Thread: HJT LOG - I can't remove programs anymore
View Single Post
  #3  
Old 05-09-2008, 09:57 AM
mandy1803 mandy1803 is offline
Junior Member
  
Join Date: May 2008
Posts: 4
Its all gotten worse!
So now it has disabled me from using my internet connection. So I did everything with my Jump Drive. The one issue is that it won't run ComboFix. I'm unsure of why. I ran the other two. Here they are.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:14 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [bkxqjuza] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bkxqjuza.dll"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Xws] C:\WINDOWS\system32\w?nlogon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Xws] C:\WINDOWS\system32\w?nlogon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/def...2.1.0.0.55.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/def...g.1.0.0.37.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamerival.oberon-media.com/Ga...onGameHost.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...h.1.0.0.47.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{300AE123-1621-403D-A113-225027BC6B26}: NameServer = 192.168.254.254,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{300AE123-1621-403D-A113-225027BC6B26}: NameServer = 192.168.254.254,4.2.2.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing)
O20 - Winlogon Notify: ddcyvut - ddcyvut.dll (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

--
End of file - 9692 bytes



SDFix: Version 1.180
Run by Owner on Thu 05/08/2008 at 09:42 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\Desktop\SDFix\SDFix

Checking Services :

Name :
MsSecurity1.209.4
runtime
smtpdrv
symavc32

Path :
C:\WINDOWS\winself.exe service
\??\C:\WINDOWS\System32\drivers\runtime.sys
System32\DRIVERS\smtpdrv.sys
\??\C:\WINDOWS\system32\drivers\symavc32.sys

MsSecurity1.209.4 - Deleted
runtime - Deleted
smtpdrv - Deleted
symavc32 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\UWUVI.DLL - Deleted
C:\14.TMP - Deleted
C:\15.TMP - Deleted
C:\16.TMP - Deleted
C:\17.TMP - Deleted
C:\18.TMP - Deleted
C:\PROGRA~1\MSNGAM~1\QUHA148 - Deleted
C:\PROGRA~1\MSNGAM~1\QUHA502 - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\WINDOWS\system32\TFTP188 - Deleted
C:\Program Files\Internet Explorer\setupapi.dll - Deleted
C:\spbot.log.txt - Deleted
C:\WINDOWS\123messenger.per - Deleted
C:\WINDOWS\2020search.dll - Deleted
C:\WINDOWS\2020search2.dll - Deleted
C:\WINDOWS\apphelp32.dll - Deleted
C:\WINDOWS\asferror32.dll - Deleted
C:\WINDOWS\asycfilt32.dll - Deleted
C:\WINDOWS\athp**y32.dll - Deleted
C:\WINDOWS\ati2dvaa32.dll - Deleted
C:\WINDOWS\ati2dvag32.dll - Deleted
C:\WINDOWS\audiosrv32.dll - Deleted
C:\WINDOWS\autodisc32.dll - Deleted
C:\WINDOWS\avifile32.dll - Deleted
C:\WINDOWS\avisynthex32.dll - Deleted
C:\WINDOWS\aviwrap32.dll - Deleted
C:\WINDOWS\bjam.dll - Deleted
C:\WINDOWS\bokja.exe - Deleted
C:\WINDOWS\browserad.dll - Deleted
C:\WINDOWS\cdsm32.dll - Deleted
C:\WINDOWS\changeurl_30.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\didduid.ini - Deleted
C:\WINDOWS\licencia.txt - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msa64chk.dll - Deleted
C:\WINDOWS\msapasrc.dll - Deleted
C:\WINDOWS\mspphe.dll - Deleted
C:\WINDOWS\mssvr.exe - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\ntnut.exe - Deleted
C:\WINDOWS\saiemod.dll - Deleted
C:\WINDOWS\shdocpe.dll - Deleted
C:\WINDOWS\shdocpl.dll - Deleted
C:\WINDOWS\stcloader.exe - Deleted
C:\WINDOWS\swin32.dll - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\rasqervy.dll - Deleted
C:\WINDOWS\system32\sdfinacs.dll - Deleted
C:\WINDOWS\system32\sdfixwcs.dll - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted
C:\WINDOWS\system32\wuasirvy.dll - Deleted
C:\WINDOWS\telefonos.txt - Deleted
C:\WINDOWS\textos.txt - Deleted
C:\WINDOWS\voiceip.dll - Deleted
C:\WINDOWS\winsb.dll - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\PerfInfo - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 21:58:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Nls\MUILanguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40, 38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Nls\MUILanguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6, ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Nls\MUILanguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a, 19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\syst em32\drivers\clbdriver.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nl s\MUILanguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40, 38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nl s\MUILanguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6, ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nl s\MUILanguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a, 19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Sa feBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Sa feBoot\Network\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\c lbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\syst em32\drivers\clbdriver.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run02"
"control"=hex:1a,00,15,13,07,11,5b,1b,1e,1b,0b,15, 08,13,1b,0a,0b,f2,e0,ec,f0,..
"prov"="10010"
"googleadserver"="pagead2.googlesyndication.co m"
"flagged"=dword:00000001

scanning hidden files ...

C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbdll.dll 35328 bytes executable
C:\WINDOWS\system32\clbinit.dll 1695 bytes
C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll 110080 bytes executable
C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll 501248 bytes executable
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll 100864 bytes executable
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll 468480 bytes executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable
C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll 499712 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 17


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\SDFix\backups\back ups.zip

Files with Hidden Attributes :

Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 16 Oct 2007 20,640 A.SH. --- "C:\WINDOWS\system32\bkapfifs.dllbox"
Wed 28 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\cluzcifo.dllbox"
Tue 16 Oct 2007 17,006 A.SH. --- "C:\WINDOWS\system32\dqxynhje.dllbox"
Wed 17 Oct 2007 17,006 A.SH. --- "C:\WINDOWS\system32\fsrjvxer.dllbox"
Tue 16 Oct 2007 17,006 A.SH. --- "C:\WINDOWS\system32\fwumjolr.dllbox"
Thu 1 Nov 2007 6,465 A.SH. --- "C:\WINDOWS\system32\gjllm.bak1"
Tue 22 Feb 2005 106 A..H. --- "C:\WINDOWS\system32\ngxxw03qb.dll"
Wed 17 Oct 2007 17,006 A.SH. --- "C:\WINDOWS\system32\pkhipgia.dllbox"
Wed 17 Oct 2007 17,006 A.SH. --- "C:\WINDOWS\system32\pmakfixz.dllbox"
Tue 16 Oct 2007 470,169 A.SH. --- "C:\WINDOWS\system32\qtstv.tmp"
Fri 2 Nov 2007 433,548 A.SH. --- "C:\WINDOWS\system32\qtstv.bak2"
Wed 17 Oct 2007 17,006 A.SH. --- "C:\WINDOWS\system32\untcxmld.dllbox"
Sun 14 Oct 2007 16,872 A.SH. --- "C:\WINDOWS\system32\ywrrmalo.dllbox"
Wed 26 Apr 2006 0 A.SH. --- "C:\WINDOWS\Temp\7b6v5pb4.TMP"
Wed 20 Dec 2006 53,760 A.SHR --- "C:\WINDOWS\Temp\abc1083.tmp"
Thu 30 Nov 2006 80,896 A.SHR --- "C:\WINDOWS\Temp\abc1CE5.tmp"
Tue 9 Jan 2007 53,760 A.SHR --- "C:\WINDOWS\Temp\abc1E5F.tmp"
Thu 30 Nov 2006 80,896 A.SHR --- "C:\WINDOWS\Temp\abc2473.tmp"
Fri 1 Dec 2006 80,896 A.SHR --- "C:\WINDOWS\Temp\abc5F0C.tmp"
Fri 8 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abc6409.tmp"
Tue 5 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abc69F4.tmp"
Sat 9 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abc90A5.tmp"
Sun 17 Dec 2006 53,760 A.SHR --- "C:\WINDOWS\Temp\abc987E.tmp"
Sat 2 Dec 2006 80,896 A.SHR --- "C:\WINDOWS\Temp\abcA8F7.tmp"
Wed 6 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abcAD68.tmp"
Mon 4 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abcB138.tmp"
Thu 7 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abcC20D.tmp"
Tue 26 Dec 2006 53,760 A.SHR --- "C:\WINDOWS\Temp\abcC924.tmp"
Sat 2 Dec 2006 80,896 A.SHR --- "C:\WINDOWS\Temp\abcD934.tmp"
Sun 3 Dec 2006 85,504 A.SHR --- "C:\WINDOWS\Temp\abcED77.tmp"
Wed 10 Jan 2007 53,760 A.SHR --- "C:\WINDOWS\Temp\abcEDB9.tmp"
Sat 13 Jan 2007 53,760 A.SHR --- "C:\WINDOWS\Temp\abcF27E.tmp"
Sat 9 Dec 2006 52,224 A.SHR --- "C:\WINDOWS\Temp\abcFB3F.tmp"
Wed 3 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 19 Feb 2004 175,616 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL0028.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Mon 25 Feb 2008 69,120 A..H. --- "C:\Documents and Settings\Owner\My Documents\wedding_stuff\wedding\~WRL0002.tmp"
Sat 6 Oct 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!



Hope that helps a little bit. I will keep trying with thte ComboFix.

Thanks!
Reply With Quote