Hi, I am having Trouble with Ad-Aware it will Not deep scan the registry it just freezes and I have to use CTRL/ALT Delete to end the program. I tried customise scan and Remove Deep Scan Registry from the scan or it will just freeze.. Is this some kind of Spyware?? I checked my AV and came up clean so that is Not the problem it just freea=zes Ad Aware when I deep Scan the Registry??
It freezes at HKey local Machine Software... that is all I can see then it just freezes and I have to End Program with Task Manager HELP!!
Full Version: Unable to Deep Scan Registry
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
Hi The Nephilim.
The "Freezing Issue" is beginning to rear it's head from time to time again.
Please see the suggested fixes and relevant FAQ articles in these posts:
- conditional scans? pc gets stuck on those
- Unable to remove spywares Boran.g et Smitfraud-C - (NB: it is Post #4 )
Let us know if any of these suggestions fixes the problems
Regards,
Spike
The "Freezing Issue" is beginning to rear it's head from time to time again.
Please see the suggested fixes and relevant FAQ articles in these posts:
- conditional scans? pc gets stuck on those
- Unable to remove spywares Boran.g et Smitfraud-C - (NB: it is Post #4 )
Let us know if any of these suggestions fixes the problems
Regards,
Spike
I might also try scanning in Safe Mode
Hi spike-nz,
I tried all those suggestions and it still freezes at the same spot?? I also ran in Safe mode and tried a scan but it still froze??
What is the next step??
I tried all those suggestions and it still freezes at the same spot?? I also ran in Safe mode and tried a scan but it still froze??
What is the next step??
Hi The Nephilim,
Did you try running from command line prompt?
The only remaining suggestion would be to uninstall/reinstall the program.
If you have either of the Plus or Professional versions, do you still have the "aaw SE Plus/Pro.exe" file? If you are a paid-up user, but don't have a copy of your program, to reinstall, you will need the email address and password used at time of registration., to get it from here: Customer Center
(Users of the free Personal version can go here: Ad-Aware Se Personal Build 1.06r1 )
Regards,
Spike
Did you try running from command line prompt?
QUOTE
start Ad-Aware scan from the Windows command line. Do as follows:
Click "Start", then "Run". Next, type the text shown below (including the quotation marks and with the same spacing as shown) for your version of Ad-Aware SE:
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
Click “OK”.
Note: The path above (between the quotes) is the default location of Ad-Aware SE. If you installed your Ad-Aware to a different directory, adjust the path accordingly. For Ad-Aware SE Personal, when the GUI launches, click “Start”, then “Full System Scan”. Click “Next”, then “OK”.
When the scan is complete, select “Next”. In the “Scanning Results” window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove, then click “Next”, then OK”.
Click "Start", then "Run". Next, type the text shown below (including the quotation marks and with the same spacing as shown) for your version of Ad-Aware SE:
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
Click “OK”.
Note: The path above (between the quotes) is the default location of Ad-Aware SE. If you installed your Ad-Aware to a different directory, adjust the path accordingly. For Ad-Aware SE Personal, when the GUI launches, click “Start”, then “Full System Scan”. Click “Next”, then “OK”.
When the scan is complete, select “Next”. In the “Scanning Results” window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove, then click “Next”, then OK”.
The only remaining suggestion would be to uninstall/reinstall the program.
If you have either of the Plus or Professional versions, do you still have the "aaw SE Plus/Pro.exe" file? If you are a paid-up user, but don't have a copy of your program, to reinstall, you will need the email address and password used at time of registration., to get it from here: Customer Center
(Users of the free Personal version can go here: Ad-Aware Se Personal Build 1.06r1 )
Regards,
Spike
I tried runninng from the command line b4, I tried un install/reinstall that still didnt work. I can scan everything but it will freeze when I have Deep Scan Registry.
What is causing it to do this some kind of Spyware or something?? will this be fixed in a future update??
THNX
-Gerald
What is causing it to do this some kind of Spyware or something?? will this be fixed in a future update??
THNX
-Gerald
Hi The Nephilim,
Try a Custom Scan, leaving out the part of the drive where the Registry is located. Open Ad-Aware, click on "Scan Now".
Click to view attachment
Select "Use custom scanning options" then "Customise".
Click to view attachment
Select the files and folders that you do want to scan:
Click to view attachment
See if the scan completes - if it does, then try a full scan.
Regards,
Spike
Try a Custom Scan, leaving out the part of the drive where the Registry is located. Open Ad-Aware, click on "Scan Now".
Click to view attachment
Select "Use custom scanning options" then "Customise".
Click to view attachment
Select the files and folders that you do want to scan:
Click to view attachment
See if the scan completes - if it does, then try a full scan.
Regards,
Spike
Hi Spike,
I tried to scan like you suggested but it still freezes at the Registry entry?? It will work if I uncheck Deep Scan Registry but I would like Full scan too work, any other ideas??
THNX
-Gerald
I tried to scan like you suggested but it still freezes at the Registry entry?? It will work if I uncheck Deep Scan Registry but I would like Full scan too work, any other ideas??
THNX
-Gerald
QUOTE(The Nephilim @ Sep 29 2006, 12:47 PM) 
Hi Spike,
I tried to scan like you suggested but it still freezes at the Registry entry?? It will work if I uncheck Deep Scan Registry but I would like Full scan too work, any other ideas??
THNX
-Gerald
I tried to scan like you suggested but it still freezes at the Registry entry?? It will work if I uncheck Deep Scan Registry but I would like Full scan too work, any other ideas??
THNX
-Gerald
I have this same problem as you. As long as deep scan registry insn't checked,it will scan fine. I came to a point where I just stopped using deep scan to get it to work. Really don't see a point doing it this way,since if something is in the registry,It won't find it. Good luck!
Hiya -- Another user here with the same problem. The problem developed today; yesterday Ad-Aware worked just fine for me, deep scan and all.
Here's some recent history, in case it's relevant: Following the download and installation of the most recent Windows XP update (2 days ago), my pc developed a couple of glitches. Tech support at the pc company was able to help with one of them, although it has since reappeared. Since this pc shows up as virus-free, the only thing I can think of is that the Windows update is behaving somewhat like a virus. The tech person at the pc company says it happens sometimes. Anyone have more info that might connect the Ad-Aware freeze-up to a Windows download?
I hope this can get straightened out. I much prefer Ad-Aware to my other malware-removal program.
Thanks a bunch!
Here's some recent history, in case it's relevant: Following the download and installation of the most recent Windows XP update (2 days ago), my pc developed a couple of glitches. Tech support at the pc company was able to help with one of them, although it has since reappeared. Since this pc shows up as virus-free, the only thing I can think of is that the Windows update is behaving somewhat like a virus. The tech person at the pc company says it happens sometimes. Anyone have more info that might connect the Ad-Aware freeze-up to a Windows download?
I hope this can get straightened out. I much prefer Ad-Aware to my other malware-removal program.
Thanks a bunch!
Hi The Nephilim,
When you scanned without the "Deep Registry Scan", where there any items to delete/quarantine?
Regards,
Spike
When you scanned without the "Deep Registry Scan", where there any items to delete/quarantine?
Regards,
Spike
QUOTE(spike-nz @ Sep 30 2006, 05:10 PM)
Hi The Nephilim,
When you scanned without the "Deep Registry Scan", where there any items to delete/quarantine?
Regards,
Spike
When you scanned without the "Deep Registry Scan", where there any items to delete/quarantine?
Regards,
Spike
I just did a Scan it found 14 new critical objects:
MRU list 12 objects they did not pose a threat.
Tracking cookie 14 objects with a TAC rating of 3
I removed said objects. should I run another scan after the first scan with Deep Scan registry on to see if it will Deep scan the registry??
THNX Spike
-Nephilim
Hi The Nephilim,
Yes, see if it will run all the way through.
Regards,
Spike
QUOTE
I removed said objects. should I run another scan after the first scan with Deep Scan registry on to see if it will Deep scan the registry?
Yes, see if it will run all the way through.
Regards,
Spike
I just ran a Scan without deepscanning the registry found a few entries I deleted them than ran anothere scan with Deep Scan registry checked it did NOT Scan all the way through it froze at the same spot??
-Nephilim
-Nephilim
I'm also still having the same problem (freezing up when the scan gets to H-KEY in the registry) despite having done a couple of things to try to get rid of the glitch.
Until I can get Ad-Aware sorted, can you recommend another spyware program that will deep-scan my registry? I already have Spybot, but would appreciate recommendations for a different malware removal program.
Until I can get Ad-Aware sorted, can you recommend another spyware program that will deep-scan my registry? I already have Spybot, but would appreciate recommendations for a different malware removal program.
I still am unable to DeepScan registry is this a Bug or do I have some sort of Spyware doing this??
{edit by LS CalamityJane: I removed the fix tool reference for a specific rootkit infection, as that will not apply to all and should only be used under expert supervision. However, I'll insert the proper tools to check for all rootkits instead. Hope you don't mind the correction johan_b}
See this topic:
Ad-Aware Freezing Issue
http://www.lavasoftsupport.com/index.php?s...&hl=Rootkit
See this topic:
Ad-Aware Freezing Issue
http://www.lavasoftsupport.com/index.php?s...&hl=Rootkit
OK I ran rootkit reveal here is what the report said:
HKLM\S-1-5-21-861567501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2F1DB504-CAC0-1ECC-612E-1706E0690FC2}* 9/28/2006 10:55 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 9/7/2006 10:55 PM 0 bytes Access is denied.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[50] 10/10/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[51] 10/10/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[52] 10/10/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[53] 10/10/2006 2:06 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\wbk49.tmp 10/10/2006 1:13 PM 425 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\wbk4B.tmp 10/10/2006 1:13 PM 4.89 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\wbk4D.tmp 10/10/2006 1:13 PM 2.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\OBTZA2B1\wbk53.tmp 10/10/2006 1:20 PM 2.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\OXIFW5IR\wbk59.tmp 10/10/2006 1:36 PM 425 bytes Visible in Windows API, but not in MFT or directory index.
What do I do now?? THNX!!
HKLM\S-1-5-21-861567501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2F1DB504-CAC0-1ECC-612E-1706E0690FC2}* 9/28/2006 10:55 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 9/7/2006 10:55 PM 0 bytes Access is denied.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[50] 10/10/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[51] 10/10/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[52] 10/10/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\[53] 10/10/2006 2:06 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\wbk49.tmp 10/10/2006 1:13 PM 425 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\wbk4B.tmp 10/10/2006 1:13 PM 4.89 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\973RXDKE\wbk4D.tmp 10/10/2006 1:13 PM 2.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\OBTZA2B1\wbk53.tmp 10/10/2006 1:20 PM 2.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Gerald\Local Settings\Temporary Internet Files\Content.IE5\OXIFW5IR\wbk59.tmp 10/10/2006 1:36 PM 425 bytes Visible in Windows API, but not in MFT or directory index.
What do I do now?? THNX!!
Nephilim,
No signs of rootkit, but I would like to see a couple of diagnostic logs from these two free tools please:
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)
Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.
3. When finished, it shall produce a log for you. Post that log in your next reply
................................
2. A diagnostic log from this free tool called HijackThis
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
No signs of rootkit, but I would like to see a couple of diagnostic logs from these two free tools please:
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)
Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.
3. When finished, it shall produce a log for you. Post that log in your next reply
................................
2. A diagnostic log from this free tool called HijackThis
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
Hi THNX for Helping here is the Combo TXT:
Gerald - 06-10-11 10:32:03.21 Service Pack 2
ComboFix 06.10.11 - Running from: "C:\test\RootkitRevealer"
((((((((((((((((((((((((((((((( Files Created from 2006-09-11 to 2006-10-11 ))))))))))))))))))))))))))))))))))
2006-09-25 01:35 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-25 01:35 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-19 19:51 398,416 --a------ C:\WINDOWS\vbrun300.dll
2006-09-18 00:41 87,552 --a------ C:\WINDOWS\system32\lfdwg12N.dll
2006-09-18 00:41 80,384 --a------ C:\WINDOWS\system32\Lfplt12n.dll
2006-09-18 00:41 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-09-18 00:41 72,192 --a------ C:\WINDOWS\system32\Lfpct12n.dll
2006-09-18 00:41 69,632 --a------ C:\WINDOWS\system32\Lfcgm12n.dll
2006-09-18 00:41 68,096 --a------ C:\WINDOWS\system32\Lfdgn12n.dll
2006-09-18 00:41 65,536 --a------ C:\WINDOWS\system32\Lfwmf12n.dll
2006-09-18 00:41 65,536 --a------ C:\WINDOWS\system32\Lfdrw12n.dll
2006-09-18 00:41 62,976 --a------ C:\WINDOWS\system32\lfXpm12n.dll
2006-09-18 00:41 61,440 --a------ C:\WINDOWS\system32\lfica12n.dll
2006-09-18 00:41 60,416 --a------ C:\WINDOWS\system32\Lvdx12n.dll
2006-09-18 00:41 59,904 --a------ C:\WINDOWS\system32\Lvgl12n.dll
2006-09-18 00:41 57,344 --a------ C:\WINDOWS\system32\lfeps12n.dll
2006-09-18 00:41 56,320 --a------ C:\WINDOWS\system32\lfpsd12n.dll
2006-09-18 00:41 497,664 --a------ C:\WINDOWS\system32\lfdwf12n.dll
2006-09-18 00:41 48,640 --a------ C:\WINDOWS\system32\LFPNM12n.dll
2006-09-18 00:41 467,456 --a------ C:\WINDOWS\system32\LFCMW12n.dll
2006-09-18 00:41 46,080 --a------ C:\WINDOWS\system32\lfflc12n.dll
2006-09-18 00:41 45,568 --a------ C:\WINDOWS\system32\lfXbm12n.dll
2006-09-18 00:41 43,008 --a------ C:\WINDOWS\system32\lfgif12n.dll
2006-09-18 00:41 41,472 --a------ C:\WINDOWS\system32\lttwn12n.dll
2006-09-18 00:41 406,528 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-09-18 00:41 37,376 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-09-18 00:41 36,864 --a------ C:\WINDOWS\system32\LTWND12n.DLL
2006-09-18 00:41 35,840 --a------ C:\WINDOWS\system32\lflma12n.dll
2006-09-18 00:41 35,840 --a------ C:\WINDOWS\system32\lfcal12n.dll
2006-09-18 00:41 345,088 --------- C:\WINDOWS\system32\ShrLk21.dll
2006-09-18 00:41 344,064 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-09-18 00:41 338,944 --a------ C:\WINDOWS\system32\lffpx7.dll
2006-09-18 00:41 33,792 --a------ C:\WINDOWS\system32\lfiff12n.dll
2006-09-18 00:41 33,280 --a------ C:\WINDOWS\system32\lfpcx12n.dll
2006-09-18 00:41 324,096 --a------ C:\WINDOWS\system32\ltdlg12n.dll
2006-09-18 00:41 32,768 --a------ C:\WINDOWS\system32\lfxwd12n.dll
2006-09-18 00:41 32,768 --a------ C:\WINDOWS\system32\lfani12n.dll
2006-09-18 00:41 32,256 --a------ C:\WINDOWS\system32\lflmb12n.dll
2006-09-18 00:41 28,672 --a------ C:\WINDOWS\system32\lfawd12n.dll
2006-09-18 00:41 28,160 --a------ C:\WINDOWS\system32\lfclp12n.dll
2006-09-18 00:41 278,528 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfwpg12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lftga12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfsgi12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfimg12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfCUT12n.dll
2006-09-18 00:41 27,136 --a------ C:\WINDOWS\system32\lfwfx12n.dll
2006-09-18 00:41 264,192 --a------ C:\WINDOWS\system32\LFJ2K12n.dll
2006-09-18 00:41 26,624 --a------ C:\WINDOWS\system32\lfitg12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfras12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfpcd12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfmsp12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfmac12n.dll
2006-09-18 00:41 25,600 --a------ C:\WINDOWS\system32\Lfvec12n.dll
2006-09-18 00:41 25,600 --a------ C:\WINDOWS\system32\lfavi12n.dll
2006-09-18 00:41 24,576 --a------ C:\WINDOWS\system32\lfRaw12n.dll
2006-09-18 00:41 227,840 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-09-18 00:41 212,480 --a------ C:\WINDOWS\system32\Pcdlib32.dll
2006-09-18 00:41 207,872 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-09-18 00:41 171,008 --a------ C:\WINDOWS\system32\ltvid12n.dll
2006-09-18 00:41 169,472 --a------ C:\WINDOWS\system32\lfpdf12n.dll
2006-09-18 00:41 165,888 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-09-18 00:41 164,352 --a------ C:\WINDOWS\system32\Lfpng12n.dll
2006-09-18 00:41 161,792 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-09-18 00:41 158,208 --a------ C:\WINDOWS\system32\Lvdlg12n.dll
2006-09-18 00:41 144,384 --a------ C:\WINDOWS\system32\LTSCR12n.DLL
2006-09-18 00:41 134,656 --a------ C:\WINDOWS\system32\Lfdxf12n.dll
2006-09-18 00:41 127,488 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-09-18 00:41 122,368 --a------ C:\WINDOWS\system32\lfmpg12n.dll
2006-09-18 00:41 118,784 --a------ C:\WINDOWS\system32\lfkodak.dll
2006-09-18 00:41 109,568 --a------ C:\WINDOWS\system32\lfjbg12n.dll
2006-09-18 00:41 100,352 --a------ C:\WINDOWS\system32\lfgbr12n.dll
2006-09-18 00:41 100,352 --a------ C:\WINDOWS\system32\lffpx12n.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-10 23:20 -------- d-------- C:\Program Files\HP Web Jetadmin
2006-10-10 21:27 -------- d-------- C:\Program Files\HyperLobbyPro3
2006-10-10 13:25 -------- d-------- C:\Program Files\Steam
2006-10-10 12:10 -------- d-------- C:\Program Files\Kali95
2006-10-10 10:07 -------- d-------- C:\Documents and Settings\Gerald\Application Data\uTorrent
2006-10-10 09:53 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Azureus
2006-10-07 23:05 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-07 13:15 -------- d-------- C:\Program Files\Common Files
2006-10-07 13:02 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-10-07 11:38 -------- d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2006-10-07 00:15 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-10-06 23:03 -------- d-------- C:\Program Files\Doom 3
2006-10-06 22:35 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-05 11:07 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Skype
2006-09-28 11:44 -------- d-------- C:\Program Files\Lavasoft
2006-09-28 11:44 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Lavasoft
2006-09-28 10:55 -------- d-------- C:\Program Files\PFConfig
2006-09-28 10:52 -------- d-------- C:\Program Files\mIRC
2006-09-27 12:33 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-27 11:50 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Ahead
2006-09-27 11:46 -------- d-------- C:\Program Files\Nero
2006-09-26 22:52 -------- d-------- C:\Program Files\Viewpoint
2006-09-26 22:52 -------- d-------- C:\Program Files\AOD
2006-09-26 22:52 -------- d-------- C:\Program Files\AIM
2006-09-13 15:56 -------- d-------- C:\Program Files\Wings Over Europe
2006-09-10 20:55 -------- d-------- C:\Program Files\VentSrv
2006-09-10 20:29 -------- d-------- C:\Program Files\Windows Defender
2006-09-10 20:29 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-10 20:03 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Ventrilo
2006-09-07 22:54 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-07 22:50 96256 --a------ C:\WINDOWS\system32\drivers\sptd0557.sys
2006-09-07 22:50 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-06 19:12 -------- d-------- C:\Program Files\DC++
2006-09-06 12:24 -------- d-------- C:\Program Files\BitTorrent
2006-09-06 12:19 -------- d-------- C:\Documents and Settings\Gerald\Application Data\BitTorrent
2006-09-06 11:48 -------- d-------- C:\Program Files\Azureus
2006-09-02 13:24 -------- d-------- C:\Program Files\CDBurnerXP Pro 3
2006-08-25 12:57 -------- d-------- C:\Program Files\LimeWire
2006-08-24 23:38 -------- d-------- C:\Program Files\SquawkBox3
2006-08-22 09:31 -------- d-------- C:\Program Files\BitTornado
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-15 23:50 -------- d-------- C:\Program Files\Doomsday
2006-08-10 13:25 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2006-08-10 13:25 73728 --a------ C:\WINDOWS\system32\hptcpmib.dll
2006-08-10 13:25 28672 --a------ C:\WINDOWS\system32\hpzjfw01.dll
2006-08-10 13:25 204800 --a------ C:\WINDOWS\system32\hptcpmui.dll
2006-08-10 13:25 155648 --a------ C:\WINDOWS\system32\hptcpmon.dll
2006-08-10 13:25 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 09:24 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --------- C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Creative MediaSource Go"="\"C:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe\" /SCB"
"Steam"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5
"NoDriveAutoRun"=hex:18,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Creative Service for CDROM Access"=dword:00000002
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Automatic Full Backup.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JLAF5150-Gerald).job
C:\WINDOWS\tasks\Untitled.job
Completion time: Wed 10/11/2006 10:33:14.81
ComboFix.txt
HERE is the HIJACKTHIS TXT:
Logfile of HijackThis v1.99.1
Scan saved at 10:35:47 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\test\RootkitRevealer\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139691247671
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB7E575-26B4-4909-9F93-CBD4667EC4A0}: NameServer = 68.87.64.146,68.87.75.194
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
THNX
Nephilim
Gerald - 06-10-11 10:32:03.21 Service Pack 2
ComboFix 06.10.11 - Running from: "C:\test\RootkitRevealer"
((((((((((((((((((((((((((((((( Files Created from 2006-09-11 to 2006-10-11 ))))))))))))))))))))))))))))))))))
2006-09-25 01:35 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-25 01:35 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-19 19:51 398,416 --a------ C:\WINDOWS\vbrun300.dll
2006-09-18 00:41 87,552 --a------ C:\WINDOWS\system32\lfdwg12N.dll
2006-09-18 00:41 80,384 --a------ C:\WINDOWS\system32\Lfplt12n.dll
2006-09-18 00:41 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-09-18 00:41 72,192 --a------ C:\WINDOWS\system32\Lfpct12n.dll
2006-09-18 00:41 69,632 --a------ C:\WINDOWS\system32\Lfcgm12n.dll
2006-09-18 00:41 68,096 --a------ C:\WINDOWS\system32\Lfdgn12n.dll
2006-09-18 00:41 65,536 --a------ C:\WINDOWS\system32\Lfwmf12n.dll
2006-09-18 00:41 65,536 --a------ C:\WINDOWS\system32\Lfdrw12n.dll
2006-09-18 00:41 62,976 --a------ C:\WINDOWS\system32\lfXpm12n.dll
2006-09-18 00:41 61,440 --a------ C:\WINDOWS\system32\lfica12n.dll
2006-09-18 00:41 60,416 --a------ C:\WINDOWS\system32\Lvdx12n.dll
2006-09-18 00:41 59,904 --a------ C:\WINDOWS\system32\Lvgl12n.dll
2006-09-18 00:41 57,344 --a------ C:\WINDOWS\system32\lfeps12n.dll
2006-09-18 00:41 56,320 --a------ C:\WINDOWS\system32\lfpsd12n.dll
2006-09-18 00:41 497,664 --a------ C:\WINDOWS\system32\lfdwf12n.dll
2006-09-18 00:41 48,640 --a------ C:\WINDOWS\system32\LFPNM12n.dll
2006-09-18 00:41 467,456 --a------ C:\WINDOWS\system32\LFCMW12n.dll
2006-09-18 00:41 46,080 --a------ C:\WINDOWS\system32\lfflc12n.dll
2006-09-18 00:41 45,568 --a------ C:\WINDOWS\system32\lfXbm12n.dll
2006-09-18 00:41 43,008 --a------ C:\WINDOWS\system32\lfgif12n.dll
2006-09-18 00:41 41,472 --a------ C:\WINDOWS\system32\lttwn12n.dll
2006-09-18 00:41 406,528 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-09-18 00:41 37,376 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-09-18 00:41 36,864 --a------ C:\WINDOWS\system32\LTWND12n.DLL
2006-09-18 00:41 35,840 --a------ C:\WINDOWS\system32\lflma12n.dll
2006-09-18 00:41 35,840 --a------ C:\WINDOWS\system32\lfcal12n.dll
2006-09-18 00:41 345,088 --------- C:\WINDOWS\system32\ShrLk21.dll
2006-09-18 00:41 344,064 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-09-18 00:41 338,944 --a------ C:\WINDOWS\system32\lffpx7.dll
2006-09-18 00:41 33,792 --a------ C:\WINDOWS\system32\lfiff12n.dll
2006-09-18 00:41 33,280 --a------ C:\WINDOWS\system32\lfpcx12n.dll
2006-09-18 00:41 324,096 --a------ C:\WINDOWS\system32\ltdlg12n.dll
2006-09-18 00:41 32,768 --a------ C:\WINDOWS\system32\lfxwd12n.dll
2006-09-18 00:41 32,768 --a------ C:\WINDOWS\system32\lfani12n.dll
2006-09-18 00:41 32,256 --a------ C:\WINDOWS\system32\lflmb12n.dll
2006-09-18 00:41 28,672 --a------ C:\WINDOWS\system32\lfawd12n.dll
2006-09-18 00:41 28,160 --a------ C:\WINDOWS\system32\lfclp12n.dll
2006-09-18 00:41 278,528 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfwpg12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lftga12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfsgi12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfimg12n.dll
2006-09-18 00:41 27,648 --a------ C:\WINDOWS\system32\lfCUT12n.dll
2006-09-18 00:41 27,136 --a------ C:\WINDOWS\system32\lfwfx12n.dll
2006-09-18 00:41 264,192 --a------ C:\WINDOWS\system32\LFJ2K12n.dll
2006-09-18 00:41 26,624 --a------ C:\WINDOWS\system32\lfitg12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfras12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfpcd12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfmsp12n.dll
2006-09-18 00:41 26,112 --a------ C:\WINDOWS\system32\lfmac12n.dll
2006-09-18 00:41 25,600 --a------ C:\WINDOWS\system32\Lfvec12n.dll
2006-09-18 00:41 25,600 --a------ C:\WINDOWS\system32\lfavi12n.dll
2006-09-18 00:41 24,576 --a------ C:\WINDOWS\system32\lfRaw12n.dll
2006-09-18 00:41 227,840 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-09-18 00:41 212,480 --a------ C:\WINDOWS\system32\Pcdlib32.dll
2006-09-18 00:41 207,872 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-09-18 00:41 171,008 --a------ C:\WINDOWS\system32\ltvid12n.dll
2006-09-18 00:41 169,472 --a------ C:\WINDOWS\system32\lfpdf12n.dll
2006-09-18 00:41 165,888 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-09-18 00:41 164,352 --a------ C:\WINDOWS\system32\Lfpng12n.dll
2006-09-18 00:41 161,792 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-09-18 00:41 158,208 --a------ C:\WINDOWS\system32\Lvdlg12n.dll
2006-09-18 00:41 144,384 --a------ C:\WINDOWS\system32\LTSCR12n.DLL
2006-09-18 00:41 134,656 --a------ C:\WINDOWS\system32\Lfdxf12n.dll
2006-09-18 00:41 127,488 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-09-18 00:41 122,368 --a------ C:\WINDOWS\system32\lfmpg12n.dll
2006-09-18 00:41 118,784 --a------ C:\WINDOWS\system32\lfkodak.dll
2006-09-18 00:41 109,568 --a------ C:\WINDOWS\system32\lfjbg12n.dll
2006-09-18 00:41 100,352 --a------ C:\WINDOWS\system32\lfgbr12n.dll
2006-09-18 00:41 100,352 --a------ C:\WINDOWS\system32\lffpx12n.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-10 23:20 -------- d-------- C:\Program Files\HP Web Jetadmin
2006-10-10 21:27 -------- d-------- C:\Program Files\HyperLobbyPro3
2006-10-10 13:25 -------- d-------- C:\Program Files\Steam
2006-10-10 12:10 -------- d-------- C:\Program Files\Kali95
2006-10-10 10:07 -------- d-------- C:\Documents and Settings\Gerald\Application Data\uTorrent
2006-10-10 09:53 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Azureus
2006-10-07 23:05 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-07 13:15 -------- d-------- C:\Program Files\Common Files
2006-10-07 13:02 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-10-07 11:38 -------- d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2006-10-07 00:15 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-10-06 23:03 -------- d-------- C:\Program Files\Doom 3
2006-10-06 22:35 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-05 11:07 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Skype
2006-09-28 11:44 -------- d-------- C:\Program Files\Lavasoft
2006-09-28 11:44 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Lavasoft
2006-09-28 10:55 -------- d-------- C:\Program Files\PFConfig
2006-09-28 10:52 -------- d-------- C:\Program Files\mIRC
2006-09-27 12:33 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-27 11:50 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Ahead
2006-09-27 11:46 -------- d-------- C:\Program Files\Nero
2006-09-26 22:52 -------- d-------- C:\Program Files\Viewpoint
2006-09-26 22:52 -------- d-------- C:\Program Files\AOD
2006-09-26 22:52 -------- d-------- C:\Program Files\AIM
2006-09-13 15:56 -------- d-------- C:\Program Files\Wings Over Europe
2006-09-10 20:55 -------- d-------- C:\Program Files\VentSrv
2006-09-10 20:29 -------- d-------- C:\Program Files\Windows Defender
2006-09-10 20:29 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-10 20:03 -------- d-------- C:\Documents and Settings\Gerald\Application Data\Ventrilo
2006-09-07 22:54 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-07 22:50 96256 --a------ C:\WINDOWS\system32\drivers\sptd0557.sys
2006-09-07 22:50 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-06 19:12 -------- d-------- C:\Program Files\DC++
2006-09-06 12:24 -------- d-------- C:\Program Files\BitTorrent
2006-09-06 12:19 -------- d-------- C:\Documents and Settings\Gerald\Application Data\BitTorrent
2006-09-06 11:48 -------- d-------- C:\Program Files\Azureus
2006-09-02 13:24 -------- d-------- C:\Program Files\CDBurnerXP Pro 3
2006-08-25 12:57 -------- d-------- C:\Program Files\LimeWire
2006-08-24 23:38 -------- d-------- C:\Program Files\SquawkBox3
2006-08-22 09:31 -------- d-------- C:\Program Files\BitTornado
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-15 23:50 -------- d-------- C:\Program Files\Doomsday
2006-08-10 13:25 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2006-08-10 13:25 73728 --a------ C:\WINDOWS\system32\hptcpmib.dll
2006-08-10 13:25 28672 --a------ C:\WINDOWS\system32\hpzjfw01.dll
2006-08-10 13:25 204800 --a------ C:\WINDOWS\system32\hptcpmui.dll
2006-08-10 13:25 155648 --a------ C:\WINDOWS\system32\hptcpmon.dll
2006-08-10 13:25 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 09:24 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --------- C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Creative MediaSource Go"="\"C:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe\" /SCB"
"Steam"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5
"NoDriveAutoRun"=hex:18,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Creative Service for CDROM Access"=dword:00000002
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Automatic Full Backup.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JLAF5150-Gerald).job
C:\WINDOWS\tasks\Untitled.job
Completion time: Wed 10/11/2006 10:33:14.81
ComboFix.txt
HERE is the HIJACKTHIS TXT:
Logfile of HijackThis v1.99.1
Scan saved at 10:35:47 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\test\RootkitRevealer\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139691247671
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB7E575-26B4-4909-9F93-CBD4667EC4A0}: NameServer = 68.87.64.146,68.87.75.194
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
THNX
Nephilim
No infection indications there.
What version of McAfee are you running?
What version of McAfee are you running?
Hi here is all the info:
Build: 10.0.27
Engine version: 5100
DAT Version: 4868
DAT File created: 10/06/2006
so what now??
Build: 10.0.27
Engine version: 5100
DAT Version: 4868
DAT File created: 10/06/2006
so what now??
There were some previous conflicts with users who had McAfee. You might try upgrading to the latest version that doesn't cause a problem with Ad-Aware and make sure that you have this patch (they've had several to correct different problems, but this is the latest I could find posted)
McAfee Patch released: Sept. 19th
http://forums.mcafeehelp.com/viewtopic.php?t=91455
McAfee Patch released: Sept. 19th
http://forums.mcafeehelp.com/viewtopic.php?t=91455
QUOTE
Earlier today (Sept. 19th) we released a new patch to our McAfee consumer product line.
This patch addresses a number of additional issues found since the release of the last patch.
(Note: As with the previous patch, if you’ve changed the settings for McAfee services using the Windows service manager, these settings will be set back to their default. Any settings that you changed through the Security Center itself will stay as you’ve set them).
The following key issues have been addressed in this patch:
- Additional FTP upload problems (exhibited with applications like DreamWeaver) have been fixed.
- Internet access is no longer blocked when the Venturi Wireless client is installed
- Fixed issues in Privacy Service which caused several web pages to be erroneously blocked
- Fixed an error during installation that was caused by a user name with an apostrophe in it
- Fixed an error where the Security Center would incorrectly recognize the version of Ad-Aware installed
- Fixed an error which could cause Internet connections through a proxy to fail
The following commonly reported issues have not been addressed in this patch:
- A fix for the blue screen with PeopleSoft installed has been found, but the fix has not yet finished our validation. The workaround is to temporarily disable SystemGuard protection.
- A network connectivity issue that arises after several minutes of idle time has not yet been fixed. There is no known workaround.
- An issue that causes re-install of the product to fail after an unsuccessful/partial uninstall has not yet been addressed.
To determine whether you’ve received this patch, look for the following versions for the key components of McAfee’s consumer software suite (To determine your versions, open Security Center and click on "View Details" in the bottom-right of the window):
- Security Center: 7.0.331
- VirusScan: 11.0.213 (this has not changed in this patch)
- Firewall: 8.0.207
- SpamKiller: 8.0.243
- Privacy Service: 9.0.391
This patch addresses a number of additional issues found since the release of the last patch.
(Note: As with the previous patch, if you’ve changed the settings for McAfee services using the Windows service manager, these settings will be set back to their default. Any settings that you changed through the Security Center itself will stay as you’ve set them).
The following key issues have been addressed in this patch:
- Additional FTP upload problems (exhibited with applications like DreamWeaver) have been fixed.
- Internet access is no longer blocked when the Venturi Wireless client is installed
- Fixed issues in Privacy Service which caused several web pages to be erroneously blocked
- Fixed an error during installation that was caused by a user name with an apostrophe in it
- Fixed an error where the Security Center would incorrectly recognize the version of Ad-Aware installed
- Fixed an error which could cause Internet connections through a proxy to fail
The following commonly reported issues have not been addressed in this patch:
- A fix for the blue screen with PeopleSoft installed has been found, but the fix has not yet finished our validation. The workaround is to temporarily disable SystemGuard protection.
- A network connectivity issue that arises after several minutes of idle time has not yet been fixed. There is no known workaround.
- An issue that causes re-install of the product to fail after an unsuccessful/partial uninstall has not yet been addressed.
To determine whether you’ve received this patch, look for the following versions for the key components of McAfee’s consumer software suite (To determine your versions, open Security Center and click on "View Details" in the bottom-right of the window):
- Security Center: 7.0.331
- VirusScan: 11.0.213 (this has not changed in this patch)
- Firewall: 8.0.207
- SpamKiller: 8.0.243
- Privacy Service: 9.0.391
The Patch seemed to Fix my Problem Thank You so Much Calamity Jane!!
Excellent! Glad to hear it resolved the issues
Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)
If you should have any further issues, please feel free to post a new topic.
Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)
If you should have any further issues, please feel free to post a new topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.