\xikriubf.dll
2007-08-29 11:55 684,567 --a------ C:\WINDOWS\system32\libeay32.dll
2007-08-29 11:55 48,640 --a------ C:\WINDOWS\system32\arwmomvd.dll
2007-08-29 11:55 46,592 --a------ C:\WINDOWS\system32\gfbfenss.dll
2007-08-29 11:55 147,729 --a------ C:\WINDOWS\system32\libssl32.dll
2007-08-29 11:55 128,512 --a------ C:\WINDOWS\system32\jaxujetp.dll
2007-08-29 11:55 102,912 --a------ C:\WINDOWS\system32\dzzgfnyt.dll
2007-08-29 11:41 82,944 --a------ C:\WINDOWS\system32\hbbdhbb.dll
2007-08-29 11:41 17,280 C:\WINDOWS\system32\drivers\bevsdkdy.sys
2007-08-29 09:39 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-08-25 02:22 d-------- C:\Program Files\AutoHotkey
2007-08-19 21:39 d-------- C:\Program Files\SystemRequirementsLab
2007-08-18 23:40 d-------- C:\Program Files\Codemasters
2007-08-13 11:03 d-------- C:\Program Files\Lexmark 640 Series
2007-08-12 14:36 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-12 14:36 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-08-12 14:33 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-12 14:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-12 14:26 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-08-12 14:26 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 00:40 386336 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-09 00:40 11515424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-09 00:39 39308 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-09 00:39 159452 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-09 00:39 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\uTorrent
2007-09-09 00:28 --------- d-------- C:\Program Files\Warcraft III
2007-09-08 02:04 --------- d-------- C:\Program Files\Granado Espada
2007-08-25 01:25 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Uniblue
2007-08-23 00:44 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Free Download Manager
2007-08-18 23:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 17:08 --------- d-------- C:\Program Files\BCMAX2.5?
2007-08-08 19:19 --------- d-------- C:\Program Files\Bitcomet
2007-08-06 18:50 --------- d-------- C:\Program Files\DAEMON Tools
2007-08-05 21:55 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-08-05 14:41 --------- d-------- C:\Program Files\Winamp
2007-08-03 19:23 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-03 16:30 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 16:30 --------- dr-h----- C:\DOCUME~1\GUNBLA~1\APPLIC~1\SecuROM
2007-08-01 22:52 --------- d-------- C:\Program Files\jap
2007-07-29 18:27 --------- d-------- C:\Program Files\Kaspersky Lab
2007-07-29 16:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-25 19:01 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-25 19:01 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-25 17:34 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-14 16:38 --------- d-------- C:\DOCUME~1\GUNBLA~1\APPLIC~1\dvdcss
2007-07-14 11:32 --------- d-------- C:\Program Files\uTorrent
2007-07-13 19:21 --------- d-------- C:\Program Files\Microsoft Reader
2007-07-12 20:00 --------- d-------- C:\Program Files\MSN Messenger
2007-07-11 08:56 --------- d-------- C:\Program Files\Valve
2007-07-10 21:43 --------- d-------- C:\Program Files\softnyx
2007-07-09 23:37 --------- d-------- C:\Program Files\AutoPatcher
2007-07-01 22:22 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-01 22:22 303104 --------- C:\WINDOWS\Setup1.exe
2007-06-18 23:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-05-31 22:45 2777088 --a------ C:\Program Files\FoxitReader.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-04_210430.53 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 2,039,096 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat\shell\1\shellstyle.dll
-c--a-w 1,930,093 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat2\shell\NormalColor\shellstyle.dll
----a-w 32,768 2007-09-08 16:40:08 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-08 16:40:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-08 16:40:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 8,972 2007-09-04 14:03:19 C:\WINDOWS\system32\Restore\rstrlog.dat
.
----a-w 2,039,096 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat\shell\1\shellstyle.dll
----a-w 1,930,093 2003-10-30 11:57:22 C:\WINDOWS\Resources\Themes\Inspirat\Inspirat2\shell\NormalColor\shellstyle.dll
----a-w 32,768 2007-09-04 12:54:52 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-04 12:54:52 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-04 12:54:52 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D001AB9-38C4-4CDE-B11C-8A0E4470A276}]
2007-09-08 14:25 82944 --a------ c:\windows\system32\hbbdhbb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A83B8EFB-702A-4D57-BA2E-FE58FBA8E026}]
2007-09-05 14:07 101142 --a------ c:\windows\system32\kydjnphy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\GUNBLA~1\STARTM~1\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 20:31:46]
Warcraft.ahk [2007-08-25 02:31:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nyoedsbw]
hbbdhbb.dll 2007-09-08 14:25 82944 C:\WINDOWS\system32\hbbdhbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

R0 pjwkdfbt;pjwkdfbt;C:\WINDOWS\system32\drivers\bevsdkdy.sys
R2 lxda_device;lxda_device;C:\WINDOWS\system32\lxdacoms.exe -service
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 cyujqzqx;Floppy Disk Helper;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cyujqzqx

*Newly Created Service* - IPPFLT
.
Contents of the 'Scheduled Tasks' folder
"2007-09-03 17:18:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-24 17:18:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-09 00:41:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\AppCert
C:\WINDOWS\system32\drivers\hd_dirs.cfg
C:\WINDOWS\system32\drivers\hd_files.cfg
C:\WINDOWS\system32\drivers\hd_rkeys.cfg
C:\WINDOWS\system32\drivers\hd_rvals.cfg
C:\WINDOWS\system32\drivers\hd_self.cfg
C:\WINDOWS\system32\drivers\ippflt.sys

scan completed successfully
hidden files: 7

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\ippflt]
"ImagePath"="system32\Drivers\ippflt.sys"
.
Completion time: 2007-09-09 0:44:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 00:44
C:\ComboFix2.txt ... 2007-09-08 21:53
C:\ComboFix3.txt ... 2007-09-04 21:05
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:26 AM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9D001AB9-38C4-4CDE-B11C-8A0E4470A276} - c:\windows\system32\hbbdhbb.dll
O2 - BHO: (no name) - {A83B8EFB-702A-4D57-BA2E-FE58FBA8E026} - c:\windows\system32\kydjnphy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Warcraft.ahk
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615525718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D720A-A9BB-4C6E-9016-9DDAD61207C5}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11C0A34-F432-4198-B837-214D116DE500}: NameServer = 202.188.0.133 202.188.1.5
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nyoedsbw - C:\WINDOWS\SYSTEM32\hbbdhbb.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5647 bytes
Posted 9/8/2007 6:15 PM
#53298
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hmm, they seems to be stubborn :rolleyes:





Please download:

[color=#1991cf>https://swandog46.geekstogo.com/avenger.zip[/url]



by Swandog46 to your Desktop.

You must extract avenger. zip to your desktop, before you run it.



Start up Avenger exe.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box below.

Quote:

[/color]
[/b]

[table style="BACKGROUND: silver; MARGIN-LEFT: 15pt; WIDTH: 100%; mso-padding-alt: 4.5pt 4.5pt 4.5pt 4.5pt; mso-cellspacing: 0cm" cellSpacing=0 cellPadding=0 width="100%" bgColor=silver border=0]
[tr ][td style="BORDER-RIGHT: #ffffff; PADDING-RIGHT: 4.5pt; BORDER-TOP: #ffffff; PADDING-LEFT: 4.5pt; PADDING-BOTTOM: 4.5pt; BORDER-LEFT: #ffffff; PADDING-TOP: 4.5pt; BORDER-BOTTOM: #ffffff; BACKGROUND-COLOR: transparent"]

Files to delete:
c:\windows\system32\hbbdhbb.dll
c:\windows\system32\kydjnphy.dll







[/td][/tr][/table]

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt





Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/9/2007 3:16 AM
#53313
User avatar

GunbladerQ Member

Date Joined Nov 2016
Total Posts: 4
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hhworwqs

*******************

Script file located at: \??\C:\Program Files\vvqnxwyk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file c:\windows\system32\hbbdhbb.dll for deletion
Deletion of file c:\windows\system32\hbbdhbb.dll failed!

Could not process line:
c:\windows\system32\hbbdhbb.dll
Status: 0xc0000022



Could not open file c:\windows\system32\kydjnphy.dll for deletion
Deletion of file c:\windows\system32\kydjnphy.dll failed!

Could not process line:
c:\windows\system32\kydjnphy.dll
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:27 AM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9D001AB9-38C4-4CDE-B11C-8A0E4470A276} - c:\windows\system32\hbbdhbb.dll
O2 - BHO: (no name) - {A83B8EFB-702A-4D57-BA2E-FE58FBA8E026} - c:\windows\system32\kydjnphy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Warcraft.ahk
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615525718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D720A-A9BB-4C6E-9016-9DDAD61207C5}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11C0A34-F432-4198-B837-214D116DE500}: NameServer = 202.188.0.133 202.188.1.5
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nyoedsbw - C:\WINDOWS\SYSTEM32\hbbdhbb.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5680 bytes
Posted 9/10/2007 5:34 AM
#53385
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please download Free Version of Superantispyware
https://www.superantispyware.com/superantispywarefreevspro.html

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program



Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
https://spywareinfo.dk/download/drweb-cureit.exe

to your desktop.





Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.




Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot



Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.



Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, November 14, 2018, 7:32 AM (GMT +1)
There are a total of 61,690 posts in 13,592 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,413 registered members. Please welcome our newest member, anthonysmiths.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.