Author Topic: Help me please,i need your help  (Read 18342 times)

0 Members and 1 Guest are viewing this topic.

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1450
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Help me please,i need your help
« Reply #15 on: July 15, 2007, 06:14:11 PM »
I'm working on why you can't post it.  I've determined what in the log is causing it, but not why it causes the forums to not accept the post.

Remember, logs must be posted to the forums before we'll work on them.  I'm going to post an edited version with cmd-dot-exe instead of cmd . exe so that it'll work.

Aaron

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1450
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Help me please,i need your help
« Reply #16 on: July 15, 2007, 06:14:26 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:29 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd-dot-exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Slave.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Ace Explorer\Aexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: XBTP01621 - {9EDB89EF-E4BC-4c70-B102-8F7A4365EE33} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - G:\Webshots\WSToolbar4IE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd-dot-exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\PROGRA~1\THEPRI~1\THEPRI~1.EXE" /startup
O4 - HKCU\..\Run: [PcSync] G:\New Folder (6)\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: WinManager.lnk = C:\Program Files\digiTOP\WinManager\WinManager.exe
O8 - Extra context menu item: &Webshots Photo Search - res://G:\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - G:\Ahmed%20Castle\Advanced%20Email%20Extractor%20Pro\AeeMSIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - G:\Ahmed%20Castle\Advanced%20Email%20Extractor%20Pro\AeeMSIE.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D636428-D8E7-46E9-A30A-8F646FFFEE25}: NameServer = 163.121.128.134 212.103.160.18
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINDOWS\Slave.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

--
End of file - 8054 bytes

Offline Mr Mando

  • Full Member
  • ***
  • Posts: 26
    • View Profile
Re: Help me please,i need your help
« Reply #17 on: July 15, 2007, 06:23:23 PM »
is there something i can do or just wait Aaron ?

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1450
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Help me please,i need your help
« Reply #18 on: July 15, 2007, 06:28:00 PM »
Please wait for someone to review your log and post instructions.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Help me please,i need your help
« Reply #19 on: July 15, 2007, 06:31:13 PM »
Hi, Mr Mando.  While Aaron was working on that problem, we have been looking at your log.  You do have some serious problems so let's see if we can get the cleanup started. 

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Please include a fresh HJT log with the log from Dr.Web (and hope that the software will allow you to post it.)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Mr Mando

  • Full Member
  • ***
  • Posts: 26
    • View Profile
Re: Help me please,i need your help
« Reply #20 on: July 15, 2007, 08:51:49 PM »
mediabar.dll;c:\program files\imesh applications\imesh mediabar;Adware.Softomate;Deleted.;
srvany.exe;c:\windows\system32;Program.SrvAny;Renamed.;
svchost.exe;c:\windows\system32\sysadded;BackDoor.Bifrost;Deleted.;
AUTOEXEC.BAT;C:\;Deltree.Generic;Deleted.;
srvany.exe;C:\WINDOWS\system32;Program.SrvAny;Deleted.;
kas.exe;C:\WINDOWS\system32;Trojan.PWS.LDPinch.1622;Deleted.;
sxmm.dll;C:\WINDOWS\system32;BackDoor.TerraBit;Deleted.;
SHNT288.exe;C:\Documents and Settings\XPPRESP3\Local Settings\Temp;Adware.NewDotNet;Deleted.;
MediaBar.dll;C:\Program Files\iMesh applications\iMesh MediaBar;Adware.Softomate;Deleted.;
A0000015.exe;C:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;BackDoor.Bifrost;Deleted.;
A0000016.exe;C:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.PWS.LDPinch.1622;Deleted.;
A0000017.dll;C:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;BackDoor.TerraBit;Deleted.;
MSN-Winks.exe;G:\;Adware.nCase;Renamed.;
Install-Emoticons.exe;G:\;Adware.nCase;Deleted.;
PrivacyGuardSetup.exe;G:\;Trojan.Ulone;Deleted.;
PrivacyGuardSetup.exe;G:\The Privacy Guard 1.5 + Crack;Trojan.Ulone;Deleted.;
Client.exe\data001;G:\Ahmedy\c\TVM\Client.exe;BackDoor.TerraBit;;
Client.exe;G:\Ahmedy\c\TVM;Archive contains infected objects;Moved.;
MSN-Winks.#xe;G:\;Adware.nCase;Deleted.;
scklpro.exe;G:\2007-\C\vbhacker\vbhacker;Trojan.SCKeyLog.33;Incurable.Moved.;
BrutusA2.exe;G:\2007-\C\brutus-aet2;Tool.BrutusPWS;Deleted.;
hehe.bat;G:\2007-\C\Ahmed Attacking Castle\V.I.P;Deltree.Generic;Deleted.;
mspass.exe;G:\2007-\C\Ahmed Attacking Castle\Desktop\mspass;Tool.MessenPass;Deleted.;
A0000018.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.Ulone;Deleted.;
A0000019.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.Ulone;Deleted.;
A0000020.exe\data001;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3\A0000020.exe;BackDoor.TerraBit;;
A0000020.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Archive contains infected objects;Moved.;
A0000023.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Adware.nCase;Deleted.;
A0000024.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Adware.nCase;Deleted.;
A0000028.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.SCKeyLog.33;Incurable.Moved.;
A0000029.bat;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Deltree.Generic;Deleted.;
A0000030.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Tool.BrutusPWS;Deleted.;
A0000031.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Tool.MessenPass;Deleted.;
IceCold_ReLoaded.exe;G:\Mando WWE & Other Wrestling\Ahmedy\c;Tool.Homac;Deleted.;
MSN Password Finder v2.0.exe;G:\Mando WWE & Other Wrestling\Ahmedy\c\MSN-Password-Finder-2[1].0;Tool.MsnCheck;Deleted.;

Offline Mr Mando

  • Full Member
  • ***
  • Posts: 26
    • View Profile
Re: Help me please,i need your help
« Reply #21 on: July 15, 2007, 09:00:41 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:29 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd-dot-exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Slave.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Ace Explorer\Aexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: XBTP01621 - {9EDB89EF-E4BC-4c70-B102-8F7A4365EE33} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - G:\Webshots\WSToolbar4IE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd-dot-exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\PROGRA~1\THEPRI~1\THEPRI~1.EXE" /startup
O4 - HKCU\..\Run: [PcSync] G:\New Folder (6)\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd-dot-exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: WinManager.lnk = C:\Program Files\digiTOP\WinManager\WinManager.exe
O8 - Extra context menu item: &Webshots Photo Search - res://G:\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - G:\Ahmed%20Castle\Advanced%20Email%20Extractor%20Pro\AeeMSIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - G:\Ahmed%20Castle\Advanced%20Email%20Extractor%20Pro\AeeMSIE.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D636428-D8E7-46E9-A30A-8F646FFFEE25}: NameServer = 163.121.128.134 212.103.160.18
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINDOWS\Slave.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

--
End of file - 8054 bytes

Offline Mr Mando

  • Full Member
  • ***
  • Posts: 26
    • View Profile
Re: Help me please,i need your help
« Reply #22 on: July 15, 2007, 09:05:15 PM »
i posted the cureit log and the HJT log,but when i rebooted the pc,i still find the messege that says you are hacked,what can i do.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Help me please,i need your help
« Reply #23 on: July 15, 2007, 09:06:33 PM »
Hi, Mr Mando. 

Two things, please.  Could you post the complete Dr Web log please.  We need to see all of it.  Also, in order to see what is remaining, we
need to see a new HijackThis log now that you've run Dr Web.  Hopefully, there won't be further problems posting a new log.  If you receive the same error as before, try placing the log between the quote tags as shown in the code box below:

Code: [Select]
[quote]

paste log

[/quote]

Thanks.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Mr Mando

  • Full Member
  • ***
  • Posts: 26
    • View Profile
Re: Help me please,i need your help
« Reply #24 on: July 15, 2007, 09:12:03 PM »
here is the complete Dr Web Log

Code: [Select]
mediabar.dll;c:\program files\imesh applications\imesh mediabar;Adware.Softomate;Deleted.;
srvany.exe;c:\windows\system32;Program.SrvAny;Renamed.;
svchost.exe;c:\windows\system32\sysadded;BackDoor.Bifrost;Deleted.;
AUTOEXEC.BAT;C:\;Deltree.Generic;Deleted.;
srvany.exe;C:\WINDOWS\system32;Program.SrvAny;Deleted.;
kas.exe;C:\WINDOWS\system32;Trojan.PWS.LDPinch.1622;Deleted.;
sxmm.dll;C:\WINDOWS\system32;BackDoor.TerraBit;Deleted.;
SHNT288.exe;C:\Documents and Settings\XPPRESP3\Local Settings\Temp;Adware.NewDotNet;Deleted.;
MediaBar.dll;C:\Program Files\iMesh applications\iMesh MediaBar;Adware.Softomate;Deleted.;
A0000015.exe;C:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;BackDoor.Bifrost;Deleted.;
A0000016.exe;C:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.PWS.LDPinch.1622;Deleted.;
A0000017.dll;C:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;BackDoor.TerraBit;Deleted.;
MSN-Winks.exe;G:\;Adware.nCase;Renamed.;
Install-Emoticons.exe;G:\;Adware.nCase;Deleted.;
PrivacyGuardSetup.exe;G:\;Trojan.Ulone;Deleted.;
PrivacyGuardSetup.exe;G:\The Privacy Guard 1.5 + Crack;Trojan.Ulone;Deleted.;
Client.exe\data001;G:\Ahmedy\c\TVM\Client.exe;BackDoor.TerraBit;;
Client.exe;G:\Ahmedy\c\TVM;Archive contains infected objects;Moved.;
MSN-Winks.#xe;G:\;Adware.nCase;Deleted.;
scklpro.exe;G:\2007-\C\vbhacker\vbhacker;Trojan.SCKeyLog.33;Incurable.Moved.;
BrutusA2.exe;G:\2007-\C\brutus-aet2;Tool.BrutusPWS;Deleted.;
hehe.bat;G:\2007-\C\Ahmed Attacking Castle\V.I.P;Deltree.Generic;Deleted.;
mspass.exe;G:\2007-\C\Ahmed Attacking Castle\Desktop\mspass;Tool.MessenPass;Deleted.;
A0000018.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.Ulone;Deleted.;
A0000019.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.Ulone;Deleted.;
A0000020.exe\data001;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3\A0000020.exe;BackDoor.TerraBit;;
A0000020.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Archive contains infected objects;Moved.;
A0000023.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Adware.nCase;Deleted.;
A0000024.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Adware.nCase;Deleted.;
A0000028.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Trojan.SCKeyLog.33;Incurable.Moved.;
A0000029.bat;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Deltree.Generic;Deleted.;
A0000030.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Tool.BrutusPWS;Deleted.;
A0000031.exe;G:\System Volume Information\_restore{163A3451-9F87-4EB0-A9BC-4C626768919C}\RP3;Tool.MessenPass;Deleted.;
IceCold_ReLoaded.exe;G:\Mando WWE & Other Wrestling\Ahmedy\c;Tool.Homac;Deleted.;
MSN Password Finder v2.0.exe;G:\Mando WWE & Other Wrestling\Ahmedy\c\MSN-Password-Finder-2[1].0;Tool.MsnCheck;Deleted.;

Offline Mr Mando

  • Full Member
  • ***
  • Posts: 26
    • View Profile
Re: Help me please,i need your help
« Reply #25 on: July 15, 2007, 09:25:44 PM »
i cant paste the HJT new log like the same error before,so plz download it and post it by yourself

here is the link: http://rapidshare.com/files/43129778/mylog2.txt.html

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Help me please,i need your help
« Reply #26 on: July 15, 2007, 09:26:35 PM »
Hi, Mr Mando.  A quick look at what has been removed by Dr Web and I must warn you.  If the file below isn't something you intentionally installed on your computer and if you do any online banking or bill paying, that you change go to another computer and change the passwords as soon as possible and not use this computer for any personal or financial transactions until it is cleaned.

MSN Password Finder v2.0.exe;G:\Mando WWE & Other Wrestling\Ahmedy\c\MSN-Password-Finder-2[1].0;Tool.MsnCheck;Deleted.;


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Help me please,i need your help
« Reply #27 on: July 15, 2007, 09:27:53 PM »
Ok, we'll try the log in parts:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:18 AM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Help me please,i need your help
« Reply #28 on: July 15, 2007, 09:28:16 PM »
C:\WINDOWS\system32\cmd.exe


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Help me please,i need your help
« Reply #29 on: July 15, 2007, 09:28:42 PM »
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Slave.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Ace Explorer\Aexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - G:\Webshots\WSToolbar4IE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\PROGRA~1\THEPRI~1\THEPRI~1.EXE" /startup
O4 - HKCU\..\Run: [PcSync] G:\New Folder (6)\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: WinManager.lnk = C:\Program Files\digiTOP\WinManager\WinManager.exe
O8 - Extra context menu item: &Webshots Photo Search - res://G:\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - G:\Ahmed%20Castle\Advanced%20Email%20Extractor%20Pro\AeeMSIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - G:\Ahmed%20Castle\Advanced%20Email%20Extractor%20Pro\AeeMSIE.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D636428-D8E7-46E9-A30A-8F646FFFEE25}: NameServer = 163.121.128.134 212.103.160.18
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINDOWS\Slave.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe (file missing)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.