ericagm
-
Content Count
14 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by ericagm
-
-
I couldn't figure out how to view the log. Here is what I got:
8/11/2008 3:21:30 AM:437
Immunizer Results
ActiveX section has been immunized. No items were processed.
8/11/2008 9:24:05 AM:0
Immunizer Results
ActiveX section has been immunized, Processed 2 items.
8/11/2008 1:41:41 PM:750
Service Stopped
Spyware Doctor Service Application Stopped
8/11/2008 1:43:26 PM:140
Service Started
Spyware Doctor Service Application started
8/11/2008 1:43:26 PM:156
OnGuards status
All OnGuards were Enabled
8/11/2008 1:43:26 PM:906
Immunizer Results
ActiveX section has been immunized. No items were processed.
8/11/2008 1:43:34 PM:843
Scan Started
Scan Type - Full Scan
8/11/2008 1:43:34 PM:843
Startup Scan
Initialising Startup Scan:Full scan of this computer
8/11/2008 1:44:47 PM:515
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_872265 .statcounter.com
8/11/2008 1:44:47 PM:515
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VID .yadro.ru
8/11/2008 1:44:47 PM:515
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_2410742 .statcounter.com
8/11/2008 1:44:47 PM:515
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_2704265 .statcounter.com
8/11/2008 1:44:47 PM:515
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_1228341 .statcounter.com
8/11/2008 1:44:48 PM:15
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fobbcox7Ceglcmac .2o7.net
8/11/2008 1:44:48 PM:15
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_gijrkx7C .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_gijupe .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fx60ejdhj .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fhkpwjv .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net
8/11/2008 1:44:48 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net
8/11/2008 1:44:48 PM:125
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .kango.112.2o7.net
8/11/2008 1:44:48 PM:437
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ACOOKIE statse.webtrendslive.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - recentviewslr .nextag.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - k .nextag.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - visitorId .nextag.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - rvd .nextag.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - prf .nextag.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - _jsen1 .nextag.com
8/11/2008 1:44:48 PM:500
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - recentview .nextag.com
8/11/2008 1:44:48 PM:703
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HumanClickACTIVE server.iad.liveperson.net
8/11/2008 1:44:48 PM:703
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HumanClickID server.iad.liveperson.net
8/11/2008 1:44:48 PM:843
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - XCLGFbrowser .com.com
8/11/2008 1:44:48 PM:843
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .ice.112.2o7.net
8/11/2008 1:44:49 PM:31
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VISID counter.hitslink.com
8/11/2008 1:44:49 PM:687
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ClrSCD www.bluemountain.com
8/11/2008 1:44:49 PM:687
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ClrOSSID www.bluemountain.com
8/11/2008 1:44:49 PM:687
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - mc_p .bluemountain.com
8/11/2008 1:44:49 PM:687
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ClrSSID www.bluemountain.com
8/11/2008 1:44:49 PM:890
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - buzz466 www.buzztone.com
8/11/2008 1:44:50 PM:312
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - id .doubleclick.net
8/11/2008 1:44:50 PM:734
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - lsn_statp .linksynergy.com
8/11/2008 1:44:50 PM:734
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - lsn_track .linksynergy.com
8/11/2008 1:44:51 PM:375
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - HumanClickID sales.liveperson.net
8/11/2008 1:44:51 PM:921
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .mohg.112.2o7.net
8/11/2008 1:44:51 PM:937
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .viamtvcom.112.2o7.net
8/11/2008 1:44:52 PM:140
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - NC1U www3.addfreestats.com
8/11/2008 1:44:52 PM:203
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .avgtechnologies.112.2o7.net
8/11/2008 1:44:52 PM:281
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - HISTORY .adultfriendfinder.com
8/11/2008 1:44:52 PM:281
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - ffadult_tr .adultfriendfinder.com
8/11/2008 1:44:52 PM:625
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .webxites.122.2o7.net
8/11/2008 1:44:52 PM:765
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .warnerbros.112.2o7.net
8/11/2008 1:44:53 PM:0
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .saksfifthavenue.122.2o7.net
8/11/2008 2:11:58 PM:875
Immunizer Results
ActiveX section has been immunized. No items were processed.
8/11/2008 2:32:54 PM:250
Scan Finished
Scan Type - Full Scan
Items Processed - 288187
Threats Detected - 3
Infections Detected - 46
Infections Ignored - 0
8/11/2008 2:36:31 PM:937
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - NC1U www3.addfreestats.com
8/11/2008 2:36:31 PM:968
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - lsn_track .linksynergy.com
8/11/2008 2:36:31 PM:984
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - lsn_statp .linksynergy.com
8/11/2008 2:36:32 PM:31
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - XCLGFbrowser .com.com
8/11/2008 2:36:32 PM:31
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HumanClickID server.iad.liveperson.net
8/11/2008 2:36:32 PM:46
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HumanClickACTIVE server.iad.liveperson.net
8/11/2008 2:36:32 PM:78
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - recentview .nextag.com
8/11/2008 2:36:32 PM:93
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - _jsen1 .nextag.com
8/11/2008 2:36:32 PM:93
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - prf .nextag.com
8/11/2008 2:36:32 PM:93
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - rvd .nextag.com
8/11/2008 2:36:32 PM:93
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - visitorId .nextag.com
8/11/2008 2:36:32 PM:109
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - k .nextag.com
8/11/2008 2:36:32 PM:109
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - recentviewslr .nextag.com
8/11/2008 2:36:32 PM:125
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_1228341 .statcounter.com
8/11/2008 2:36:32 PM:140
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_2704265 .statcounter.com
8/11/2008 2:36:32 PM:140
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_2410742 .statcounter.com
8/11/2008 2:36:32 PM:140
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_872265 .statcounter.com
8/11/2008 2:36:32 PM:375
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .saksfifthavenue.122.2o7.net
8/11/2008 2:36:32 PM:375
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .warnerbros.112.2o7.net
8/11/2008 2:36:32 PM:421
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .webxites.122.2o7.net
8/11/2008 2:36:32 PM:421
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .avgtechnologies.112.2o7.net
8/11/2008 2:36:32 PM:421
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .viamtvcom.112.2o7.net
8/11/2008 2:36:32 PM:484
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .mohg.112.2o7.net
8/11/2008 2:36:32 PM:484
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - HumanClickID sales.liveperson.net
8/11/2008 2:36:32 PM:484
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - id .doubleclick.net
8/11/2008 2:36:32 PM:515
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - buzz466 www.buzztone.com
8/11/2008 2:36:32 PM:515
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ClrSSID www.bluemountain.com
8/11/2008 2:36:32 PM:578
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - mc_p .bluemountain.com
8/11/2008 2:36:32 PM:578
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ClrOSSID www.bluemountain.com
8/11/2008 2:36:32 PM:578
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ClrSCD www.bluemountain.com
8/11/2008 2:36:32 PM:593
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VISID counter.hitslink.com
8/11/2008 2:36:32 PM:671
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .ice.112.2o7.net
8/11/2008 2:36:32 PM:687
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ACOOKIE statse.webtrendslive.com
8/11/2008 2:36:32 PM:687
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi .kango.112.2o7.net
8/11/2008 2:36:32 PM:718
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net
8/11/2008 2:36:32 PM:718
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net
8/11/2008 2:36:32 PM:734
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net
8/11/2008 2:36:32 PM:781
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fhkpwjv .2o7.net
8/11/2008 2:36:32 PM:796
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fx60ejdhj .2o7.net
8/11/2008 2:36:32 PM:796
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_gijupe .2o7.net
8/11/2008 2:36:32 PM:796
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_gijrkx7C .2o7.net
8/11/2008 2:36:32 PM:796
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net
8/11/2008 2:36:32 PM:875
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fobbcox7Ceglcmac .2o7.net
8/11/2008 2:36:32 PM:937
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VID .yadro.ru
8/11/2008 2:36:33 PM:593
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - ffadult_tr .adultfriendfinder.com
8/11/2008 2:36:33 PM:593
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - HISTORY .adultfriendfinder.com
8/11/2008 2:36:39 PM:62
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 46
Remove Failed - 0
8/11/2008 3:02:41 PM:671
Immunizer Results
ActiveX section has been immunized. No items were processed.
8/11/2008 6:00:20 PM:625
Scan Started
Scan Type - Intelli-Scan
8/11/2008 6:00:20 PM:687
Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
8/11/2008 6:00:41 PM:218
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_872265 .statcounter.com
8/11/2008 6:00:41 PM:281
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VID .yadro.ru
8/11/2008 6:00:41 PM:281
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_2410742 .statcounter.com
8/11/2008 6:00:41 PM:281
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_2704265 .statcounter.com
8/11/2008 6:00:41 PM:281
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - session_1228341 .statcounter.com
8/11/2008 6:00:41 PM:828
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_fobbcox7Ceglcmac .2o7.net
8/11/2008 6:00:41 PM:828
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net
-
I haven't heard the random sound clips yet!!! phew! I re-ran Spy Doctor and it said I had A LOT of infected files with Application.TrackingCookies, Adware.Advertising, and Spyware.Known_Bad_Sites. Is this the same issue? or something completely different? I click to Clean the files, but every time I re-scan, files continue to be infected. I'm not sure if this is related to my previous problem??
-
When I reran Hijack This, these did not show up:
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)
Last night I didn't restart my computer, so I'm thinking that I needed to reboot my computer in order for the cleaning to take effect. ?
Here is my new log (all clean?):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:42 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
--
End of file - 11210 bytes
-
OTMoveIT2 Log:
Explorer killed successfully
Service not present: afinding.
Service not present: macidwe.
Service not present: NOBICYT.
Service not present: perfs.
Service not present: routing.
Service not present: sobicyt.
Service not present: tdxdowkc.
Service not present: wserving.
C:\WINDOWS\system32\AFinding.exe moved successfully.
C:\WINDOWS\system32\macidwe.exe moved successfully.
C:\WINDOWS\system32\Nobicyt.exe moved successfully.
C:\WINDOWS\system32\perfs.exe moved successfully.
C:\WINDOWS\system32\routing.exe moved successfully.
C:\WINDOWS\system32\sobicyt.exe moved successfully.
C:\WINDOWS\system32\tdxdowkc.exe moved successfully.
C:\WINDOWS\system32\WServing.exe moved successfully.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_045554
Updated Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:43 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WServing.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EricaGM\Desktop\OTMoveIt2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)
--
End of file - 12384 bytes
-
OOOOPs i didn't do the second part. I just saw that! let me do it now and post the new log. Sorry about that.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:07 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WServing.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe
--
End of file - 12207 bytes
-
Thanks for the steps. Here is my recent log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:34 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WServing.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Picasa2\Picasa2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe
--
End of file - 12245 bytes
-
I found it:
Deckard's System Scanner v20071014.68
Run by EricaGM on 2008-08-07 18:40:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
87: 2008-08-07 22:40:27 UTC - RP468 - Deckard's System Scanner Restore Point
86: 2008-08-06 21:21:38 UTC - RP467 - Spyware Doctor: Cleaning Threats
85: 2008-08-06 21:20:53 UTC - RP466 - Spyware Doctor: Cleaning Threats
84: 2008-08-06 03:33:10 UTC - RP465 - System Checkpoint
83: 2008-08-04 16:02:38 UTC - RP464 - Spyware Doctor: Cleaning Threats
-- First Restore Point --
1: 2008-05-10 16:43:43 UTC - RP382 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.15 GiB (less than 15%) free.
-- HijackThis (run as EricaGM.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:17 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EricaGM\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\EricaGM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
--
End of file - 11127 bytes
-- File Associations -----------------------------------------------------------
.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; Quick Launch Buttons>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>
R3 pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; Quick Launch Buttons>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 macidwe (macidwe Service) - c:\windows\system32\macidwe.exe
R2 NOBICYT (NOBICYT Service) - c:\windows\system32\nobicyt.exe (file missing)
R2 sobicyt - c:\windows\system32\sobicyt.exe (file missing)
R2 tdxdowkc (tdxdowkc Service) - c:\windows\system32\tdxdowkc.exe
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
S2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&44447945&0
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&44447945&0
Service: adgcdzyz
-- Scheduled Tasks -------------------------------------------------------------
2008-07-24 23:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-14 09:00:01 868 --a------ C:\WINDOWS\Tasks\wrSpySweeper20060612064852.job
-- Files created between 2008-07-07 and 2008-08-07 -----------------------------
2008-08-07 16:44:00 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Malwarebytes
2008-08-07 16:43:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 16:43:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 12:34:54 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Elluminate
2008-08-06 23:32:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-08-04 20:44:39 0 d-------- C:\Documents and Settings\EricaGM\Application Data\TrojanHunter
2008-08-04 18:12:21 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-07-31 17:00:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 12:18:41 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Sunbelt Software
2008-07-31 11:32:04 0 d-------- C:\Program Files\uTorrent
2008-07-29 01:18:09 0 d-------- C:\Program Files\Gre Bible
2008-07-29 01:17:54 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-07-29 01:17:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-21 20:25:48 0 d-------- C:\Documents and Settings\EricaGM\DoctorWeb
2008-07-20 03:28:08 68096 --a------ C:\WINDOWS\zip.exe
2008-07-20 03:28:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-20 03:28:08 98816 --a------ C:\WINDOWS\sed.exe
2008-07-20 03:28:08 80412 --a------ C:\WINDOWS\grep.exe
2008-07-20 03:28:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-20 03:28:07 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-20 03:28:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-20 02:17:39 0 dr------- C:\Documents and Settings\LocalService\Favorites
-- Find3M Report ---------------------------------------------------------------
2008-08-07 18:10:29 30008 --a------ C:\Documents and Settings\EricaGM\Application Data\.googlewebacchosts
2008-08-07 13:12:09 0 d-------- C:\Program Files\Spyware Doctor
2008-08-06 23:33:18 0 d-------- C:\Program Files\Google
2008-08-04 19:06:46 0 d-------- C:\Documents and Settings\EricaGM\Application Data\uTorrent
2008-08-04 18:32:08 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Skype
2008-08-04 16:03:19 0 d-------- C:\Documents and Settings\EricaGM\Application Data\skypePM
2008-08-04 11:55:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-01 14:48:36 0 d-------- C:\Documents and Settings\EricaGM\Application Data\LimeWire
2008-07-30 02:22:58 0 d-------- C:\Program Files\Common Files\Real
2008-07-30 02:22:52 0 d-------- C:\Program Files\Common Files
2008-07-30 02:22:46 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Real
2008-07-22 18:53:32 0 d-------- C:\Program Files\music_now
2008-07-22 15:16:01 0 d-------- C:\Documents and Settings\EricaGM\Application Data\MSNInstaller
2008-07-20 03:16:56 0 d-------- C:\Program Files\Trend Micro
2008-07-01 19:57:03 31915564 --a------ C:\Program Files\kis7.0.1.325en.exe <Not Verified; Kaspersky Lab; Kaspersky Internet Security>
2008-06-24 02:10:33 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Printer Info Cache
2008-06-24 02:04:10 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Costco Photo Organizer
2008-06-24 02:02:31 5998080 --a------ C:\Program Files\Costco_1.5.0.102.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-08 23:46:28 0 d-------- C:\Documents and Settings\EricaGM\Application Data\U3
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [01/25/2006 02:21 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 06:51 PM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 06:51 PM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 06:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 05:27 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [08/04/2008 06:18 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -cexwxfst.sys2.0
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/2/2008 10:27:45 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 4:01:04 AM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/10/2007 1:24:38 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Registration"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 05:39 PM 294400]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc2a388-0366-11dc-abf0-00163607b1d7}]
AutoRun\command- H:\qwc.exe
explore\Command- H:\qwc.exe
open\Command- H:\qwc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118bc8-7bfc-11db-aae8-00163607b1d7}]
AutoRun\command- uqhqx1.cmd
explore\Command- uqhqx1.cmd
open\Command- uqhqx1.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38610133-0e34-11db-a9ee-00163607b1d7}]
Auto\command- H:\MSOCache\doWTP_RESTORE.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c60959f-8c80-11dc-acc6-00163607b1d7}]
AutoRun\command- .exe
explore\Command- .exe
open\Command- .exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488107b4-5c04-11dc-ac4e-00163607b1d7}]
AutoRun\command- J:\qwc.exe
explore\Command- J:\qwc.exe
open\Command- J:\qwc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58278598-435a-11dc-ac22-00163607b1d7}]
Auto\command- G:\MSOCache\doWTP_RESTORE.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586284de-9e1b-11db-ab21-00163607b1d7}]
AutoRun\command- G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586284df-9e1b-11db-ab21-00163607b1d7}]
Auto\command- MSOCache\doWTP_RESTORE.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ac8710-544e-11dc-ac3b-00163607b1d7}]
Auto\command- G:\MSOCache\doWTP_RESTORE.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7de040aa-2ef1-11db-aa3f-00163607b1d7}]
AutoRun\command- rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5e834d6-4acf-11dc-ac2c-00163607b1d7}]
Auto\command- G:\MSOCache\doWTP_RESTORE.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
-- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------
-
I posted the only log that came up on a notepad. Where can I find this missing log on my computer?
Thanks
-
OTMoveIt2
C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip moved successfully.
C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip moved successfully.
File/Folder C:\WINDOWS\system32\afinding.exe not found.
C:\WINDOWS\system32\atsxyzd.sys moved successfully.
C:\WINDOWS\system32\ceswxfst.sys moved successfully.
C:\WINDOWS\system32\cexwxfst.sys moved successfully.
C:\WINDOWS\system32\cfexfst.sys moved successfully.
C:\WINDOWS\system32\nftscpd.sys moved successfully.
C:\WINDOWS\system32\Nobicyt.exe moved successfully.
C:\WINDOWS\system32\ntscpd.sys moved successfully.
C:\WINDOWS\system32\nxtscpd.sys moved successfully.
C:\WINDOWS\system32\otaxyzd.sys moved successfully.
File/Folder C:\WINDOWS\system32\routing.exe not found.
C:\WINDOWS\system32\sobicyt.exe moved successfully.
C:\WINDOWS\system32\stsycod.sys moved successfully.
C:\WINDOWS\system32\swand.sys moved successfully.
C:\WINDOWS\system32\sxtsyctd.sys moved successfully.
C:\WINDOWS\system32\sxwand.sys moved successfully.
C:\WINDOWS\system32\tcexfst.sys moved successfully.
C:\WINDOWS\system32\tmp0_838768684858.bk moved successfully.
C:\WINDOWS\system32\tmpxr_135723629943.bk moved successfully.
C:\WINDOWS\system32\tmpxr_146316840469.bk moved successfully.
C:\WINDOWS\system32\tmpxr_365256454975.bk moved successfully.
C:\WINDOWS\system32\tmpxr_461242361512.bk moved successfully.
C:\WINDOWS\system32\tmpxr_47710669729.bk moved successfully.
C:\WINDOWS\system32\tmpxr_490105611594.bk moved successfully.
C:\WINDOWS\system32\tmpxr_508099311156.bk moved successfully.
C:\WINDOWS\system32\tmpxr_541910523306.bk moved successfully.
C:\WINDOWS\system32\tmpxr_57936884060.bk moved successfully.
C:\WINDOWS\system32\tmpxr_58739352092.bk moved successfully.
C:\WINDOWS\system32\tmpxr_774865809987.bk moved successfully.
C:\WINDOWS\system32\tmpxr_791517120265.bk moved successfully.
C:\WINDOWS\system32\tmpxr_795747295548.bk moved successfully.
C:\WINDOWS\system32\tmpxr_93281561791.bk moved successfully.
File/Folder C:\WINDOWS\system32\wserving.exe not found.
C:\WINDOWS\system32\xwxfst.sys moved successfully.
C:\WINDOWS\system32\yaxcnxd.sys moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_183844
Deckard's Log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1013.98 MiB / 467.48 MiB
Pagefile Memory (total/avail): 2439.68 MiB / 2036.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.03 MiB
C: is Fixed (NTFS) - 65.69 GiB total, 2.15 GiB free.
D: is Fixed (FAT32) - 7.82 GiB total, 0.63 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT)
\\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 65.69 GiB - C:
\PARTITION1 - Unknown - 7.84 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB
\\.\PHYSICALDRIVE1 - - 7.84 MiB - partitions
\PARTITION0 - MS-DOS V4 Huge - 483.76 MiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\kav\\kis\\setup.exe"="C:\\kav\\kis\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java Platform SE binary"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\EricaGM\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4105E587B6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\EricaGM
LOGONSERVER=\\YOUR-4105E587B6
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp
TMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp
USERDOMAIN=YOUR-4105E587B6
USERNAME=EricaGM
USERPROFILE=C:\Documents and Settings\EricaGM
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
EricaGM (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat 8.1.2 Security Update 1 (KB403742) -->
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iqta30a0a.INF
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Ultra Driver (1.01.03.0127) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog
Creative WebCam Live! Ultra User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
Gre Bible --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Gre Bible\ST6UNST.LOG"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_qta30a0k\HXFSETUP.EXE -U -IQTA30A0K.INF
Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly
HP User Guides 0009 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58C62A8E-E628-4822-A0F2-BBE10329D53F}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
I/OMagic DataBank --> C:\PROGRA~1\IOMagic\DataBank\UNWISE.EXE C:\PROGRA~1\IOMagic\DataBank\INSTALL.LOG
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
River Past Video Cleaner Pro --> C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
Samsung USB Driver (MCCI 4.24 WHQL) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
-- Application Event Log -------------------------------------------------------
Event Record #/Type7975 / Error
Event Submitted/Written: 08/04/2008 06:53:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
Event Record #/Type7931 / Error
Event Submitted/Written: 08/04/2008 00:10:45 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced.
Processing media-specific event for [sxtsyctd.sys!ws!]
Event Record #/Type7929 / Error
Event Submitted/Written: 08/04/2008 00:06:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x000022b2.
Processing media-specific event for [sxtsyctd.sys!ws!]
Event Record #/Type7918 / Error
Event Submitted/Written: 08/03/2008 00:33:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced.
Processing media-specific event for [sxtsyctd.sys!ws!]
Event Record #/Type7861 / Success
Event Submitted/Written: 08/01/2008 04:36:19 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type79469 / Error
Event Submitted/Written: 08/07/2008 06:12:27 PM / 08/07/2008 06:12:51 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type79467 / Error
Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type79466 / Error
Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type79465 / Error
Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type79464 / Error
Event Submitted/Written: 08/07/2008 06:12:05 PM / 08/07/2008 06:12:51 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
-- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------
-
Thank you for the detailed steps. Easy to follow.
Here are both logs,
Kaspersky first:
Thursday, August 7, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 07, 2008 18:37:50
Records in database: 1067337
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 90765
Threat name 52
Infected objects 91
Suspicious objects 0
Duration of the scan 02:48:53
File name Threat name Threats count
C:\WINDOWS\system32\afinding.exe/C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1
C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1
C:\WINDOWS\system32\routing.exe/C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1
C:\WINDOWS\system32\wserving.exe/C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1
C:\WINDOWS\system32\otaxyzd.sys/C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1
C:\WINDOWS\system32\sobicyt.exe/C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1
C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087153.exe Infected: Trojan.Win32.Agent.rtf 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087539.exe Infected: Trojan.Win32.Agent.rwl 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087762.exe Infected: Trojan.Win32.Agent.vwd 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090156.exe Infected: Trojan.Win32.Agent.suv 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090218.exe Infected: Trojan.Win32.Agent.tgz 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090775.exe Infected: Trojan.Win32.Agent.uvf 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090928.exe Infected: Trojan.Win32.Agent.thb 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091076.exe Infected: Trojan.Win32.Agent.vtw 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091149.exe Infected: Trojan.Win32.Agent.vne 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091313.exe Infected: Trojan.Win32.Agent.vum 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091540.exe Infected: Trojan.Win32.Agent.vum 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091782.exe Infected: Trojan.Win32.Agent.wgz 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe Infected: Trojan.Win32.Agent.vne 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe.vir Infected: Trojan.Win32.Agent.thb 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing0.exe Infected: Trojan.Win32.Agent.vum 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing1.exe Infected: Trojan.Win32.Agent.vum 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_162080289190.bk Infected: Trojan.Win32.Agent.vvx 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_177826118969.bk Infected: Trojan.Win32.Agent.ush 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_185308604937.bk Infected: Trojan.Win32.Agent.vly 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_323673469076.bk Infected: Trojan.Win32.Agent.vsv 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_32884366636.bk Infected: Trojan.Win32.Agent.tgz 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_368766403046.bk Infected: Trojan.Win32.Agent.scr 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_485723151761.bk Infected: Trojan.Win32.Agent.tgz 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_548726853151.bk Infected: Trojan.Win32.Agent.scr 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_616401712926.bk Infected: Trojan.Win32.Agent.vjk 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_666809771912.bk Infected: Trojan.Win32.Agent.tsn 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_6697375516.bk Infected: Trojan.Win32.Agent.tsn 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_673823582822.bk Infected: Trojan.Win32.Agent.tsn 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_684588680440.bk Infected: Trojan.Win32.Agent.swk 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_705336224.bk Infected: Trojan.Win32.Agent.tsn 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_716600111440.bk Infected: Trojan.Win32.Agent.tgz 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_748426144549.bk Infected: Trojan.Win32.Agent.vly 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_762229506482.bk Infected: Trojan.Win32.Agent.scr 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_810606324587.bk Infected: Trojan.Win32.Agent.tgz 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_824540124483.bk Infected: Trojan.Win32.Agent.vsv 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_83711657254.bk Infected: Trojan.Win32.Agent.whl 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_881388776618.bk Infected: Trojan.Win32.Agent.rxi 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_882246224734.bk Infected: Trojan.Win32.Agent.tsn 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_89503817837.bk Infected: Trojan.Win32.Agent.swk 1
C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_91309707072.bk Infected: Trojan.Win32.Agent.whl 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\4.tmp Infected: Email-Worm.Win32.Brontok.q 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\6.tmp Infected: Email-Worm.Win32.Brontok.q 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B6.tmp Infected: Trojan.BAT.Regger.b 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B8.tmp Infected: Trojan.BAT.Regger.b 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB0 Infected: Virus.Win32.Parite.b 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB1 Infected: Virus.Win32.Parite.b 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\BB.tmp Infected: Trojan.BAT.Regger.b 1
C:\RECYCLER\S-1-5-21-3368643098-3026558534-63294331-1006\Dc170.9+Crack-HeartBug_May08\spyhunterS.exe Infected: Trojan-Downloader.Win32.Zlob.odg 1
C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1
C:\WINDOWS\system32\atsxyzd.sys Infected: Trojan.Win32.DNSChanger.gtg 1
C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bka 1
C:\WINDOWS\system32\cexwxfst.sys Infected: Trojan-Clicker.Win32.VB.bgz 1
C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.blp 1
C:\WINDOWS\system32\nftscpd.sys Infected: Trojan.Win32.Delf.dbc 1
C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1
C:\WINDOWS\system32\ntscpd.sys Infected: Trojan.Win32.Delf.daj 1
C:\WINDOWS\system32\nxtscpd.sys Infected: Trojan.Win32.Delf.dbc 1
C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1
C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1
C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1
C:\WINDOWS\system32\stsycod.sys Infected: Trojan.Win32.Delf.dsw 1
C:\WINDOWS\system32\swand.sys Infected: Trojan.Win32.DNSChanger.ewt 1
C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu 1
C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.fgv 1
C:\WINDOWS\system32\tcexfst.sys Infected: Trojan-Clicker.Win32.VB.blo 1
C:\WINDOWS\system32\tmp0_838768684858.bk Infected: Trojan.Win32.DNSChanger.gtg 1
C:\WINDOWS\system32\tmpxr_135723629943.bk Infected: Trojan.Win32.Agent.xja 1
C:\WINDOWS\system32\tmpxr_146316840469.bk Infected: Trojan.Win32.Agent.xmg 1
C:\WINDOWS\system32\tmpxr_365256454975.bk Infected: Trojan.Win32.Agent.wra 1
C:\WINDOWS\system32\tmpxr_461242361512.bk Infected: Trojan.Win32.Agent.xaq 1
C:\WINDOWS\system32\tmpxr_47710669729.bk Infected: Trojan.Win32.Agent.xmg 1
C:\WINDOWS\system32\tmpxr_490105611594.bk Infected: Trojan.Win32.Agent.xji 1
C:\WINDOWS\system32\tmpxr_508099311156.bk Infected: Trojan.Win32.Agent.xfr 1
C:\WINDOWS\system32\tmpxr_541910523306.bk Infected: Trojan.Win32.Agent.xdd 1
C:\WINDOWS\system32\tmpxr_57936884060.bk Infected: Trojan.Win32.Agent.wra 1
C:\WINDOWS\system32\tmpxr_58739352092.bk Infected: Trojan.Win32.Agent.xmg 1
C:\WINDOWS\system32\tmpxr_774865809987.bk Infected: Trojan.Win32.Agent.xji 1
C:\WINDOWS\system32\tmpxr_791517120265.bk Infected: Trojan.Win32.Agent.xja 1
C:\WINDOWS\system32\tmpxr_795747295548.bk Infected: Trojan.Win32.Agent.xmg 1
C:\WINDOWS\system32\tmpxr_93281561791.bk Infected: Trojan.Win32.Agent.xja 1
C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1
C:\WINDOWS\system32\xwxfst.sys Infected: Trojan-Clicker.Win32.VB.bbn 1
C:\WINDOWS\system32\yaxcnxd.sys Infected: Trojan.Win32.DNSChanger.fwj 1
The selected area was scanned.
Malwarebytes log:
Malwarebytes' Anti-Malware 1.24
Database version: 1031
Windows 5.1.2600 Service Pack 2
6:09:32 PM 8/7/2008
mbam-log-8-7-2008 (18-09-32).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 131269
Time elapsed: 1 hour(s), 23 minute(s), 4 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-
Thank you for replying to me!!
Please let me know what the next steps are. I really appreciate your help in this.
Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:59 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\routing.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe
--
End of file - 12080 bytes
-
Hi,
I've recently been hearing sound clips that pop up at random times. I hear anything from music bits, to movie previews, etc. Spyware Doctor detects Trojan.Dowloader but cannot remove it. I don't know how to clean my computer of this malware. Someone, please help!
Random Sound Clips, Malware. Help![RESOLVED]
in Malware Removal
Posted
Thanks SO much for ALL your help!!