1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijack/fixware out issue

Discussion in 'Windows - Virus and spyware problems' started by juliemay, Feb 28, 2007.

  1. juliemay

    juliemay Guest

    Hi there..I am very new to this site and am having internet problems, also pop ups with ie 7..I was wondering if someone could have a look at my 2 log files and advise me what I could do. Many thanks. Julie Logfile of HijackThis v1.99.1
    Scan saved at 09:17:59, on 01/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AOL 9.0 VRa\waol.exe
    C:\Program Files\Common Files\AOL\1172256959\ee\aolsoftware.exe
    c:\program files\common files\aol\1172256959\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1172256959\ee\aolsoftware.exe
    C:\Program Files\AOL 9.0 VRa\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\~AceTemp\hijackthis_2\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Roam meow] C:\DOCUME~1\JULIEM~1\APPLIC~1\16SLOW~1\ReadmeDash.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    Fixwareout Last edited 2/11/2007
    Post this report in the forums please Logfile of HijackThis v1.99.1
    Scan saved at 09:17:59, on 01/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AOL 9.0 VRa\waol.exe
    C:\Program Files\Common Files\AOL\1172256959\ee\aolsoftware.exe
    c:\program files\common files\aol\1172256959\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1172256959\ee\aolsoftware.exe
    C:\Program Files\AOL 9.0 VRa\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\~AceTemp\hijackthis_2\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Roam meow] C:\DOCUME~1\JULIEM~1\APPLIC~1\16SLOW~1\ReadmeDash.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    ...
    »»»»»Prerun check

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other



    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
    "WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
    "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
    6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Roam meow"="C:\\DOCUME~1\\JULIEM~1\\APPLIC~1\\16SLOW~1\\ReadmeDash.exe"
    "Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\""
    "PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
    "PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»
     
    juliemay, Feb 28, 2007
    #1
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Hi Julie.

    Please Download NoLop to your desktop from one of the links below...

    Link 1
    Link 2
    Link 3

    [*]First close any other programs you have running as this will require a reboot
    [*]Double click NoLop.exe to run it
    [*]Now click the button labelled "Search and Destroy"

    <<your computer will now be scanned for infected files>>

    [*] When scanning is finished you will be prompted to reboot only if infected, Click OK
    [*] Now click the "REBOOT" Button.
    [*] A Message should popup from NoLop. If not, double click the program again and it will finish.

    Please Post the contents of C:\NoLop.log along with a fresh HijackThis log.

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
     
    KotaGuy, Mar 1, 2007
    #2
  3. juliemay

    juliemay Guest

    Hi ya, many thanks for your help...sorry for delay, I lost have lost my welcome screen on aol, cant get onto internet via aol. I am using firefox at mo but pc still not rightNoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Julie May Clark\Application Data\IDM\DwnlData\Julie May Clark\NoLop_280
    [02/03/2007]
    [23:42:58]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\ABFD087191CEBB3D.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Adobe
    C:\Documents and Settings\Administrator\Application Data\Apple Computer
    C:\Documents and Settings\Administrator\Application Data\Cyberlink
    C:\Documents and Settings\Administrator\Application Data\Identities
    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\Administrator\Application Data\Sampleview -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Ahead
    C:\Documents and Settings\All Users\Application Data\Aol
    C:\Documents and Settings\All Users\Application Data\Aol Downloads
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Billeo
    C:\Documents and Settings\All Users\Application Data\Ca
    C:\Documents and Settings\All Users\Application Data\Comodo
    C:\Documents and Settings\All Users\Application Data\Cyberlink
    C:\Documents and Settings\All Users\Application Data\Datameowballinternet
    C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    C:\Documents and Settings\All Users\Application Data\Dvd Shrink
    C:\Documents and Settings\All Users\Application Data\Google
    C:\Documents and Settings\All Users\Application Data\Iomatic
    C:\Documents and Settings\All Users\Application Data\Kodak
    C:\Documents and Settings\All Users\Application Data\Macromedia
    C:\Documents and Settings\All Users\Application Data\Mcafee
    C:\Documents and Settings\All Users\Application Data\Mcafee.com
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Microsoft Help
    C:\Documents and Settings\All Users\Application Data\Msn6
    C:\Documents and Settings\All Users\Application Data\Pc Suite
    C:\Documents and Settings\All Users\Application Data\Skype
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    C:\Documents and Settings\All Users\Application Data\Yahoo!
    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    C:\Documents and Settings\Default User\Application Data\Adobe
    C:\Documents and Settings\Default User\Application Data\Apple Computer
    C:\Documents and Settings\Default User\Application Data\Cyberlink
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
    C:\Documents and Settings\Julie May Clark\Application Data\.bittornado
    C:\Documents and Settings\Julie May Clark\Application Data\16 Slow
    C:\Documents and Settings\Julie May Clark\Application Data\Adobe
    C:\Documents and Settings\Julie May Clark\Application Data\Adobeum
    C:\Documents and Settings\Julie May Clark\Application Data\Ahead
    C:\Documents and Settings\Julie May Clark\Application Data\Aol
    C:\Documents and Settings\Julie May Clark\Application Data\Apple Computer
    C:\Documents and Settings\Julie May Clark\Application Data\Avant Profiles
    C:\Documents and Settings\Julie May Clark\Application Data\Azureus
    C:\Documents and Settings\Julie May Clark\Application Data\Bitroll
    C:\Documents and Settings\Julie May Clark\Application Data\Bittorrent
    C:\Documents and Settings\Julie May Clark\Application Data\Comodo
    C:\Documents and Settings\Julie May Clark\Application Data\Cyberlink
    C:\Documents and Settings\Julie May Clark\Application Data\Datalayer
    C:\Documents and Settings\Julie May Clark\Application Data\Divx
    C:\Documents and Settings\Julie May Clark\Application Data\Dmcache
    C:\Documents and Settings\Julie May Clark\Application Data\Dvdcss
    C:\Documents and Settings\Julie May Clark\Application Data\Foxytunes
    C:\Documents and Settings\Julie May Clark\Application Data\Google
    C:\Documents and Settings\Julie May Clark\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Julie May Clark\Application Data\Identities
    C:\Documents and Settings\Julie May Clark\Application Data\Idm
    C:\Documents and Settings\Julie May Clark\Application Data\Ie7pro
    C:\Documents and Settings\Julie May Clark\Application Data\Lavasoft
    C:\Documents and Settings\Julie May Clark\Application Data\Limewire
    C:\Documents and Settings\Julie May Clark\Application Data\Macromedia
    C:\Documents and Settings\Julie May Clark\Application Data\Mailwasherpro
    C:\Documents and Settings\Julie May Clark\Application Data\Mcafee
    C:\Documents and Settings\Julie May Clark\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\Julie May Clark\Application Data\Media Player Classic
    C:\Documents and Settings\Julie May Clark\Application Data\Microsoft
    C:\Documents and Settings\Julie May Clark\Application Data\Mozilla
    C:\Documents and Settings\Julie May Clark\Application Data\Msn6
    C:\Documents and Settings\Julie May Clark\Application Data\Msninstaller
    C:\Documents and Settings\Julie May Clark\Application Data\Netscape
    C:\Documents and Settings\Julie May Clark\Application Data\Nokia
    C:\Documents and Settings\Julie May Clark\Application Data\Nokia Multimedia Player
    C:\Documents and Settings\Julie May Clark\Application Data\Opera
    C:\Documents and Settings\Julie May Clark\Application Data\Pc Suite
    C:\Documents and Settings\Julie May Clark\Application Data\Pc Tools
    C:\Documents and Settings\Julie May Clark\Application Data\Pegasys Inc
    C:\Documents and Settings\Julie May Clark\Application Data\Real
    C:\Documents and Settings\Julie May Clark\Application Data\Sampleview -- EMPTY Directory
    C:\Documents and Settings\Julie May Clark\Application Data\Skype
    C:\Documents and Settings\Julie May Clark\Application Data\Smart Pc Solutions
    C:\Documents and Settings\Julie May Clark\Application Data\Sun
    C:\Documents and Settings\Julie May Clark\Application Data\Torrent101
    C:\Documents and Settings\Julie May Clark\Application Data\Trojanhunter
    C:\Documents and Settings\Julie May Clark\Application Data\Utorrent
    C:\Documents and Settings\Julie May Clark\Application Data\Vcdeasy
    C:\Documents and Settings\Julie May Clark\Application Data\Viewpoint
    C:\Documents and Settings\Julie May Clark\Application Data\Vlc
    C:\Documents and Settings\Julie May Clark\Application Data\Webcompiler3
    C:\Documents and Settings\Julie May Clark\Application Data\Winpatrol
    C:\Documents and Settings\Julie May Clark\Application Data\Yahoo!
    C:\Documents and Settings\Julie May Clark\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\Localservice\Application Data\16 Slow
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    ..enclosed are 2 log files u requested.Logfile of HijackThis v1.99.1
    Scan saved at 08:09:39, on 03/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
    O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winlog.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winlog.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc. - (no file)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)
     
    juliemay, Mar 2, 2007
    #3
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks like you've picked up a couple other nasties.

    Print this out for reference during the fix as you will be booting into Safe Mode and will not be able to access this site.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    [*]Restart your computer
    [*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    [*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
    [*]Select the first option, to run Windows in Safe Mode, then press Enter.
    [*]Choose your usual account.

    [*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
    [*] Type Y to begin the cleanup process.
    [*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    [*] Press any Key and it will restart the PC.
    [*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    [*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    [*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
    Last edited: Mar 3, 2007
    KotaGuy, Mar 3, 2007
    #4
  5. juliemay

    juliemay Guest

    Once again thanks for all of your help, I really appreciate it.Logfile of HijackThis v1.99.1
    Scan saved at 19:03:53, on 03/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)

    SDFix: Version 1.69

    Run by Julie May Clark - 03/03/2007 @ 18:37:32.60

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:





    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\aax3B.tmp.exe - Deleted
    C:\WINDOWS\system32\plugin1.dat - Deleted
    C:\WINDOWS\system32\unsvchosts.lzma - Deleted
    C:\WINDOWS\system32\winlog.exe - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.


    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArtSmall.jpg
    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{62F4FC84-0D62-46A6-9302-78402D0106E1}_Large.jpg
    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{62F4FC84-0D62-46A6-9302-78402D0106E1}_Small.jpg
    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{CFB1F260-7F65-44F2-9FDB-696C0BF5A2AB}_Large.jpg
    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{CFB1F260-7F65-44F2-9FDB-696C0BF5A2AB}_Small.jpg
    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\desktop.ini
    C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\Folder.jpg
    C:\My old Disk Structure -- 08-02-07 2354\WINDOWS\system32\lss11.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\AOL 9.0\aoltray.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL 9.0\aolphx.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\Program Files\AOL 9.0\RBM.exe
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\WINDOWS\system32\RO8287.tmp.LOG
    C:\WINDOWS\system32\RO828C.tmp.LOG
    C:\WINDOWS\system32\RO828F.tmp.LOG
    C:\WINDOWS\system32\RO8294.tmp.LOG
    C:\WINDOWS\system32\RO8297.tmp.LOG
    C:\WINDOWS\system32\RO829C.tmp.LOG
    C:\WINDOWS\system32\RO829F.tmp.LOG
    C:\WINDOWS\system32\RO82A4.tmp.LOG
    C:\WINDOWS\system32\RO82A7.tmp.LOG
    C:\WINDOWS\system32\RO82AC.tmp.LOG
    C:\WINDOWS\system32\RO82AF.tmp.LOG
    C:\WINDOWS\system32\RO82B4.tmp.LOG

    Add/Remove Programs List:

    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
    Ace DivX Player
    Ace Media Player
    Active@ File Recovery 7.1
    Ad-Aware SE Personal
    Adobe Photoshop 7.0.1
    Adobe Shockwave Player
    Adobe Download Manager 2.2 (Remove Only)
    AnyDVD
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    AOL You've Got Pictures Screensaver
    AOL Coach Version 1.0(Build:20040229.1 uk)
    ASPI Rip
    Advanced Uninstaller PRO 2006 - version 7
    AVG 7.5
    AVI DivX to DVD SVCD VCD Converter 2.2.0
    Azureus 3.0
    Azureus Ultra Accelerator
    BitComet 0.84
    Bitcomet Ultra Accelerator
    BitLord 1.1
    BitRoll version 2.1.0.1
    BitTornado 0.3.17
    BitTorrent 5.0.6
    BitTorrent Ultra Accelerator
    BT Voyager 105 ADSL Modem
    BT Voyager Modem AOL Test
    CCleaner (remove only)
    hex(2):44,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,28,\
    Microsoft Windows XP Video Decoder Checkup Utility
    deskPDF 2.5 Professional Edition
    DivX Content Uploader
    DVD Shrink 3.2
    Microsoft Office Enterprise 2007
    ExtraTorrent Toolbar v1.0
    FLV Player 1.3.3
    FoxyTunes for Internet Explorer
    Girls
    Google Desktop Search
    Docudesk GPL Ghostscript 8.15
    Hauppauge MCE2005 Software Encoder
    HexDump plug-in for Ad-Aware SE
    HijackThis 1.99.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Windows Internet Explorer 7
    IE7pro
    Internet Download Manager
    JukeBox Tools
    Update Rollup 2 for Windows XP Media Center Edition 2005
    K-Lite Codec Pack 2.85 Standard
    Lexmark 1200 Series
    Lexmark 510 Series
    LimeWire PRO 4.13.0
    LSP Explorer plug-in for Ad-Aware SE
    Magic ISO Maker v5.3 (build 0216)
    MagicDisc 2.5.74
    MailWasher Pro
    CloneDVD 4.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0
    Microsoft Money 2007
    Mozilla Firefox (2.0.0.2)
    MpcStar 1.6
    Microsoft Compression Client Pack 1.0 for Windows XP
    MSN
    Netscape Browser (remove only)
    Microsoft National Language Support Downlevel APIs
    PeerGuardian 2.0
    Plato DVD Ripper 5.51
    Pop-Up Stopper Free Edition
    PowerISO
    PowerTools 12.0
    Logitech© Camera Driver
    RealPlayer
    Recover My Files
    RegScrubXP 3.25
    SC Net Speed Booster 4.2.0.0
    Adobe Flash Player 9 ActiveX
    Skype 3.0
    Motorola SM56 Speakerphone Modem
    Spamihilator
    Spybot - Search & Destroy 1.4
    Spyware Doctor 4.0
    SpywareBlaster v3.5.1
    Screensavers Installer Version 2
    Learn2 Player (Uninstall Only)
    Sun(TM) Download Manager 2.0
    System Restore Control
    Tesco internet access dialler
    Skype add-on for IE
    Torrent101 version 3.2.0.0
    Tweak-SE plug-in for Ad-Aware SE
    TweakNow RegCleaner Standard
    Ulead Photo Express 2.0 SE
    Universal Torrent Accelerator
    æTorrent
    VCDEasy
    Viewpoint Media Player
    VideoLAN VLC media player 0.8.6a
    VSPopUp
    WinAce Archiver
    WinAVIVideoConverter
    Windows Live Toolbar
    WinPatrol 2007 Restore/Remove First
    WinRAR archiver
    Windows Live OneCare
    WinZip
    Windows Media Connect
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    XoftSpySE
    XP TCP/IP Repair 1.0
    Yahoo! Anti-Spy
    Yahoo! Toolbar
    Yahoo! Extras
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Install Manager
    Zortam Mp3 Media Studio 6.66
    Notifier
    ESSSONIC
    Nokia Connectivity Cable Driver
    netbrdg
    Popup Blocker (Windows Live Toolbar)
    Smart Menus (Windows Live Toolbar)
    ESSPCD
    AutoUpdate
    Microsoft Protection Service
    PowerStarter
    Google Toolbar for Internet Explorer
    Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
    TMPGEnc 4.0 XPress Trial Version
    Google Toolbar for Firefox
    essvatgt
    J2SE Runtime Environment 5.0 Update 11
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Microsoft Windows OneCare Live v1.5.1890.18 Idcrl Install
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus
    Mouse Gestures for Internet Explorer
    Skype Plugin Manager
    Power2Go 4.0
    CR2
    Microsoft Windows Journal Viewer
    iTunes
    Windows Live Sign-in Assistant
    Microsoft SQL Server Native Client
    QuickTime
    OneCare Advisor (Windows Live Toolbar)
    Microsoft SQL Server Setup Support Files (English)
    CardRd81
    Microsoft Windows Live OneCare Resources v1.5.1890.18
    Windows Live Messenger
    Map Button (Windows Live Toolbar)
    Opera 9.10
    Microsoft Money Shared Libraries
    SHASTA
    VideoSync
    Media Center Diagnostic Kit
    ESSBrwr
    PX Engine
    PowerDVD
    Macromedia Flash Player 8
    Microsoft Works
    Microsoft .NET Framework 2.0
    MSXML 4.0 SP2 Parser and SDK
    WinPatrol 2007 Step 2
    Windows Live Favorites for Windows Live Toolbar
    DivX Codec
    Windows Vista Upgrade Advisor
    staticcr
    ESSTOOLS
    Intel(R) Extreme Graphics 2 Driver
    DivX Player
    ESSini
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    ESSgui
    REALTEK Gigabit and Fast Ethernet NIC Driver
    MP3PowerEncoder
    VPRINTOL
    ESScore
    Windows Defender
    RealSpeak Solo for UK English Emily
    Windows Live Outlook Toolbar (Windows Live Toolbar)
    Apple Software Update
    PC Connectivity Solution
    Pando
    ESSCDBK
    DivX Converter
    OfotoXMI
    CCScore
    DivX Web Player
    KSU
    Microsoft SQL Server VSS Writer
    Logitech QuickCam Software
    Windows Live Toolbar
    Microsoft AutoRoute 2007
    Microsoft .NET Framework 1.1
    Microsoft Windows OneCare Live v1.5.1890.18
    Kodak EasyShare software
    Nokia PC Suite
    SFR
    Google Toolbar for Internet Explorer
    AusLogics Disk Defrag
    tooltips
    CAM Wizard
    Nero 7 Ultra Edition
    kgcbase
    SKINXSDK
    WIRELESS
    Realtek AC'97 Audio
    SVCD2DVD 2.1 DEMO
    ESSPDock
    SKIN0001

    Finished
     
    juliemay, Mar 3, 2007
    #5
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    HijackThis log looks good :)

    Can I get you to do me a favor please...

    Go here:

    http://www.virustotal.com/en/indexf.html

    And upload this file into the scanner and report back the results...

    C:\My old Disk Structure -- 08-02-07 2354\WINDOWS\system32\lss11.exe

    Thanks.
     
    KotaGuy, Mar 3, 2007
    #6
  7. juliemay

    juliemay Guest

    Hi, a little while ago, I did a scan with fix ware out and now the file that you asked to be analysed seems to have gone...I have enclosed hijack log to see what you think. Many thanks Julie Logfile of HijackThis v1.99.1
    Scan saved at 22:10:40, on 03/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Common Files\AOL\1172919694\ee\aolsoftware.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Julie May Clark\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)

     
    juliemay, Mar 3, 2007
    #7
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    OK... did you run RootKitRevealer recently?
     
    KotaGuy, Mar 3, 2007
    #8
  9. juliemay

    juliemay Guest

    Hi ya..no I havent heard of that one..
     
    juliemay, Mar 3, 2007
    #9
  10. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Hmmm... strange.

    This 023 from your first log...

    O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe

    Is usually an indicator of Sysinternals RootKit Revealer having been run.

    Have you run another application from Sysinternals recently?

    I ask because in your latest log its saying it belongs to Grisoft

    O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file)

    Which isn't right...
     
    KotaGuy, Mar 3, 2007
    #10

Share This Page