Jump to content

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:30:34 AM, on 8/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Comodo\Firewall\CPF.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - .DEFAULT User Startup: .protected (User 'Default user')

O4 - .DEFAULT User Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com//sdccommon/download/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187905905015

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187905891218

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 7795 bytes

 

Lets see, here is a SuperAntiSpyware results Scan that I did yesterday:

 

Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt

 

Adware.Starware

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP40\A0016185.EXE

 

Desktop Hijacker.AboutYourPrivacy

C:\WINDOWS\MSQNX.DLL

 

Malware.Ultimate Defender

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6MXNEY5R\UDEFENDER_SETUP[1].EXE

 

These were deleted or locked up as far as I know. I searched Add/Remove Programs, did not find Ultimate Defender, also I did a search, didnt find it. My PC is running fine, the only thing I was worried about was keyloggers or people using illegal programs to find out passwords I use because I got my yahoo account sopposably hacked/cant sign into it with password anymore.

 

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt <-- do not know what that is.

 

Combofix Scan:

 

ComboFix 07-08-26 - "Owner" 2007-08-25 16:46:38.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.411 [GMT -5:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Owner\Desktop\internet.lnk

 

 

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

 

 

2007-08-25 09:29 <DIR> d-------- C:\Program Files\Trend Micro

2007-08-24 23:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-08-24 23:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com

2007-08-24 23:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-08-21 20:20 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2007-08-21 20:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-08-21 20:20 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-08-21 20:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-08-21 20:19 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-08-21 20:19 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-08-21 20:19 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-08-21 20:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-08-21 20:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

2007-08-21 20:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech

2007-08-21 20:11 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-08-21 20:10 <DIR> d-------- C:\Program Files\Logitech

2007-08-21 20:10 <DIR> d-------- C:\Program Files\Common Files\Logitech

2007-08-21 20:10 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield

2007-08-21 20:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

2007-08-19 19:07 29,696 --a------ C:\WINDOWS\mickey32.dll

2007-08-19 19:07 232,784 --a------ C:\WINDOWS\Matrix Code.scr

2007-08-19 19:07 2,285,222 --a------ C:\WINDOWS\Matrix Code.exe

2007-08-14 15:03 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-08-14 15:02 17,505 --------- C:\WINDOWS\hpomdl07.dat

2007-08-14 15:02 106,192 --a------ C:\WINDOWS\hpoins07.dat

2007-08-14 14:54 <DIR> d-------- C:\temp\FixEngine

2007-08-14 14:54 <DIR> d-------- C:\Program Files\Hp

2007-08-14 13:43 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinPatrol

2007-08-11 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com

2007-08-06 13:14 <DIR> d-------- C:\Program Files\Dvd-to-mpeg

2007-08-06 13:13 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2007-08-05 15:14 241,904 --a------ C:\WINDOWS\UNBOC.EXE

2007-08-05 15:14 208,896 --a------ C:\WINDOWS\CMDLIC.DLL

2007-08-04 20:45 <DIR> d-------- C:\Program Files\Comodo

2007-08-03 20:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo

2007-08-03 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo

2007-08-01 13:53 <DIR> d-------- C:\Program Files\QuickTime

2007-07-30 13:35 33,648 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-07-29 00:13 943,104 --a------ C:\WINDOWS\system32\Coral_Clock_3D_Screensaver.scr

2007-07-29 00:13 380,928 --a------ C:\WINDOWS\system32\3Planesoft_Screensaver_Manager.scr

2007-07-29 00:13 11,170,304 --a------ C:\WINDOWS\system32\Coral Clock 3D Screensaver.exe

2007-07-29 00:13 <DIR> d-------- C:\WINDOWS\system32\3Planesoft

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-25 00:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-08-24 23:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-08-23 16:26 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2

2007-08-21 20:23 --------- d-------- C:\Program Files\Yahoo!

2007-08-21 20:23 --------- d-------- C:\Program Files\Common Files\Scanner

2007-08-21 20:20 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-08-21 20:20 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2007-08-21 20:10 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-20 23:15 --------- d-------- C:\Program Files\Trillian

2007-08-19 22:50 --------- drah----- C:\DOCUME~1\Owner\APPLIC~1\yahoo!

2007-08-19 22:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!

2007-08-11 00:01 --------- d-------- C:\Program Files\Common Files\InstallShield

2007-08-10 12:45 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-08-10 12:45 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-08-05 14:26 --------- d-------- C:\Program Files\iTunes

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-24 18:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-07-20 23:20 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner

2007-07-20 22:22 --------- d-------- C:\Program Files\Lavasoft

2007-07-20 18:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-07-17 11:29 --------- d-------- C:\Program Files\OpenOffice.org 2.2

2007-07-17 00:35 --------- d-------- C:\Program Files\CCleaner

2007-07-17 00:26 --------- d-------- C:\Program Files\Common Files\Symantec Shared

2007-07-16 23:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

2007-07-16 22:35 4110 -rahs---- C:\WINDOWS\system32\drivers\HP_DF247A-ABA 725n_YC_Pavi_QMX316A_E32NAheBLU3 _4_IA7N8X-LA_SASUSTeK Computer INC._V1.04_B3.06_T030327_WXH1_L409_M768_J82_7AMD_8Athlon XP 2400+_92_110DE006E_N10DE0066_P_Z_K_A10DE006A_U10DE0067_G.MRK

2007-07-15 15:34 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo

2007-07-13 21:15 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Move Networks

2007-07-11 15:17 --------- d-------- C:\Program Files\iPod

2007-07-11 15:14 --------- d-------- C:\Program Files\QuickTime Alternative

2007-07-03 23:31 --------- d-------- C:\Program Files\Common Files\Real

2007-07-03 23:06 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Jamdat

2007-07-02 21:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games

2007-06-30 14:20 --------- d-------- C:\Program Files\Common Files\Apple

2007-06-30 14:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

2007-06-29 20:34 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\RegistrySmart

2007-06-29 18:00 --------- d--h----- C:\DOCUME~1\Owner\APPLIC~1\ijjigame

2007-06-26 11:56 --------- d-------- C:\Program Files\Common Files\GTK

2007-06-26 11:55 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\.purple

2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3(2).dll

2007-06-25 22:34 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-06-21 21:54 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe

2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-04 20:45]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 15:14]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-01 13:53]

 

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\

Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-07-19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]

backup=C:\WINDOWS\pss\.protectedCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^.protected]

backup=C:\WINDOWS\pss\.protectedStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]

backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

ALCXMNTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

c:\windows\system\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

"C:\Windows\Creator\Remind_XP.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Ati HotKey Poller"=2 (0x2)

 

S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys

S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-08-25 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job - C:\Program Files\RegistrySmart\RegistrySmart.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-26 16:49:38

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-26 16:50:44

C:\ComboFix-quarantined-files.txt ... 2007-08-26 16:50

 

--- E O F ---

Edited by 911_H3LP3R
Link to post
Share on other sites

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

Folder::

C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^.protected]

 

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

 

 

NEXT

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

 

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives

      Scan Mail Bases

  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Posted Image

Posted Image

To obtain the report:

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply, as well as the contents of the new ComboFix.txt

 

 

 

In your next reply post:

ComboFix.txt

Kaspersky log

New HJT log

 

Let me know what issues remain

Link to post
Share on other sites

1 Hour 35 minutes later

 

Kaspersky Scan

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, August 26, 2007 7:27:12 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 25/08/2007

Kaspersky Anti-Virus database records: 389807

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

 

Scan Statistics:

Total number of scanned objects: 79620

Number of viruses found: 1

Number of infected objects: 1

Number of suspicious objects: 0

Duration of the scan process: 01:34:21

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41013974696a9ae2dd0f52d210b87bac_f114da71-8994-4af1-85b5-8fcfc1a7ff77 Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Sandbox\DefaultBox\RegHive Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Sandbox\DefaultBox\RegHive.LOG Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007082620070827\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF845F.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\ffbf25014acc8149811a03a3ac1b61cb\msxml4-KB927978-enu.log Object is locked skipped

C:\Program Files\Trillian\users\default\logs\AIM\Query\vud911.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP36\A0014628.dll Infected: not-a-virus:AdWare.Win32.Comet.bb skipped

C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP44\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP44\change.log Object is locked skipped

 

Scan process completed.

 

HJT LoG

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:28:09 PM, on 8/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - .DEFAULT User Startup: .protected (User 'Default user')

O4 - .DEFAULT User Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com//sdccommon/download/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187905905015

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187905891218

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 7966 bytes

 

ComboFix Scan

 

ComboFix 07-08-26 - "Owner" 2007-08-26 19:35:01.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.365 [GMT -5:00]

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt.txt

* Created a new restore point

 

 

((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 )))))))))))))))))))))))))))))))

 

 

2007-08-26 17:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-26 17:38 <DIR> d-------- C:\WINDOWS\LastGood

2007-08-26 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-08-25 09:29 <DIR> d-------- C:\Program Files\Trend Micro

2007-08-24 23:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-08-24 23:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com

2007-08-24 23:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-08-21 20:20 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2007-08-21 20:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-08-21 20:20 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-08-21 20:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-08-21 20:19 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-08-21 20:19 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-08-21 20:19 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-08-21 20:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-08-21 20:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

2007-08-21 20:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech

2007-08-21 20:11 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-08-21 20:10 <DIR> d-------- C:\Program Files\Logitech

2007-08-21 20:10 <DIR> d-------- C:\Program Files\Common Files\Logitech

2007-08-21 20:10 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield

2007-08-21 20:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

2007-08-19 19:07 29,696 --a------ C:\WINDOWS\mickey32.dll

2007-08-19 19:07 232,784 --a------ C:\WINDOWS\Matrix Code.scr

2007-08-19 19:07 2,285,222 --a------ C:\WINDOWS\Matrix Code.exe

2007-08-14 15:03 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-08-14 15:02 17,505 --------- C:\WINDOWS\hpomdl07.dat

2007-08-14 15:02 106,192 --a------ C:\WINDOWS\hpoins07.dat

2007-08-14 14:54 <DIR> d-------- C:\temp\FixEngine

2007-08-14 14:54 <DIR> d-------- C:\Program Files\Hp

2007-08-14 13:43 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinPatrol

2007-08-11 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com

2007-08-06 13:14 <DIR> d-------- C:\Program Files\Dvd-to-mpeg

2007-08-06 13:13 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2007-08-05 15:14 241,904 --a------ C:\WINDOWS\UNBOC.EXE

2007-08-05 15:14 208,896 --a------ C:\WINDOWS\CMDLIC.DLL

2007-08-04 20:45 <DIR> d-------- C:\Program Files\Comodo

2007-08-03 20:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo

2007-08-03 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo

2007-08-01 13:53 <DIR> d-------- C:\Program Files\QuickTime

2007-07-30 13:35 33,648 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-07-29 00:13 943,104 --a------ C:\WINDOWS\system32\Coral_Clock_3D_Screensaver.scr

2007-07-29 00:13 380,928 --a------ C:\WINDOWS\system32\3Planesoft_Screensaver_Manager.scr

2007-07-29 00:13 11,170,304 --a------ C:\WINDOWS\system32\Coral Clock 3D Screensaver.exe

2007-07-29 00:13 <DIR> d-------- C:\WINDOWS\system32\3Planesoft

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-25 00:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-08-24 23:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-08-23 16:26 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2

2007-08-21 20:23 --------- d-------- C:\Program Files\Yahoo!

2007-08-21 20:23 --------- d-------- C:\Program Files\Common Files\Scanner

2007-08-21 20:20 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-08-21 20:20 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2007-08-21 20:10 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-20 23:15 --------- d-------- C:\Program Files\Trillian

2007-08-19 22:50 --------- drah----- C:\DOCUME~1\Owner\APPLIC~1\yahoo!

2007-08-19 22:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!

2007-08-11 00:01 --------- d-------- C:\Program Files\Common Files\InstallShield

2007-08-10 12:45 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-08-10 12:45 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-08-05 14:26 --------- d-------- C:\Program Files\iTunes

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-24 18:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-07-20 23:20 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner

2007-07-20 22:22 --------- d-------- C:\Program Files\Lavasoft

2007-07-20 18:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-07-17 11:29 --------- d-------- C:\Program Files\OpenOffice.org 2.2

2007-07-17 00:35 --------- d-------- C:\Program Files\CCleaner

2007-07-17 00:26 --------- d-------- C:\Program Files\Common Files\Symantec Shared

2007-07-16 23:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

2007-07-16 22:35 4110 -rahs---- C:\WINDOWS\system32\drivers\HP_DF247A-ABA 725n_YC_Pavi_QMX316A_E32NAheBLU3 _4_IA7N8X-LA_SASUSTeK Computer INC._V1.04_B3.06_T030327_WXH1_L409_M768_J82_7AMD_8Athlon XP 2400+_92_110DE006E_N10DE0066_P_Z_K_A10DE006A_U10DE0067_G.MRK

2007-07-15 15:34 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo

2007-07-13 21:15 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Move Networks

2007-07-11 15:17 --------- d-------- C:\Program Files\iPod

2007-07-11 15:14 --------- d-------- C:\Program Files\QuickTime Alternative

2007-07-03 23:31 --------- d-------- C:\Program Files\Common Files\Real

2007-07-03 23:06 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Jamdat

2007-06-30 14:20 --------- d-------- C:\Program Files\Common Files\Apple

2007-06-30 14:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

2007-06-29 20:34 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\RegistrySmart

2007-06-29 18:00 --------- d--h----- C:\DOCUME~1\Owner\APPLIC~1\ijjigame

2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3(2).dll

2007-06-21 21:54 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe

2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-04 20:45]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 15:14]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-01 13:53]

 

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\

Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-07-19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]

backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

ALCXMNTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

c:\windows\system\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

"C:\Windows\Creator\Remind_XP.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Ati HotKey Poller"=2 (0x2)

 

S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys

S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-08-25 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job - C:\Program Files\RegistrySmart\RegistrySmart.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-26 19:37:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-26 19:38:24

C:\ComboFix-quarantined-files.txt ... 2007-08-26 19:37

C:\ComboFix2.txt ... 2007-08-26 17:37

C:\ComboFix3.txt ... 2007-08-26 16:50

 

--- E O F ---

Link to post
Share on other sites

1 Hour 35 minutes later

I've seen some say it took hours....

 

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

 

 

 

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - .DEFAULT User Startup: .protected (User 'Default user')

 

 

Reboot to set the registry.

 

 

 

Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

 

 

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files" ..Double click on the delete.reg file and choose Yes to merge/add it to the registry. It will look like this Posted Image .. You may delete the file afterwards.

 

 

 

 

Go to Start->Control Panel->System, System restore. Check "Turn off System Restore" and reboot. That will erase all restore points.

After reboot, go back in and turn System Restore back on. That will flush system restore out

More info and screenshots:

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

You can find instructions on how to disable and reenable system restore here also:

Windows XP System Restore Guide

 

 

 

I want you to read this article on Yahoo! Messenger vulnerbilty - update available Aug 22 2007

 

 

 

Post back and let me know what issues remaain.

Link to post
Share on other sites

PC Seems fine now, I'm not sure how someone would have gotten my Yahoo Email Password. Is there anything else I can do to ensure no keyloggers or anything like that get on my PC? I keep my PC updated and scan with my scanners weekly.

Link to post
Share on other sites

If that is actually what happened, I think it was through a vulnerbilty in the Version of Yahoo you had.

 

People are sneeky and tricky.

 

From your logs you appear to have a good onboard line of security installed.

 

Use the standard rule of thumb while on the internet.

 

Don't click on links in Instant messages or Emails that your unsure of.

Don't download music....or play a CD created from someone elses computer.

I know you get the picture.

 

 

 

 

 

 

Below are recommendations to protect your computer.

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Install and Update SpywareBlaster protects against bad ActiveX, browser hijackers, and dialers that are some of the fastest-growing threats on the Internet today.

Tutorial

 

IE-SPYAD puts over 5000 sites in your restricted zone so you will be protected when you visit innocent-looking sites that aren't actually innocent at all.

Tutorial

 

You can find a list of reliable trustworthy AntiSpyware programs here

 

Update these programs regularly . Without regular updates you will not be protected when new malicious programs are released.

Run them regularly as this can prevent a great deal of spyware hassle.

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Another article to read Dealing with Unwanted Spyware and Parasites

Secure My Computer: A Layered Approach

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Link to post
Share on other sites

I do not want a whole bunch of protecting programs on my PC. Could you please let me know of the programs I need on PC? Right now I have:

 

AVG

Spybot S&D

Comodo Firewall

SuperAntiSpyware

Ad-Aware 2007

CCleaner

Eusing Free Registry Cleaner

Link to post
Share on other sites

AVG <--A must have

Spybot S&D <--use weekly or more often depending on your surfing habits

Comodo Firewall <--A must have

SuperAntiSpyware <--I think a weekly scan would suffice

Ad-Aware 2007 <--Not familiar with this version

CCleaner <--weekly should be fine

Eusing Free Registry Cleaner <_Mis-use this program and your machine could suffer for it.

 

Install and Update SpywareBlaster protects against bad ActiveX, browser hijackers, and dialers that are some of the fastest-growing threats on the Internet today.

Tutorial

 

IE-SPYAD puts over 5000 sites in your restricted zone so you will be protected when you visit innocent-looking sites that aren't actually innocent at all.

Tutorial

Link to post
Share on other sites

http://www.bleepingcomputer.com/tutorials/tutorial53.html

 

The above is the tutorial....thats all I have.

This could be a good question to post in User to User.

 

 

Juliet heres a couple i use what do you think of them?

 

I use 90% whats on your list.

 

Sorry for butting in.

 

vCleaner, Stand Alone Virus Checker from Grisoft.

Can be downloaded from:

http://www.grisoft.com/doc/112/lng/us/tpl/tpl01

Save to your Desktop and run from there.

 

REGISTRY CLEANER:

 

Easy Cleaner, the best Registry Cleaner I've found so far.

Can be downloaded from:

http://personal.inet.fi/business/toniarts/ecleane.htm

Just scroll down to "Download & Installation" and click on the first floppy

disk symbol.

Link to post
Share on other sites

Hi starmac

 

I am not familiar with either of those programs and cannot recall seeing them suggested as tools in HJT forums.

This does not mean they are not good tools, it means I do not know about them and therefor cannot suggest them in cleaning up a computer.

 

I do make comments to those using registry cleaners to be careful, overused and frequent usage can do more harm then good.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...