1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help cleaning my system from virus, worms, spyware etc.

Discussion in 'Virus & Other Malware Removal' started by _iTALY, Jul 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    can i get some help eliminating the viruses and etc. that have infected my computer ?

    here is my HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:37:45 AM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\oodteyma.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINNT\TEMP\win50C6.tmp.exe
    C:\Documents and Settings\All Users\Application Data\abynipkx.exe
    C:\WINNT\mgrs.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1\winlogon.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    D:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\WINNT\system32\wdfmgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\server64.exe
    D:\Program Files\Cakewalk\SONAR 3 Producer Edition\SONARPDR.EXE
    C:\WINNT\explorer.exe
    C:\WINNT\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\msdun.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\ntos.exe,
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [avp] C:\WINNT\TEMP\win50C6.tmp.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINNT\system32\drvcud.dll,startup
    O4 - HKLM\..\Run: [abynipkx.exe] C:\Documents and Settings\All Users\Application Data\abynipkx.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [SC2] C:\WINNT\system32\scchk32.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Winmplayer] "C:\WINNT\system32\KB_963491.exe"
    O4 - HKLM\..\Run: [startdrv] C:\WINNT\Temp\startdrv.exe
    O4 - HKLM\..\Run: [runner1] C:\WINNT\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [ms] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\10213\gm.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINNT\system32\srgaxfqq.dll",forkonce
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Bear] "C:\WINNT\system32\MCROSO~1.NET\services.exe" -vt yazb
    O4 - HKCU\..\Run: [autoload] C:\WINNT\system32\drivers\svchost.exe
    O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\Administrator\svchost.exe
    O4 - HKCU\..\Run: [tlz] C:\WINNT\47681727.exe
    O4 - HKCU\..\Run: [System reservation] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchots.exe
    O4 - HKCU\..\Run: [XP restart system] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wnset.exe
    O4 - HKCU\..\Run: [userinit] C:\WINNT\system32\ntos.exe
    O4 - HKCU\..\Run: [Ptpe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1\winlogon.exe" -vt yazb
    O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINNT\svchost.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINNT\system32\ntos.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINNT\system32\ntos.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174506012109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182822289765
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINNT\system32\bxcjiz.dll
    O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINNT\system32\bxcjiz.dll
    O22 - SharedTaskScheduler: kdg9049i904ktkgtj - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe (file missing)
    O23 - Service: Logical Disk Manager dmserverRemoteRegistry (dmserverRemoteRegistry) - Unknown owner - C:\WINNT\system32\ahuij.exe (file missing)
    O23 - Service: DomainService - - C:\WINNT\system32\oodteyma.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 7085 bytes
     
  2. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    bump!
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Load AVG http://free.grisoft.com/freeweb.php/doc/2/ it's free.



    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  4. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    thanks for the help here are my logs:

    "Owner" - 2007-07-11 16:43:04 - ComboFix 07-07-10.1 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINNT\system32\aodvnpre.dll
    C:\WINNT\system32\bcvaiktm.dll
    C:\WINNT\system32\bwgdhwth.dll
    C:\WINNT\system32\dtpopqww.dll
    C:\WINNT\system32\elmsowpk.dll
    C:\WINNT\system32\gliovvjw.dll
    C:\WINNT\system32\idlcbfeb.dll
    C:\WINNT\system32\sjbngffd.dll
    C:\WINNT\system32\srgaxfqq.dll
    C:\WINNT\system32\tkqhdaeb.dll
    C:\WINNT\system32\twoqfnqo.dll
    C:\WINNT\system32\vufbfglb.dll
    C:\WINNT\system32\wypqnhkd.dll
    C:\WINNT\system32\xfoshate.dll
    C:\WINNT\system32\yoygxfcb.dll
    C:\WINNT\system32\axhbixbm.exe
    C:\WINNT\system32\cavhrbcn.exe
    C:\WINNT\system32\cdeattxh.exe
    C:\WINNT\system32\ermdggie.exe
    C:\WINNT\system32\fdokjylv.exe
    C:\WINNT\system32\lbsrjtbh.exe
    C:\WINNT\system32\lpdprpce.exe
    C:\WINNT\system32\gebaxww.dll
    C:\WINNT\system32\jkkkigh.dll
    C:\WINNT\system32\nnnnmnl.dll
    C:\WINNT\system32\opnmmlm.dll
    C:\WINNT\system32\vturono.dll
    C:\WINNT\system32\wingsa32.dll
    C:\WINNT\system32\erpnvdoa.ini
    C:\WINNT\system32\mtkiavcb.ini
    C:\WINNT\system32\htwhdgwb.ini
    C:\WINNT\system32\wwqpoptd.ini
    C:\WINNT\system32\kpwosmle.ini
    C:\WINNT\system32\wjvvoilg.ini
    C:\WINNT\system32\befbcldi.ini
    C:\WINNT\system32\hjjlm.bak1
    C:\WINNT\system32\hjjlm.ini2
    C:\WINNT\system32\dffgnbjs.ini
    C:\WINNT\system32\qqfxagrs.ini
    C:\WINNT\system32\blgfbfuv.ini
    C:\WINNT\system32\dkhnqpyw.ini
    C:\WINNT\system32\hjjlm.bak1
    C:\WINNT\system32\hjjlm.bak2
    C:\WINNT\system32\hjjlm.ini
    C:\WINNT\system32\hjjlm.ini2
    C:\WINNT\system32\hjjlm.tmp
    C:\WINNT\system32\mljjh.dll
    C:\WINNT\system32\rqrpnll.dll
    C:\WINNT\system32\hjjlm.bak2
    C:\WINNT\system32\hjjlm.ini
    C:\WINNT\system32\hjjlm.tmp
    C:\WINNT\system32\etahsofx.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ADMINI~1\APPLIC~1.\sstem3~1
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\sstem3~1\winlogon.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft\25319.dat
    C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
    C:\Documents and Settings\All Users.\documents\settings
    C:\Documents and Settings\All Users.\documents\settings\desktop.ini
    C:\Program Files\fnts~1
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\ymbols~1
    C:\Program Files\ymbols~1\w?nlogon.exe
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\temp\iee
    C:\temp\tn3
    C:\WINNT\appatc~1
    C:\WINNT\appatc~1\??oolsv.exe
    C:\WINNT\csrss.exe
    C:\WINNT\mgrs.exe
    C:\WINNT\sstem~1
    C:\WINNT\sstem~1\n?lookup.exe
    C:\WINNT\system32\3_exception.nls
    C:\WINNT\system32\advvpi32.dll
    C:\WINNT\system32\bxcjiz.dll
    C:\WINNT\system32\drivers\core.cache.dsk
    C:\WINNT\system32\drivers\core.sys
    C:\WINNT\system32\KB28125911.exe
    C:\WINNT\system32\KB93427757.exe
    C:\WINNT\system32\mcroso~1.net
    C:\WINNT\system32\o08PrEz
    C:\WINNT\system32\wcpsvsu.exe
    C:\WINNT\system32\win
    C:\WINNT\system32\WINDBG48.sys
    C:\WINNT\ymbols~1


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NTIO256
    -------\LEGACY_WINDBG48
    -------\core
    -------\DomainService
    -------\ntio256
    -------\RpcApi


    ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


    2007-07-11 16:42 51,200 --a------ C:\WINNT\nircmd.exe
    2007-07-11 16:40 66,112 --a------ C:\WINNT\system32\honerdai.exe
    2007-07-11 16:26 499,712 --a------ C:\WINNT\system32\msvcp71.dll
    2007-07-11 16:26 348,160 --a------ C:\WINNT\system32\msvcr71.dll
    2007-07-11 16:20 66,624 --a------ C:\WINNT\system32\eglelhdw.dll
    2007-07-11 16:17 66,112 --a------ C:\WINNT\system32\svpyosuj.exe
    2007-07-11 15:57 <DIR> d-------- C:\Program Files\Uniblue
    2007-07-11 15:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
    2007-07-11 15:42 <DIR> d-------- C:\WINNT\pss
    2007-07-11 15:29 66,624 --a------ C:\WINNT\system32\didmwnwd.dll
    2007-07-11 15:21 66,112 --a------ C:\WINNT\system32\qsdfvgol.exe
    2007-07-11 11:25 93,696 --a------ C:\WINNT\system32\drvvun.dll
    2007-07-11 10:38 <DIR> d-------- C:\Program Files\ToniArts
    2007-07-11 10:08 66,624 --a------ C:\WINNT\system32\cwidlcny.dll
    2007-07-11 10:06 66,112 --a------ C:\WINNT\system32\kkhiedfy.exe
    2007-07-11 09:37 66,112 --a------ C:\WINNT\system32\lvikjpbl.exe
    2007-07-11 08:33 66,112 --a------ C:\WINNT\system32\aqykftal.exe
    2007-07-11 08:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Prevx
    2007-07-11 08:28 77,312 --a------ C:\WINNT\ua2.dll
    2007-07-11 08:28 <DIR> d-------- C:\Program Files\Prevx2
    2007-07-11 08:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
    2007-07-11 07:46 66,624 --a------ C:\WINNT\system32\mdfumqrp.dll
    2007-07-11 07:40 66,112 --a------ C:\WINNT\system32\vddivhus.exe
    2007-07-11 07:35 66,624 --a------ C:\WINNT\system32\hehqkjwd.dll
    2007-07-11 07:32 66,112 --a------ C:\WINNT\system32\eqoaxmbc.exe
    2007-07-11 07:27 66,624 --a------ C:\WINNT\system32\qfkbgkac.dll
    2007-07-11 07:22 66,112 --a------ C:\WINNT\system32\goptaeim.exe
    2007-07-11 07:03 66,624 --a------ C:\WINNT\system32\qgvdonpe.dll
    2007-07-11 06:57 66,112 --a------ C:\WINNT\system32\ureruslt.exe
    2007-07-11 06:51 66,624 --a------ C:\WINNT\system32\biwstjkx.dll
    2007-07-11 06:50 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-11 06:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-11 06:49 66,112 --a------ C:\WINNT\system32\juwadxie.exe
    2007-07-11 06:08 66,624 --a------ C:\WINNT\system32\sglxdyit.dll
    2007-07-11 06:02 66,112 --a------ C:\WINNT\system32\peqqvnec.exe
    2007-07-11 05:56 66,112 --a------ C:\WINNT\system32\udrmbsfr.exe
    2007-07-11 05:54 13,312 --a------ C:\WINNT\system32\s2f.exe
    2007-07-11 05:52 66,624 --a------ C:\WINNT\system32\nfcaprwm.dll
    2007-07-11 05:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-11 05:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
    2007-07-11 04:35 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-11 04:13 66,624 --a------ C:\WINNT\system32\rslwvrxv.dll
    2007-07-11 04:10 1,156 --a------ C:\WINNT\mozver.dat
    2007-07-11 03:39 66,624 --a------ C:\WINNT\system32\hloctjyn.dll
    2007-07-11 01:36 66,624 --a------ C:\WINNT\system32\xyucnkby.dll
    2007-07-11 01:08 66,624 --a------ C:\WINNT\system32\qqwumcse.dll
    2007-07-11 00:17 66,624 --a------ C:\WINNT\system32\xxnaovka.dll
    2007-07-10 23:14 66,624 --a------ C:\WINNT\system32\lxtdlwdp.dll
    2007-07-10 22:58 106 --a------ C:\temp.bat
    2007-07-10 16:43 10,240 --a------ C:\WINNT\system32\syswin.exe
    2007-07-07 18:19 162 --ahs---- C:\WINNT\system32\3961485737.dat
    2007-07-07 01:37 <DIR> d--hs---- C:\DOCUME~1\MULTIM~1\APPLIC~1\wsnpoem
    2007-07-06 23:12 0 --a------ C:\WINNT\nsreg.dat
    2007-07-06 22:12 38,912 --a------ C:\WINNT\system32\msdun.dll
    2007-07-06 22:12 10,000 --a------ C:\WINNT\system32\jkxdf84ndf.dll
    2007-07-06 22:12 <DIR> d-------- C:\WINNT\system32\X9
    2007-07-06 22:12 <DIR> d-------- C:\WINNT\system32\X4
    2007-07-06 22:12 <DIR> d-------- C:\WINNT\system32\X3
    2007-07-06 22:12 <DIR> d-------- C:\WINNT\system32\X2
    2007-07-06 22:12 <DIR> d-------- C:\Temp
    2007-07-02 16:57 <DIR> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Cakewalk
    2007-06-29 19:41 <DIR> d-------- C:\Program Files\Steinberg
    2007-06-29 17:26 <DIR> d-------- C:\Program Files\rgcaudio software
    2007-06-29 17:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Propellerhead Software
    2007-06-29 17:16 <DIR> d-------- C:\Program Files\Propellerhead
    2007-06-29 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-06-29 14:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
    2007-06-29 01:29 <DIR> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Apple Computer
    2007-06-29 01:22 741,376 --a------ C:\DOCUME~1\MULTIM~1\NTUSER.DAT
    2007-06-29 01:22 <DIR> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\EmuPatchMixDSP
    2007-06-29 01:22 <DIR> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Creative
    2007-06-28 22:39 102,400 --a------ C:\WINNT\system32\TrackerNET.dll
    2007-06-28 22:32 217,088 --a------ C:\WINNT\system32\libmySQL.dll
    2007-06-28 17:59 <DIR> d--h----- C:\WINNT\$hf_mig$
    2007-06-28 03:03 524,288 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
    2007-06-28 03:03 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
    2007-06-28 03:03 <DIR> d-------- C:\WINNT\Prefetch
    2007-06-28 03:00 <DIR> d-------- C:\WINNT\system32\xircom
    2007-06-28 02:59 221,184 --a------ C:\WINNT\system32\wmpns.dll
    2007-06-28 02:58 11,264 --a------ C:\WINNT\system32\atrace.dll
    2007-06-28 02:58 <DIR> d-------- C:\WINNT\srchasst
    2007-06-28 02:58 <DIR> d-------- C:\Program Files\Online Services
    2007-06-28 02:58 <DIR> d-------- C:\Program Files\Movie Maker
    2007-06-28 02:58 <DIR> d-------- C:\Program Files\Common Files\MSSoap
    2007-06-28 02:57 73,472 --a------ C:\WINNT\system32\drivers\sr.sys
    2007-06-28 02:57 67,584 --a------ C:\WINNT\system32\srclient.dll
    2007-06-28 02:57 45,568 --a------ C:\WINNT\system32\safrslv.dll
    2007-06-28 02:57 43,520 --a------ C:\WINNT\system32\safrcdlg.dll
    2007-06-28 02:57 43,520 --a------ C:\WINNT\system32\racpldlg.dll
    2007-06-28 02:57 32,768 --a------ C:\WINNT\system32\isrdbg32.dll
    2007-06-28 02:57 29,696 --a------ C:\WINNT\system32\safrdm.dll
    2007-06-28 02:57 239,104 --a------ C:\WINNT\system32\srrstr.dll
    2007-06-28 02:57 190,976 --a------ C:\WINNT\system32\schedsvc.dll
    2007-06-28 02:57 170,496 --a------ C:\WINNT\system32\srsvc.dll
    2007-06-28 02:57 <DIR> d-------- C:\WINNT\system32\Restore
    2007-06-28 02:54 93,696 --a------ C:\WINNT\system32\tscfgwmi.dll
    2007-06-28 02:54 9,728 --a------ C:\WINNT\system32\rwnh.dll
    2007-06-28 02:54 9,728 --a------ C:\WINNT\system32\reset.exe
    2007-06-28 02:54 87,176 --a------ C:\WINNT\system32\rdpwsx.dll
    2007-06-28 02:54 8,704 --a------ C:\WINNT\system32\fxsperf.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-11 14:38:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-07 02:31:57 -------- d-----w C:\Program Files\Accessories
    2007-06-29 20:02:13 -------- d-----w C:\Program Files\Yamp 2.3
    2007-06-29 19:49:14 -------- d-----w C:\Program Files\Nero
    2007-06-29 18:42:13 -------- d-----w C:\Program Files\Common Files\Ahead
    2007-06-28 06:57:08 22,924 ----a-w C:\WINNT\system32\emptyregdb.dat
    2007-06-28 06:54:48 -------- d-----w C:\Program Files\Windows NT
    2007-06-28 06:52:56 81,920 ----a-w C:\WINNT\system32\OpenAL32.dll
    2007-06-28 06:52:56 233,472 ----a-w C:\WINNT\system32\wrap_oal.dll
    2007-06-04 19:18:48 9,344 ----a-w C:\WINNT\system32\drivers\NSDriver.sys
    2007-06-04 19:17:02 8,320 ----a-w C:\WINNT\system32\drivers\AWRTRD.sys
    2007-06-04 19:14:56 6,272 ----a-w C:\WINNT\system32\drivers\AWRTPD.sys
    2007-04-17 02:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll
    2007-04-13 19:19:52 7,680 ----a-w C:\WINNT\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20AD49A2-94F3-42bD-F434-2604812C897C}]
    2007-07-06 22:12 10000 --a------ C:\WINNT\system32\jkxdf84ndf.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52]
    "CTHelper"="CTHELPER.EXE" [2005-10-22 12:00 C:\WINNT\CTHELPER.EXE]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-11 16:26]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2005-10-22 11:46 C:\WINNT\MIDIDEF.EXE]
    "Bear"="C:\WINNT\system32\MCROSO~1.NET\services.exe" []
    "Ptpe"="C:\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1\winlogon.exe" []
    "XP restart system"="" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
    "SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{20AD49A2-94F3-42bD-F434-2604812C897C}"="C:\WINNT\system32\jkxdf84ndf.dll" [2007-07-06 22:12]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autorun]
    C:\Documents and Settings\Administrator\svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    rundll32.exe C:\WINNT\system32\drvvun.dll,startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
    rundll32.exe "C:\WINNT\system32\bwgdhwth.dll",forkonce

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    mobsync.exe /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP restart system]
    h


    Contents of the 'Scheduled Tasks' folder
    2007-07-06 19:40:00 C:\WINNT\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-11 16:47:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-11 16:51:19 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-11 16:49

    --- E O F ---


    SDFix: Version 1.90

    Run by Administrator on Wed 07/11/2007 at 04:58 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wnset.exe - Deleted
    C:\WINNT\system32KBRunOnce2.tm_ - Deleted
    C:\WINNT\system32KBRunOnce2.t__ - Deleted
    C:\WINNT\system32\KBRunOnce2.t__ - Deleted
    C:\WINNT\system32\msdun.dll - Deleted
    C:\WINNT\system32\svehost.exe - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINNT
    No streams found.

    C:\WINNT\system32
    No streams found.

    C:\WINNT\system32\svchost.exe
    No streams found.

    C:\WINNT\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\WINNT\system32\config\default.tmp.LOG
    C:\WINNT\system32\config\SAM.tmp.LOG
    C:\WINNT\system32\config\SECURITY.tmp.LOG
    C:\WINNT\system32\config\software.tmp.LOG
    C:\WINNT\system32\config\system.tmp.LOG

    Finished


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:06:11 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Prevx2\PXAgent.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINNT\system32\clcl12.exe
    D:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\WINNT\system32\wscntfy.exe
    C:\WINNT\system32\wuauclt.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wnset.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: C:\WINNT\system32\jkxdf84ndf.dll - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [clcl12] C:\WINNT\system32\clcl12.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Bear] "C:\WINNT\system32\MCROSO~1.NET\services.exe" -vt yazb
    O4 - HKCU\..\Run: [Ptpe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1\winlogon.exe" -vt yazb
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174506012109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182822289765
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O22 - SharedTaskScheduler: kdg9049i904ktkgtj - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Logical Disk Manager dmserverRemoteRegistry (dmserverRemoteRegistry) - Unknown owner - C:\WINNT\system32\ahuij.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe

    --
    End of file - 5318 bytes
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download and run this uninstaller:
    http://www.outerinfo.com/OiUninstaller.exe


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  6. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/12/2007 at 00:53 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3268
    Trace Rules Database Version: 1279

    Scan type : Complete Scan
    Total Scan Time : 00:55:53

    Memory items scanned : 340
    Memory threats detected : 0
    Registry items scanned : 5265
    Registry threats detected : 31
    File items scanned : 74433
    File threats detected : 44

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{060377DF-A621-43ED-8F24-B01F0BC26EF5}
    HKCR\CLSID\{060377DF-A621-43ED-8F24-B01F0BC26EF5}
    HKCR\CLSID\{060377DF-A621-43ED-8F24-B01F0BC26EF5}\InprocServer32
    HKCR\CLSID\{060377DF-A621-43ED-8F24-B01F0BC26EF5}\InprocServer32#ThreadingModel
    C:\WINNT\SYSTEM32\MLJJH.DLL
    HKLM\Software\Classes\CLSID\{36FD7261-A219-42A4-BE3A-570E440286B7}
    HKCR\CLSID\{36FD7261-A219-42A4-BE3A-570E440286B7}
    HKCR\CLSID\{36FD7261-A219-42A4-BE3A-570E440286B7}\InprocServer32
    HKCR\CLSID\{36FD7261-A219-42A4-BE3A-570E440286B7}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{7DF93AFE-B876-4189-8390-0F0173E0041C}
    HKCR\CLSID\{7DF93AFE-B876-4189-8390-0F0173E0041C}
    HKCR\CLSID\{7DF93AFE-B876-4189-8390-0F0173E0041C}\InprocServer32
    HKCR\CLSID\{7DF93AFE-B876-4189-8390-0F0173E0041C}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{B615AED2-C44C-4792-9A80-42AA30E2D4E1}
    HKCR\CLSID\{B615AED2-C44C-4792-9A80-42AA30E2D4E1}
    HKCR\CLSID\{B615AED2-C44C-4792-9A80-42AA30E2D4E1}\InprocServer32
    HKCR\CLSID\{B615AED2-C44C-4792-9A80-42AA30E2D4E1}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{CCE1B637-6E66-455F-8CCC-3F2A0D9482A7}
    HKCR\CLSID\{CCE1B637-6E66-455F-8CCC-3F2A0D9482A7}
    HKCR\CLSID\{CCE1B637-6E66-455F-8CCC-3F2A0D9482A7}\InprocServer32
    HKCR\CLSID\{CCE1B637-6E66-455F-8CCC-3F2A0D9482A7}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{FAFC6538-DFB5-439E-9AE4-E4C374B4DDC3}
    HKCR\CLSID\{FAFC6538-DFB5-439E-9AE4-E4C374B4DDC3}
    HKCR\CLSID\{FAFC6538-DFB5-439E-9AE4-E4C374B4DDC3}\InprocServer32
    HKCR\CLSID\{FAFC6538-DFB5-439E-9AE4-E4C374B4DDC3}\InprocServer32#ThreadingModel

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{938A8A03-A938-4019-B764-03FF8D167D79}
    HKCR\CLSID\{938A8A03-A938-4019-B764-03FF8D167D79}
    HKCR\CLSID\{938A8A03-A938-4019-B764-03FF8D167D79}\InprocServer32
    HKCR\CLSID\{938A8A03-A938-4019-B764-03FF8D167D79}\InprocServer32#ThreadingModel
    C:\WINNT\SYSTEM32\DIDMWNWD.DLL
    HKCR\CLSID\{938A8A03-A938-4019-B764-03FF8D167D79}
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\ADVVPI32.DLL.VIR

    Adware.ClickSpring
    HKLM\Software\ClickSpring
    HKLM\Software\ClickSpring#UBWKR
    C:\QOOBOX\QUARANTINE\C\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1\WINLOGON.EXE.VIR
    C:\QooBox\Quarantine\C\Program Files\YMBOLS~1\WNLOGO~1.VIR
    C:\QooBox\Quarantine\C\WINNT\APPATC~1\OOLSVE~1.VIR
    C:\QooBox\Quarantine\C\WINNT\SSTEM~1\NLOOKU~1.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP10\A0011532.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040630.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040631.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040632.EXE

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ABYNIPKX.EXE
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\WCPSVSU.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP10\A0011533.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP14\A0029614.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040627.EXE

    Trojan.Downloader-Gen/TStamp
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\AXHBIXBM.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\CDEATTXH.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\ERMDGGIE.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\FDOKJYLV.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\LBSRJTBH.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\LPDPRPCE.EXE.VIR

    Trojan.Downloader-MSDCom32
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\BXCJIZ.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP13\A0026629.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040628.DLL

    Adware.Vundo/Traff-2
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\CAVHRBCN.EXE.VIR

    Adware.Vundo Variant
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\VTURONO.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP13\A0026607.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040661.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP3\A0001067.DLL

    Rootkit.ShapeChanger
    C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\WINDBG48.SYS.VIR

    Adware.ClickSpring/Resident
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP10\A0011542.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP13\A0026625.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP14\A0029620.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP14\A0029621.DLL

    Rootkit.Runtime-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP13\A0025630.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP13\A0026612.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040657.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040658.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040659.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040660.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP17\A0040678.DLL

    Trojan.Downloader-Gen/Blah
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6DCD19B8-BC02-49BD-9E5E-38D7B0D30552}\RP13\A0026644.DLL

    Adware.ClickSpring/Yazzle
    C:\WINNT\PREFETCH\YAZZLE1162OINADMIN.EXE-04B49B8B.PF

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:58:37 AM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINNT\system32\clcl12.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Prevx2\PXAgent.exe
    C:\WINNT\system32\wscntfy.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: C:\WINNT\system32\jkxdf84ndf.dll - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [clcl12] C:\WINNT\system32\clcl12.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Bear] "C:\WINNT\system32\MCROSO~1.NET\services.exe" -vt yazb
    O4 - HKCU\..\Run: [XP restart system] h
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174506012109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182822289765
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: kdg9049i904ktkgtj - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Logical Disk Manager dmserverRemoteRegistry (dmserverRemoteRegistry) - Unknown owner - C:\WINNT\system32\ahuij.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe

    --
    End of file - 5250 bytes
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: C:\WINNT\system32\jkxdf84ndf.dll - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll (file missing)
    O4 - HKLM\..\Run: [clcl12] C:\WINNT\system32\clcl12.exe
    O4 - HKCU\..\Run: [XP restart system] h
    O22 - SharedTaskScheduler: kdg9049i904ktkgtj - {20AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINNT\system32\jkxdf84ndf.dll (file missing)
    O23 - Service: Logical Disk Manager dmserverRemoteRegistry (dmserverRemoteRegistry) - Unknown owner - C:\WINNT\system32\ahuij.exe (file missing)

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINNT\system32\clcl12.exe
      C:\WINNT\system32\ahuij.exe
      C:\WINDOWS\SYSTEM32\drvvun.dll
      C:\WINNT\system32\bwgdhwth.dll


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click ALL
    • In the Win32 Services group click ALL
    • In the Driver Services group click ALL
    • In the Registry group click ALL
    • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
    • In the File String Search group select ALL
    • in the Additional scans sections please press select ALL
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
    Please post the resulting log here as an attachment.

    • Click on the orange Post a Reply! button
    • scroll down to Manage Attachments
    • Click in the box that says Upload File from your Computer
    • Click the Browse... button and find the file then click open
    • Click the Upload button
    • Wait until you see Current Attachment and your file name
    • Click on Close this window
    • Then submit the reply.
     
  8. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    im getting the "Your file of 555.6 KB bytes exceeds the forum's limit of 500.0 KB for this filetype."

    i cant attach the file >.> what should i do ?
    btw thanks for all the help so far !
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
     
  10. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    i have followed these instructions each time, but i am not allowed to upload .txt files this large

    .. i switched browers and all
    the forum wont let me upload anything larger than 500kb
    my file is 55.6kb too large

    any suggestions
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I'll PM you with my e-mail address ;)
     
  12. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    ok :D
    .. i sent the email to ya
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

    I will review the information when it comes back in.
     
  15. _iTALY

    _iTALY Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    log after pressing Run Fix
    [Files/Folders - Created Within 60 days]
    File C:\WINNT\SYSTEM32\biwstjkx.dll not found!
    File C:\WINNT\SYSTEM32\cwidlcny.dll not found!
    C:\WINNT\SYSTEM32\dicopydl.ini moved successfully.
    C:\WINNT\SYSTEM32\edufpwmc.ini moved successfully.
    File C:\WINNT\SYSTEM32\eglelhdw.dll not found!
    File C:\WINNT\SYSTEM32\hehqkjwd.dll not found!
    File C:\WINNT\SYSTEM32\hloctjyn.dll not found!
    C:\WINNT\SYSTEM32\hodxnupt.ini moved successfully.
    C:\WINNT\SYSTEM32\intacxcm.ini moved successfully.
    C:\WINNT\SYSTEM32\knupunps.ini moved successfully.
    C:\WINNT\SYSTEM32\lofjspew.ini moved successfully.
    C:\WINNT\SYSTEM32\lxtdlwdp.dll moved successfully.
    C:\WINNT\SYSTEM32\mcrh.tmp moved successfully.
    File C:\WINNT\SYSTEM32\mdfumqrp.dll not found!
    C:\WINNT\SYSTEM32\mlfcache.dat moved successfully.
    C:\WINNT\SYSTEM32\pbesghvn.ini moved successfully.
    File C:\WINNT\SYSTEM32\qfkbgkac.dll not found!
    File C:\WINNT\SYSTEM32\qgvdonpe.dll not found!
    C:\WINNT\SYSTEM32\qqwumcse.dll moved successfully.
    File C:\WINNT\SYSTEM32\rslwvrxv.dll not found!
    C:\WINNT\SYSTEM32\subexwdn.ini moved successfully.
    C:\WINNT\SYSTEM32\wloxnrij.ini moved successfully.
    C:\WINNT\SYSTEM32\wywpvfui.ini moved successfully.
    C:\WINNT\SYSTEM32\X2 moved successfully.
    C:\WINNT\SYSTEM32\X3 moved successfully.
    C:\WINNT\SYSTEM32\X4 moved successfully.
    C:\WINNT\SYSTEM32\X9 moved successfully.
    C:\WINNT\SYSTEM32\xcknhgxr.ini moved successfully.
    C:\WINNT\SYSTEM32\xxnaovka.dll moved successfully.
    File C:\WINNT\SYSTEM32\xyucnkby.dll not found!
    [Files/Folders - Modified Within 30 days]
    C:\WINNT\SYSTEM32\ahkktftt.ini moved successfully.
    < End of log >
    Created on 07/14/2007 23:41:08

    .. the new Log was emailed
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594333

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice