hijackthis log please help!!!

drluv · Jul 3, 2007

hey guys, i'm trying to help my friends spyware virus and adware issue, just looking at it im sure this is going to be a huge process,
he dosnt want to re-install windows, and so we have to clean this up,
i really appreciate any help i can get, thanks in advance!

----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:18:19 AM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbSrv.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {7060354D-7B98-5515-24B6-0BA3D3C3F89E} - MSTCPDLL.dll (file missing)
R3 - URLSearchHook: (no name) - {B4A66CC7-2304-B56E-910B-7F2EFC6D5833} - init32.dll (file missing)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23704188-154e-4c58-9e3b-f05a6127c816} - C:\WINDOWS\system32\esenspi.dll
O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll (file missing)
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NsCplTray] Shaitan1678.exe
O4 - HKLM\..\Run: [backd] iehelper.exe
O4 - HKLM\..\Run: [MNTP] syspanel.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157749087\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKLM\..\Run: [dbxiklvx] C:\WINDOWS\system32\xlztddwr.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX3800"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 2)" /O5 "LPT2:" /M "Stylus CX3800"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [syspanel] control64.exe
O4 - HKCU\..\Run: [PrcIdle] backd.exe
O4 - HKCU\..\Run: [Bogobot] Kargo.exe
O4 - HKCU\..\Run: [stuffmon] hyandex.exe
O4 - HKCU\..\Run: [wormexe] scanSYS.exe
O4 - HKCU\..\Run: [slamm] killall.exe
O4 - HKCU\..\Run: [jiyaaaaa] C:\WINDOWS\system32\jiyaaaaa.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131734823425
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C50C77A-78D6-49BE-B7DE-5AD0E9D598EE}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A6668-B27C-4154-BEB8-D27083C9E51C}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDBD5C28-A945-4C93-81C1-4E28EE8BCB0C}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C50C77A-78D6-49BE-B7DE-5AD0E9D598EE}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197
O20 - AppInit_DLLs:
O20 - Winlogon Notify: esenspi - C:\WINDOWS\SYSTEM32\esenspi.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\hzp95en.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Security - C:\WINDOWS\desktop.html

--
End of file - 16091 bytes

Baabiouz · Jul 3, 2007

Hi!

Please download FixWareout from one of these mirrors:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
___________________________

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Post HijackThis log, Cobmbofix log and FixWareout log

drluv · Jul 10, 2007

ComboFix.txt:

"HP_Owner" - 2007-07-10 17:28:21 - ComboFix 07-07-10.1 - Service Pack 2

(((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{A0F4C358-CF7D-465A-8699-CA656E72AA6B}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{A0F4C358-CF7D-465A-8699-CA656E72AA6B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{A0F4C358-CF7D-465A-8699-CA656E72AA6B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{A0F4C358-CF7D-465A-8699-CA656E72AA6B}\InprocServer32]
@="C:\\WINDOWS\\system32\\hzp95en.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Granting SeDebugPrivilege to Administrators ... successful

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\vtutt.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\deskbar.exe
C:\Installer3.exe
C:\Program Files\deskbar
C:\Program Files\deskbar\about.html
C:\Program Files\deskbar\basis.xml
C:\Program Files\deskbar\deskbar.crc
C:\Program Files\deskbar\deskbar.dll
C:\Program Files\deskbar\deskbar.inf
C:\Program Files\deskbar\icons.bmp
C:\Program Files\deskbar\inst.bat
C:\Program Files\deskbar\mbback.bmp
C:\Program Files\deskbar\mbbigopen.bmp
C:\Program Files\deskbar\mbclose.bmp
C:\Program Files\deskbar\mbfwd.bmp
C:\Program Files\deskbar\mblogo.bmp
C:\Program Files\deskbar\mbsep.bmp
C:\Program Files\deskbar\options.html
C:\Program Files\deskbar\softomate.gif
C:\Program Files\deskbar\version.txt
C:\Program Files\winantispyware 2006 scanner
C:\Program Files\winantispyware 2006 scanner\Activate.dat
C:\Program Files\winantispyware 2006 scanner\AsAgents.dll
C:\Program Files\winantispyware 2006 scanner\AsAgents.xml
C:\Program Files\winantispyware 2006 scanner\bnlink.dat
C:\Program Files\winantispyware 2006 scanner\database\appupdate.dat
C:\Program Files\winantispyware 2006 scanner\database\AutoProcess.dat
C:\Program Files\winantispyware 2006 scanner\database\dbupdate.dat
C:\Program Files\winantispyware 2006 scanner\database\enemies.dat
C:\Program Files\winantispyware 2006 scanner\database\knownfiles.dat
C:\Program Files\winantispyware 2006 scanner\database\monstate.dat
C:\Program Files\winantispyware 2006 scanner\database\PortSpec.ats
C:\Program Files\winantispyware 2006 scanner\database\quaratine.dat
C:\Program Files\winantispyware 2006 scanner\database\RTMonitor.dat
C:\Program Files\winantispyware 2006 scanner\database\Summary.dat
C:\Program Files\winantispyware 2006 scanner\database\tasks.dat
C:\Program Files\winantispyware 2006 scanner\database\TEBase.dat
C:\Program Files\winantispyware 2006 scanner\database\threatnet.dat
C:\Program Files\winantispyware 2006 scanner\diagnosis.dat
C:\Program Files\winantispyware 2006 scanner\errors.log
C:\Program Files\winantispyware 2006 scanner\InstHelp.exe
C:\Program Files\winantispyware 2006 scanner\lapv.dat
C:\Program Files\winantispyware 2006 scanner\license.rtf
C:\Program Files\winantispyware 2006 scanner\manual.url
C:\Program Files\winantispyware 2006 scanner\pv.dat
C:\Program Files\winantispyware 2006 scanner\scanlog.xml
C:\Program Files\winantispyware 2006 scanner\shellext.dll
C:\Program Files\winantispyware 2006 scanner\shellext.xml
C:\Program Files\winantispyware 2006 scanner\sr.log
C:\Program Files\winantispyware 2006 scanner\support.url
C:\Program Files\winantispyware 2006 scanner\unins000.dat
C:\Program Files\winantispyware 2006 scanner\unins000.exe
C:\Program Files\winantispyware 2006 scanner\update.log
C:\Program Files\winantispyware 2006 scanner\updater.dat
C:\Program Files\winantispyware 2006 scanner\Updater.exe
C:\Program Files\winantispyware 2006 scanner\uwas6chk.dll
C:\Program Files\winantispyware 2006 scanner\uwasffNT.exe
C:\Program Files\winantispyware 2006 scanner\vbpv.dat
C:\Program Files\winantispyware 2006 scanner\was6.dmp
C:\Program Files\winantispyware 2006 scanner\was6.exe
C:\Program Files\winantispyware 2006 scanner\WAS6.url
C:\Program Files\winantispyware 2006 scanner\was6.xml
C:\WINDOWS\newname.dat

((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))

2007-07-10 17:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 17:17 9,701 --a------ C:\dnsbak.reg

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 04:28:05 9,712 ----a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-06-27 22:21:22 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\SpamBlockerUtility
2007-06-14 05:37:03 -------- d-----w C:\Program Files\PokerStars
2007-06-11 09:09:00 -------- d-----w C:\Program Files\Full Tilt Poker
2007-06-11 09:05:52 4 ---ha-w C:\ajspu.sys
2007-06-11 09:05:49 -------- d-----w C:\Program Files\JetSetPoker
2005-12-21 16:22:10 557,108 --sh--w C:\WINDOWS\system32\geeba.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-08-24 18:37 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 17:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23704188-154e-4c58-9e3b-f05a6127c816}]
2006-05-24 06:02 23040 --a------ C:\WINDOWS\system32\esenspi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31677ADF-17D9-5516-E17D-3E459D631863}]
C:\WINDOWS\system\bplctw32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36645342-9475-2663-166A-466739207346}]
C:\WINDOWS\system32\ipv6mote.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}]
2006-06-21 16:08 118784 --a------ c:\program files\spamblockerutility\sbtv\sbtvhelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2005-08-17 10:40 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
2006-11-09 09:07 546440 --a------ C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-08-02 13:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" []
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 C:\WINDOWS\ALCXMNTR.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 02:40 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 03:34 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-07-20 19:22 C:\WINDOWS\ALCMTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 C:\WINDOWS\AGRSMMSG.exe]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" []
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" []
"F-Secure Startup Wizard"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.exe" []
"News Service"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"NsCplTray"="Shaitan1678.exe" []
"backd"="iehelper.exe" []
"MNTP"="syspanel.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1157749087\ee\AOLHostManager.exe" []
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" []
"SpamBlocker"="C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe" []
"Spam Blocker for Outlook Express"="C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe" []
"WeatherOnTray"="C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 10:06]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"syspanel"="control64.exe" []
"PrcIdle"="backd.exe" []
"Bogobot"="Kargo.exe" []
"stuffmon"="hyandex.exe" []
"wormexe"="scanSYS.exe" []
"slamm"="killall.exe" []
"jiyaaaaa"="C:\WINDOWS\system32\jiyaaaaa.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\WINDOWS\desktop.html
FriendlyName= Security

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1230649B-B980-44A5-B259-9B09EBEA6331}"="C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esenspi]
esenspi.dll 2006-05-24 06:02 23040 C:\WINDOWS\system32\esenspi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

Contents of the 'Scheduled Tasks' folder
2007-07-10 00:05:26 C:\WINDOWS\tasks\Scheduled scanning task.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 17:33:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 17:34:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-10 17:34

--- E O F ---

FixwareoutLog

Username "HP_Owner" - 07/10/2007 17:17:05 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmcgo"
HKLM\SOFTWARE\~\Winlogon\ "System"="csrqy.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.108 85.255.112.197" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3C50C77A-78D6-49BE-B7DE-5AD0E9D598EE}
"nameserver"="85.255.113.108,85.255.112.197" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7B2A6668-B27C-4154-BEB8-D27083C9E51C}
"nameserver"="85.255.113.108,85.255.112.197" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FDBD5C28-A945-4C93-81C1-4E28EE8BCB0C}
"nameserver"="85.255.113.108,85.255.112.197" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3C50C77A-78D6-49BE-B7DE-5AD0E9D598EE}
"DhcpNameServer"="85.255.113.108,85.255.112.197" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7B2A6668-B27C-4154-BEB8-D27083C9E51C}
"DhcpNameServer"="85.255.113.108,85.255.112.197" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "0" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nlcalik" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "swen" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eno" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "owt" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eerht" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ruof" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "evif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ypszr" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "daolnwodi" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "onisacputes" Deleted
....
»»»»» Misc files.
C:\Documents and Settings\HP_Owner\Application Data\Install.dat Deleted
C:\Documents and Settings\HP_Owner\Application Data\kc.tmp Deleted
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\kilacln.exe Deleted
C:\Documents and Settings\All Users\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorites\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall Deleted
C:\Documents and Settings\HP_Owner\Favorites\Spyware Uninstall Deleted
C:\Documents and Settings\HP_Owner\Start Menu\Programs\SpyMarshal Deleted
C:\Program Files\SpyMarshal Deleted
C:\WINDOWS\system32\{15E7F174-A5D0-4A8D-B371-EB151C82A871}.exe Deleted
C:\WINDOWS\system32\{3DAA693D-C3CC-48B8-A15A-39F967670570}.exe Deleted
C:\WINDOWS\system32\{50BD6615-92DF-4EC5-BBEC-CCCB82518F09}.exe Deleted
C:\WINDOWS\system32\{A9561737-8FE2-4153-9B09-604600564DFB}.exe Deleted
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"F-Secure Manager"="\"C:\\Program Files\\Charter High-Speed Security Suite\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Charter High-Speed Security Suite\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Charter High-Speed Security Suite\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Charter High-Speed Security Suite\\FSGUI\\ispnews.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"EPSON Stylus CX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P26 \"EPSON Stylus CX3800 Series\" /O6 \"USB001\" /M \"Stylus CX3800\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NsCplTray"="Shaitan1678.exe"
"backd"="iehelper.exe"
"MNTP"="syspanel.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1157749087\\ee\\AOLHostManager.exe"
"AIMPro"="\"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe\""
"SpamBlocker"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.4.0\\SbOEAddOn.exe"
"Spam Blocker for Outlook Express"="C:\\PROGRA~1\\SPAMBL~1\\Bin\\484~1.0\\SBInst.exe"
"dbxiklvx"="C:\\WINDOWS\\system32\\xlztddwr.exe"
"WeatherOnTray"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.4.0\\SbWeatherOnTray.exe"
"EPSON Stylus CX3800 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P35 \"EPSON Stylus CX3800 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus CX3800\""
"EPSON Stylus CX3800 Series (Copy 2)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P35 \"EPSON Stylus CX3800 Series (Copy 2)\" /O5 \"LPT2:\" /M \"Stylus CX3800\""
"EPSON Stylus 3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P24 \"EPSON Stylus 3800 Series\" /O5 \"COM1:\" /M \"Stylus CX3800\""
"jiyaaaaa"="C:\\WINDOWS\\system32\\jiyaaaaa.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\HPQ\\XPXWWPP5\\plugin\\bin\\PCHButton.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"syspanel"="control64.exe"
"PrcIdle"="backd.exe"
"Bogobot"="Kargo.exe"
"stuffmon"="hyandex.exe"
"wormexe"="scanSYS.exe"
"slamm"="killall.exe"
"jiyaaaaa"="C:\\WINDOWS\\system32\\jiyaaaaa.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

New Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:44:15 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbSrv.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {7060354D-7B98-5515-24B6-0BA3D3C3F89E} - MSTCPDLL.dll (file missing)
R3 - URLSearchHook: (no name) - {B4A66CC7-2304-B56E-910B-7F2EFC6D5833} - init32.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23704188-154e-4c58-9e3b-f05a6127c816} - C:\WINDOWS\system32\esenspi.dll
O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll (file missing)
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NsCplTray] Shaitan1678.exe
O4 - HKLM\..\Run: [backd] iehelper.exe
O4 - HKLM\..\Run: [MNTP] syspanel.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157749087\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [syspanel] control64.exe
O4 - HKCU\..\Run: [PrcIdle] backd.exe
O4 - HKCU\..\Run: [Bogobot] Kargo.exe
O4 - HKCU\..\Run: [stuffmon] hyandex.exe
O4 - HKCU\..\Run: [wormexe] scanSYS.exe
O4 - HKCU\..\Run: [slamm] killall.exe
O4 - HKCU\..\Run: [jiyaaaaa] C:\WINDOWS\system32\jiyaaaaa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131734823425
O20 - AppInit_DLLs:
O20 - Winlogon Notify: esenspi - C:\WINDOWS\SYSTEM32\esenspi.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Security - C:\WINDOWS\desktop.html

--
End of file - 13252 bytes

again thanks for the help !

Baabiouz · Jul 11, 2007

Hi!

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
_______________________________

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
_________________________________

Please, post Sdfix log, Smitfraudfix log and a fresh Hijackthis log.

anari11 · Jul 13, 2007

you got 6 infections:

O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll (file missing)

O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe

O4 - HKCU\..\Run: [wormexe] scanSYS.exe

delete them all.

next are programs that you dont need or are unneccesery:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

after you deleted them all,reboot your computer,Search for and delete the file Alcxmntr.exe,Search for and delete the file ALCMTR.EXE,Delete the C:\Program Files\Hotbar\ folder,Delete the file winstart.exe which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\,Empty your recycle bin,Run Windows Update and install all critical updates,Make sure your anti-virus program is up to date with the latest patches. If you do not have an anti-virus program, download and install AVG Personal Edition Anti-Virus, which is free,Reboot one last time.

Baabiouz · Jul 13, 2007

Please, DON'T do anything what anari11 said.
Anari11, please go to HijackThis school and come back here again.
Example, you never delete this file: ALCMTR.EXE.

Anari11, dont post your advice if you donn´t know what to do, this is fix for this user.
Please, don't come here make fixes, if you don't can do it! Please, go to HjT school. Thanks.

Baabiouz · Jul 13, 2007

drluv: Please, run Smitfraudfix and Sdfix.

ddp · Jul 13, 2007

anari11, lightning struck!!

Log in or Sign up

hijackthis log please help!!!

drluv Regular member

Baabiouz Regular member

drluv Regular member

Baabiouz Regular member

anari11 Guest

Baabiouz Regular member

Baabiouz Regular member

ddp Moderator Staff Member

Share This Page

Log in or Sign up

hijackthis log please help!!!

drluv Regular member

Baabiouz Regular member

drluv Regular member

Baabiouz Regular member

anari11 Guest

Baabiouz Regular member

Baabiouz Regular member

ddp Moderator Staff Member

Share This Page

Useful Searches