kohu Posted October 7, 2007 Author Report Share Posted October 7, 2007 And hjeres the HJT logLogfile of HijackThis v1.99.1Scan saved at 11:35:58 AM, on 10/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\M-Audio Uno\UnoInst.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\windows\system\hpsysdrv.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\hphmon05.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\HP\KBD\KBD.EXEC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Lexmark 2400 Series\ezprint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\Cyb2k.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeO4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocxO16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exeO23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Link to post Share on other sites
Andro1d Posted October 7, 2007 Report Share Posted October 7, 2007 Hello again,Step 1I see you have LimeWire installed on your system. While the program itself is legal, most of the files downloaded with it are not. Also, quite often the files can be infected with viruses, malware, and other undesirable applications. I highly recommend uninstalling LimeWire via Add or Remove Programs, but this program is optional for you if you choose to want to keep it.See HERE for details on P2P file sharing programs.Step 2Open notepad and copy/paste the text in the quotebox below into it:File::C:\WINDOWS\system32\gnfil.dllC:\WINDOWS\system32\pkmon.dllC:\WINDOWS\system32\adwfil.dllC:\WINDOWS\system32\jbfil.dllC:\WINDOWS\system32\movfil.dllC:\WINDOWS\system32\auctfil.dllC:\WINDOWS\system32\swfil.dllC:\WINDOWS\system32\wrestfil.dllC:\WINDOWS\system32\vgamfil.dllC:\WINDOWS\system32\iawfil.dllC:\WINDOWS\system32\hatfil.dllC:\WINDOWS\system32\viofil.dllC:\WINDOWS\system32\srchin.dllC:\WINDOWS\system32\lgwfil.dllC:\WINDOWS\system32\perfil.dllC:\WINDOWS\system32\nvgamfil.dllC:\WINDOWS\system32\popfil.dllC:\WINDOWS\system32\pxyfil.dllC:\WINDOWS\system32\tafil.dllC:\WINDOWS\system32\finfil.dllC:\WINDOWS\system32\gblfil.dllC:\WINDOWS\system32\psyfil.dllC:\WINDOWS\system32\entfil.dllC:\WINDOWS\system32\sporfil.dllC:\WINDOWS\system32\fmfil.dllC:\WINDOWS\system32\chtfil.dllC:\WINDOWS\system32\giisjvor.dllC:\WINDOWS\system32\hjkkj.bak2C:\WINDOWS\system32\7ADF967E6C.sysC:\WINDOWS\system32\hjkkj.bak1Save this as CFScript.txtThen drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog. Link to post Share on other sites
kohu Posted October 7, 2007 Author Report Share Posted October 7, 2007 Okay, I didn't find Limewire in the add/remove programs. My brother installed it a while back so I unistalled it. Is there any other way to unistall it?Also, after running combofix with the script like you told me, I couldn't connect to the internet after it was done, So I was stuck with having to do a system restore. attached the combofixlog. I'll post the HJT log after that. Oh and these were saved before I did the systm restore.log.txt Link to post Share on other sites
kohu Posted October 7, 2007 Author Report Share Posted October 7, 2007 heres the HJT logLogfile of HijackThis v1.99.1Scan saved at 3:08:17 PM, on 10/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\M-Audio Uno\UnoInst.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\hphmon05.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\HP\KBD\KBD.EXEC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Lexmark 2400 Series\ezprint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\Cyb2k.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeC:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeO4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocxO16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exeO23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Link to post Share on other sites
Andro1d Posted October 8, 2007 Report Share Posted October 8, 2007 (edited) Hello again,Sorry to hear about your internet, so lets take a different route.Step 1Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.Step 2Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step 3Download Dr.Web CureIt to the desktop:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exeDoubleclick the drweb-cureit.exe file and Allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, in the menu, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Step 4Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.[*]Click the "Close" button to leave the control center screen.[*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.[*]On the left, make sure you check C:\Fixed Drive.[*]On the right, under "Complete Scan", choose Perform Complete Scan.[*]Click "Next" to start the scan. Please be patient while it scans your computer.[*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".[*]Make sure everything has a checkmark next to it and click "Next".[*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.[*]If asked if you want to reboot, click "Yes".[*]To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply along with a fresh HJT log and the DrWeb.csv.[*]Click Close to exit the program. Edited October 9, 2007 by MoNsTeReNeRgY22 Link to post Share on other sites
Andro1d Posted October 9, 2007 Report Share Posted October 9, 2007 Bump to notice of edited post to user. Link to post Share on other sites
kohu Posted October 9, 2007 Author Report Share Posted October 9, 2007 (edited) Sorry it took a while, Dr.Web took 13 hours to scan >.> Heres the Superantispyware log. I'll post teh HJT log and Dr.Web log next. Also, I just saw your edit with the deldomains and I think I installed it. Nothing else popsup when I click open after right click install correct? And I don't need to run Dr. Web again Do I? It took forever the firsttime...SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 10/08/2007 at 08:03 PMApplication Version : 3.9.1008Core Rules Database Version : 3321Trace Rules Database Version: 1322Scan type : Complete ScanTotal Scan Time : 01:31:43Memory items scanned : 530Memory threats detected : 0Registry items scanned : 6951Registry threats detected : 3File items scanned : 72520File threats detected : 169Adware.Tracking Cookie C:\Documents and Settings\Pete's\Cookies\pete'[email protected][2].txt C:\Documents and Settings\Pete's\Cookies\pete's@statcounter[3].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@accelerator-media[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@ad-rotator[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@adecn[2].txt C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@adultbouncer[1].txt C:\Documents and Settings\Owner\Cookies\owner@adultfilmdatabase[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@advertpro[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt C:\Documents and Settings\Owner\Cookies\owner@bannerspace[1].txt C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt C:\Documents and Settings\Owner\Cookies\owner@click-fr[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@clickability[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@coolsavings[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@counter[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@easy-hit-counters[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@focalex[2].txt C:\Documents and Settings\Owner\Cookies\owner@gamestats[2].txt C:\Documents and Settings\Owner\Cookies\owner@gostats[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@herfirstlesbiansex[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@hits_tracker[1].txt C:\Documents and Settings\Owner\Cookies\owner@honoluluadvertiser[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@indextools[1].txt C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@itnnetmedia[2].txt C:\Documents and Settings\Owner\Cookies\owner@kanoodle[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@maxserving[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@medianewsgroup[2].txt C:\Documents and Settings\Owner\Cookies\owner@megastats[1].txt C:\Documents and Settings\Owner\Cookies\owner@musclemedia[1].txt C:\Documents and Settings\Owner\Cookies\owner@mysextour[1].txt C:\Documents and Settings\Owner\Cookies\owner@nandomedia[2].txt C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt C:\Documents and Settings\Owner\Cookies\owner@onlinerewardcenter[1].txt C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt C:\Documents and Settings\Owner\Cookies\owner@partsexpress[2].txt C:\Documents and Settings\Owner\Cookies\owner@perfettomedia[1].txt C:\Documents and Settings\Owner\Cookies\owner@pornstarbucks[1].txt C:\Documents and Settings\Owner\Cookies\owner@qnsr[2].txt C:\Documents and Settings\Owner\Cookies\owner@rightmedia[1].txt C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@sex-superstore[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@statsgold[1].txt C:\Documents and Settings\Owner\Cookies\owner@Stats[1].txt C:\Documents and Settings\Owner\Cookies\owner@Stats[2].txt C:\Documents and Settings\Owner\Cookies\owner@Stats[4].txt C:\Documents and Settings\Owner\Cookies\owner@superstats[1].txt C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt C:\Documents and Settings\Owner\Cookies\owner@toplist[2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@tracking[1].txt C:\Documents and Settings\Owner\Cookies\owner@tracking[2].txt C:\Documents and Settings\Owner\Cookies\owner@tracking[4].txt C:\Documents and Settings\Owner\Cookies\owner@tripod[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@webstats[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\owner@xxxbdsm43578[1].txt C:\Documents and Settings\Pete's\Cookies\pete'[email protected][2].txt C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txt C:\Documents and Settings\Pete's\Cookies\pete's@statcounter[1].txt C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txtTrojan.ZenoSearch C:\WINDOWS\system32\msnav32.ax C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP236\A0243247.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP243\A0245474.EXEAdware.Think-Adz HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallStringTrojan.WinAntiSpyware 2007 C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\WINANTISPYWARE2007SETUP.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP118\A0150348.EXEAdware.ClickSpring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP226\A0239176.EXETrojan.Net-MSV/VPS-G C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP169\A0219791.DLLTrojan.Downloader-Gen C:\WINDOWS\SYSTEM32\WINPFZ32.SYSAdware.Unknown Origin C:\WINDOWS\SYSTEM32\ZXDNT3D.CFGTrace.Known Threat Sources C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O1U74PY7\ping[1].htm C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O1U74PY7\anota[1].htm C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GPM3816F\checkin[1].htm Edited October 9, 2007 by Kohu Link to post Share on other sites
kohu Posted October 9, 2007 Author Report Share Posted October 9, 2007 I figured it out Heres the Dr.web log.KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.DeletedRealBar.dll;C:\Program Files\Real\Toolbar;Adware.MegaSearch.origin;Incurable.DeletedAnd heres the HJT LogLogfile of HijackThis v1.99.1Scan saved at 3:19:46 PM, on 10/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\M-Audio Uno\UnoInst.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\hphmon05.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\HP\KBD\KBD.EXEC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Lexmark 2400 Series\ezprint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\Cyb2k.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeO4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocxO16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exeO23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Link to post Share on other sites
Andro1d Posted October 10, 2007 Report Share Posted October 10, 2007 Hello,No need to re run Dr Web. Here are some simpler instructions for del domains.RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop.To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.I also wanna see a new ComboFix log for something specific.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites
kohu Posted October 11, 2007 Author Report Share Posted October 11, 2007 Thank god! Okay, I installed the dell thing correctly. heres my HJT log and I attached the combofix log.Logfile of HijackThis v1.99.1Scan saved at 6:09:21 PM, on 10/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\M-Audio Uno\UnoInst.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\windows\system\hpsysdrv.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\hphmon05.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\HP\KBD\KBD.EXEC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Lexmark 2400 Series\ezprint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\Cyb2k.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeC:\WINDOWS\explorer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeO4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocxO16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exeO23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exelog.txt Link to post Share on other sites
Andro1d Posted October 11, 2007 Report Share Posted October 11, 2007 Hello,Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Link to post Share on other sites
kohu Posted October 12, 2007 Author Report Share Posted October 12, 2007 Oh no! Panda active scan keeps getting stuck on the checking memory part, The status bar doesn't move at all! I know its not normal because I remeber doing one 7 months ago. Help? Link to post Share on other sites
Andro1d Posted October 12, 2007 Report Share Posted October 12, 2007 Lets try a different scanner.Lets run an F-Secure online scan for Viruses, Spyware and RootKits:Go to http://support.f-secure.com/enu/home/ols.shtmlScroll to the bottom of the page and click the Start scanning button. A window will pop up.Allow the Active X control to be installed on your computer, then click the Accept buttonClick Full System Scan and allow the components to download and the scan to complete.If malware is found, check Submit samples to F-Secure then select Automatic cleaningWhen cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this postIf Automatic cleaning with Submit samples hangs, click Cancel, then New ScanWhen the cleaning option is presented, Uncheck Submit samples to F-SecureClick Automatic cleaningWhen cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this postNotes: This scan will only work with Internet ExplorerYou must have administrator rights to run this scanThis scan can take several hours, so please be patient Link to post Share on other sites
kohu Posted October 13, 2007 Author Report Share Posted October 13, 2007 Okay! Here it isScanning ReportFriday, October 12, 2007 18:53:43 - 21:07:24Computer name: SHADOW Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ --------------------------------------------------------------------------------Result: 68 malware foundMalware.ADRA (virus) C:\HP\BIN\TRIALHTML\OFFICE 2003 EDITION 60 DAY TRIAL.EXE (Submitted) Tracking Cookie (spyware) System (Disinfected) System System System System System System System System System System System System System System System System System System System System System System System System System Vundo.dam (virus) C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\QEYTGTMC.DLL (Submitted) C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\TYKSNGLX.DLL (Submitted) C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VLAAGGVY.DLL (Submitted) C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VVEXJYSP.DLL (Submitted) Vundo.gen38 (virus) C:\WINDOWS\SYSTEM32\AOKLYWNB.INI (Submitted) C:\WINDOWS\SYSTEM32\DKTQLWMB.INI (Submitted) C:\WINDOWS\SYSTEM32\DVXBNWJX.INI (Submitted) C:\WINDOWS\SYSTEM32\DWVWGUKI.INI (Submitted) C:\WINDOWS\SYSTEM32\EUGOEIUB.INI (Submitted) C:\WINDOWS\SYSTEM32\EVNXUPBM.INI (Submitted) C:\WINDOWS\SYSTEM32\FGIRIWGE.INI (Submitted) C:\WINDOWS\SYSTEM32\JRKYSUUH.INI (Submitted) C:\WINDOWS\SYSTEM32\KNCAHCUV.INI (Submitted) C:\WINDOWS\SYSTEM32\ODEXOPRA.INI (Submitted) C:\WINDOWS\SYSTEM32\QBMYWCIV.INI (Submitted) C:\WINDOWS\SYSTEM32\RASIQALO.INI (Submitted) C:\WINDOWS\SYSTEM32\RYISDBET.INI (Submitted) C:\WINDOWS\SYSTEM32\SKMASOQM.INI (Submitted) C:\WINDOWS\SYSTEM32\SOEJVRLQ.INI (Submitted) C:\WINDOWS\SYSTEM32\THEQWNDY.INI (Submitted) C:\WINDOWS\SYSTEM32\TINAROEK.INI (Submitted) C:\WINDOWS\SYSTEM32\TLMGWICF.INI (Submitted) C:\WINDOWS\SYSTEM32\UBQWIPKS.INI (Submitted) C:\WINDOWS\SYSTEM32\VPWVONJJ.INI (Submitted) Vundo.gen39 (virus) C:\WINDOWS\SYSTEM32\AJHHKBJY.INI (Submitted) C:\WINDOWS\SYSTEM32\BHJPMRIE.INI (Submitted) C:\WINDOWS\SYSTEM32\EEEQIPDS.INI (Submitted) C:\WINDOWS\SYSTEM32\GHMXISUM.INI (Submitted) C:\WINDOWS\SYSTEM32\HNRWTSCL.INI (Submitted) C:\WINDOWS\SYSTEM32\ITOSLLCF.INI (Submitted) C:\WINDOWS\SYSTEM32\JPTPINSG.INI (Submitted) C:\WINDOWS\SYSTEM32\KAMOFHOA.INI (Submitted) C:\WINDOWS\SYSTEM32\LWOBJSST.INI (Submitted) C:\WINDOWS\SYSTEM32\MSDKIIUS.INI (Submitted) C:\WINDOWS\SYSTEM32\OKGJIBGB.INI (Submitted) C:\WINDOWS\SYSTEM32\PUCBSJTN.INI (Submitted) C:\WINDOWS\SYSTEM32\QIGRKETY.INI (Submitted) C:\WINDOWS\SYSTEM32\SOFLECPJ.INI (Submitted) C:\WINDOWS\SYSTEM32\SRTBVXEW.INI (Submitted) C:\WINDOWS\SYSTEM32\TUWRFDWI.INI (Submitted) C:\WINDOWS\SYSTEM32\TWUTSNIL.INI (Submitted) --------------------------------------------------------------------------------StatisticsScanned:Files: 66085 System: 6551 Not scanned: 12 Actions:Disinfected: 1 Renamed: 0 Deleted: 0 None: 67 Submitted: 42 Files not scanned:C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL C:\RECYCLER\S-1-5-21-321053874-2636943631-3830183119-1003\DC11.LNK C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\COMPONENTS\VETSDK.DLL C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\XAUPDATE.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\PLUG_INS\MULTIMEDIA\MPP\ATMOSPHEREMPP.MPP C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD491DC9AFBF2A7891310B584217359_A041A4AD-923E-4008-913D-823040B1FB43 --------------------------------------------------------------------------------OptionsScanning engines:F-Secure AVP: 7.0.171, 2007-10-12 F-Secure Blacklight: 1.0.64 F-Secure Draco: 1.0.35, 0598-150-72 F-Secure Libra: 2.4.2, 2007-10-12 F-Secure Orion: 1.2.37, 2007-10-12 F-Secure Pegasus: 1.19.0, 2007-09-10 Scanning options:Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Use Advanced heuristics --------------------------------------------------------------------------------Copyright © 1998-2006 Product support |Send virus sample to F-SecureF-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. Link to post Share on other sites
Andro1d Posted October 13, 2007 Report Share Posted October 13, 2007 Hi again,1. Close all windows so that you have nothing open and you are at your Desktop.2. Click on Start, then click on Run.3. In the Open: field copy and paste the entire contents inside the CODE box below and press the OK button."%userprofile%\Desktop\dss.exe" /configThis will open up DSS configuration.4. Click on Check All.5. Click Scan.DSS will now run again.6. When finished, please post back both logs that open in Notepad: main.txt and extra.txt. Link to post Share on other sites
kohu Posted October 13, 2007 Author Report Share Posted October 13, 2007 Okay, heres the main.txtDeckard's System Scanner v20070905.67Run by Pete's on 2007-10-13 11:25:41Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --145: 2007-10-13 18:25:59 UTC - RP250 - Deckard's System Scanner Restore Point144: 2007-10-13 16:37:44 UTC - RP249 - System Checkpoint143: 2007-10-12 02:21:52 UTC - RP248 - System Checkpoint142: 2007-10-11 00:35:59 UTC - RP247 - ComboFix created restore point141: 2007-10-10 03:39:54 UTC - RP246 - Software Distribution Service 3.0-- First Restore Point -- 1: 2007-07-13 20:22:18 UTC - RP106 - System CheckpointPerformed disk cleanup.-- HijackThis (run as Pete's.exe) ----------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of HijackThis v1.99.1Scan saved at 2007-10-13 11:26:13Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16544)Running processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\M-Audio Uno\UnoInst.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system\hpsysdrv.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\hphmon05.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\hp\KBD\kbd.exeC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Lexmark 2400 Series\ezprint.exeC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\Cyb2k.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Comodo\Firewall\cpf.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXEC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Pete's\Desktop\dss.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%sR1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: (no name) - - (no file)O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dllO4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKEY_LOCAL_MACHINE\..\Run: [VTTimer] VTTimer.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKEY_LOCAL_MACHINE\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKEY_LOCAL_MACHINE\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKEY_LOCAL_MACHINE\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [C2K] C:\WINDOWS\Cyb2k.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKEY_LOCAL_MACHINE\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra 'Tools' menuitem: (no name) - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.stumbleupon.com (HKCU)O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocxO16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dllO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dllO23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"-- HijackThis Fixed Entries (C:\DOCUME~1\Pete's\MYDOCU~1\HIGHJA~1\backups\) ----backup-20070726-153724-152 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEbackup-20070726-153724-372 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)backup-20070726-153724-455 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)backup-20071006-101222-293 O2 - BHO: (no name) - {B62F5B2F-FB3C-45BC-97BF-9EBE1A61AED4} - C:\WINDOWS\system32\awvtr.dll (file missing)backup-20071006-101222-426 O4 - Startup: PowerReg Scheduler V3.exebackup-20071006-101222-521 O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cabbackup-20071006-101222-647 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinqmds.exe CHD003backup-20071006-101222-823 O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinqmds.exebackup-20071006-101223-307 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sysR1 SASKUTIL - c:\program files\superantispyware\saskutil.sysR3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>S1 rxp - c:\windows\system32\drivers\rxp.sys (file missing)S3 catchme - c:\docume~1\pete's\locals~1\temp\catchme.sys (file missing)S3 EVOLUSB (%EVOL_USB_SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>S3 pnicml - c:\docume~1\owner\locals~1\temp\pnicml.sys (file missing)S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>S3 samhid - c:\windows\system32\drivers\samhid.sys (file missing)S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>R2 UnoInstallerService (Uno Installer) - c:\program files\m-audio uno\unoinst.exe <Not Verified; ; EvoUno USB Installer Service>R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: 1394 Net AdapterDevice ID: V1394\NIC1394\78232CE01800Manufacturer: MicrosoftName: 1394 Net AdapterPNP Device ID: V1394\NIC1394\78232CE01800Service: NIC1394-- Process Modules -------------------------------------------------------------C:\WINDOWS\system32\winlogon.exe (pid 828)2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>C:\WINDOWS\system32\svchost.exe (pid 1048)2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>C:\WINDOWS\system32\svchost.exe (pid 1172)2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2006-06-26 10:37:10 148480 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2001-03-11 16:01:42 159744 --a------ C:\WINDOWS\system32\lspcs.dll <Not Verified; Solid Oak; internet filter>2006-06-26 10:37:10 8192 --a------ C:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>C:\WINDOWS\system32\svchost.exe (pid 616)2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>C:\WINDOWS\explorer.exe (pid 3320)2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2007-07-31 18:44:42 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes>2007-07-31 18:44:42 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes>-- :: 0 --------- C:\DOCUME~1\Pete's\LOCALS~1\Temp\IadHide4.dll2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>2005-09-23 08:28:50 9216 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>2007-04-13 03:21:12 5634048 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>-- Scheduled Tasks -------------------------------------------------------------2007-09-07 21:40:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2007-09-13 and 2007-10-13 -----------------------------2007-10-08 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2007-10-08 18:25:05 0 d-------- C:\Program Files\SUPERAntiSpyware2007-10-08 18:25:05 0 d-------- C:\Documents and Settings\Pete's\Application Data\SUPERAntiSpyware.com2007-10-08 10:38:38 0 d-------- C:\Documents and Settings\Pete's\DoctorWeb2007-10-07 21:20:08 0 d-------- C:\Documents and Settings\Pete's\Application Data\WinRAR2007-10-07 17:20:13 0 d-------- C:\Program Files\Rocket Division Software2007-10-07 15:43:27 0 d-------- C:\Program Files\SpywareBlaster2007-10-07 15:43:27 0 d-------- C:\Program Files\Panicware2007-10-07 15:43:14 0 d-------- C:\Program Files\Lionhead Studios2007-10-07 15:42:59 0 d-------- C:\Program Files\EA Games2007-10-07 15:42:49 0 d-------- C:\Documents and Settings\Pete's\Application Data\Microsoft Games2007-10-07 15:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games2007-10-07 15:41:03 0 d-------- C:\Program Files\Hasbro Interactive2007-10-07 15:40:59 0 d-------- C:\Program Files\Game_Maker62007-10-07 15:40:59 0 d-------- C:\Program Files\eMule2007-10-07 15:40:59 0 d-------- C:\Program Files\ASUS2007-10-07 15:40:56 0 d-------- C:\Starcraft2007-10-07 15:40:56 0 d-------- C:\Program Files\Clever Batch Image Converter2007-10-07 15:40:56 0 d-------- C:\Program Files\BitComet2007-10-07 15:40:56 0 d-------- C:\Program Files\BatchDPG2007-10-07 10:57:02 0 d-------- C:\Program Files\R4 Commander2007-10-05 19:13:19 0 d-------- C:\Documents and Settings\Pete's\Application Data\Comodo2007-10-05 19:13:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo2007-10-05 19:09:21 0 d-------- C:\Program Files\Comodo2007-10-05 15:50:12 0 d-------- C:\Program Files\Alwil Software2007-10-04 18:46:47 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>2007-10-03 19:00:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google2007-09-29 19:54:32 0 d-------- C:\New Folder2007-09-29 14:16:33 0 d-------- C:\Program Files\VOCALOID22007-09-29 14:13:28 200704 --a------ C:\WINDOWS\system32\libguide40.dll <Not Verified; Intel Corporation; Guide Run-time Library>2007-09-29 14:13:28 4874240 --a------ C:\WINDOWS\system32\DSE2_DFT.dll2007-09-28 15:44:38 0 d-------- C:\Program Files\Steinberg2007-09-28 15:20:25 0 d-------- C:\Program Files\VOCALOID2007-09-20 20:46:18 0 d-------- C:\Program Files\Windows Media Connect 22007-09-20 20:41:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF-- Find3M Report ---------------------------------------------------------------2007-10-11 18:09:00 0 d-------- C:\Program Files\M-Audio Uno2007-10-11 18:08:53 0 d-------- C:\Program Files\iTunes2007-10-11 18:08:43 0 d-------- C:\Program Files\Lexmark 2400 Series2007-10-11 18:08:23 0 d-------- C:\Program Files\Messenger2007-10-11 18:08:11 0 d-------- C:\Program Files\Lexmark Toolbar2007-10-11 18:08:11 0 d-------- C:\Program Files\Google2007-10-11 18:08:10 0 d-------- C:\Program Files\StumbleUpon2007-10-08 18:24:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-10-08 12:28:02 0 d-------- C:\Program Files\Project64 1.62007-10-07 15:47:31 0 d-------- C:\Program Files\lx_cats2007-10-07 15:45:21 0 d-------- C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information2007-10-07 15:40:48 0 d--h----- C:\Program Files\InstallShield Installation Information2007-10-07 10:14:21 0 d-------- C:\Program Files\Microsoft Games2007-10-07 10:09:39 0 d-------- C:\Documents and Settings\Pete's\Application Data\My Battle for Middle-earth Files2007-10-07 00:33:17 0 d-------- C:\Program Files\MAIET2007-10-07 00:33:06 0 d-------- C:\Program Files\Line Adventures2007-10-07 00:27:07 0 d-------- C:\Program Files\UltraISO2007-10-07 00:26:46 0 d-------- C:\Program Files\TurboTax2007-10-07 00:26:40 0 d-------- C:\Program Files\Common Files2007-10-07 00:26:17 0 d-------- C:\Program Files\Total Video Converter2007-10-07 00:23:09 0 d-------- C:\Program Files\Datel2007-10-07 00:22:47 0 d-------- C:\Program Files\Lenogo iPod to PC Transfer2007-10-07 00:19:44 0 d-------- C:\Documents and Settings\Pete's\Application Data\Google2007-10-07 00:16:56 0 d-------- C:\Program Files\DarwiniaDemo22007-10-07 00:16:14 0 d-------- C:\Documents and Settings\Pete's\Application Data\Dev-Cpp2007-10-07 00:15:29 0 d-------- C:\Program Files\AviSynth 2.52007-10-05 15:10:39 28 --a------ C:\WINDOWS\liccyval.dat2007-10-04 20:04:22 0 d-------- C:\Program Files\Java2007-09-30 16:32:37 0 d-------- C:\Documents and Settings\Pete's\Application Data\NetMedia Providers2007-09-29 13:36:15 0 d-------- C:\Documents and Settings\Pete's\Application Data\InstallShield2007-09-29 11:13:44 0 d-------- C:\Documents and Settings\Pete's\Application Data\uTorrent2007-09-29 10:37:38 0 d-------- C:\Program Files\MagicISO2007-09-28 15:52:58 2246 --a------ C:\WINDOWS\system32\wzfil.dll2007-09-28 15:52:56 6050 --a------ C:\WINDOWS\system32\wrestfil.dll2007-09-28 15:52:56 4162 --a------ C:\WINDOWS\system32\viofil.dll2007-09-28 15:52:56 5782 --a------ C:\WINDOWS\system32\vgamfil.dll2007-09-28 15:52:56 1656 --a------ C:\WINDOWS\system32\tapfil.dll2007-09-28 15:52:56 14712 --a------ C:\WINDOWS\system32\tafil.dll2007-09-28 15:52:56 6830 --a------ C:\WINDOWS\system32\swfil.dll2007-09-28 15:52:56 258 --a------ C:\WINDOWS\system32\srchout.dll2007-09-28 15:52:56 3444 --a------ C:\WINDOWS\system32\srchin.dll2007-09-28 15:52:56 540 --a------ C:\WINDOWS\system32\srchfrgn.dll2007-09-28 15:52:56 12266 --a------ C:\WINDOWS\system32\sporfil.dll2007-09-28 15:52:56 724 --a------ C:\WINDOWS\system32\spmfil.dll2007-09-28 15:52:56 592 --a------ C:\WINDOWS\system32\snetfil.dll2007-09-28 15:52:54 157916 --a------ C:\WINDOWS\system32\pxyfil.dll2007-09-28 15:52:54 12730 --a------ C:\WINDOWS\system32\psyfil.dll2007-09-28 15:52:54 16802 --a------ C:\WINDOWS\system32\popfil.dll2007-09-28 15:52:54 9634 --a------ C:\WINDOWS\system32\pkmon.dll2007-09-28 15:52:54 306 --a------ C:\WINDOWS\system32\picsfil.dll2007-09-28 15:52:54 22618 --a------ C:\WINDOWS\system32\perfil.dll2007-09-28 15:52:52 17488 --a------ C:\WINDOWS\system32\nvgamfil.dll2007-09-28 15:52:52 116 --a------ C:\WINDOWS\system32\nfil.dll2007-09-28 15:52:52 670 --a------ C:\WINDOWS\system32\mp3fil.dll2007-09-28 15:52:52 7778 --a------ C:\WINDOWS\system32\movfil.dll2007-09-28 15:52:52 34 --a------ C:\WINDOWS\system32\macfil.dll2007-09-28 15:52:52 3286 --a------ C:\WINDOWS\system32\lgwfil.dll2007-09-28 15:52:52 18 --a------ C:\WINDOWS\system32\lastupdate.dll2007-09-28 15:52:52 8652 --a------ C:\WINDOWS\system32\jbfil.dll2007-09-28 15:52:52 1100 --a------ C:\WINDOWS\system32\imgfil.dll2007-09-28 15:52:52 194 --a------ C:\WINDOWS\system32\igefil.dll2007-09-28 15:52:52 5180 --a------ C:\WINDOWS\system32\iawfil.dll2007-09-28 15:52:52 4442 --a------ C:\WINDOWS\system32\hatfil.dll2007-09-28 15:52:52 9796 --a------ C:\WINDOWS\system32\gnfil.dll2007-09-28 15:52:50 1482 --a------ C:\WINDOWS\system32\gdwfil.dll2007-09-28 15:52:50 13070 --a------ C:\WINDOWS\system32\gblfil.dll2007-09-28 15:52:50 1816 --a------ C:\WINDOWS\system32\fshrfil.dll2007-09-28 15:52:50 11338 --a------ C:\WINDOWS\system32\fmfil.dll2007-09-28 15:52:50 13154 --a------ C:\WINDOWS\system32\finfil.dll2007-09-28 15:52:50 12422 --a------ C:\WINDOWS\system32\entfil.dll2007-09-28 15:52:50 1830 --a------ C:\WINDOWS\system32\cultfil.dll2007-09-28 15:52:50 1790 --a------ C:\WINDOWS\system32\csnews.dll2007-09-28 15:52:50 10906 --a------ C:\WINDOWS\system32\chtfil.dll2007-09-28 15:52:50 400 --a------ C:\WINDOWS\system32\bsnlst.dll2007-09-28 15:52:50 100 --a------ C:\WINDOWS\system32\bnrfil.dll2007-09-28 15:52:48 7642 --a------ C:\WINDOWS\system32\auctfil.dll2007-09-28 15:52:48 88076 --a------ C:\WINDOWS\system32\adwfil.dll2007-09-17 16:11:43 0 d-------- C:\Program Files\Common Files\InstallShield2007-08-27 15:45:35 0 d-------- C:\Program Files\Real2007-08-27 15:44:12 0 d-------- C:\Program Files\Windows Live2007-08-24 18:40:38 0 d-------- C:\Program Files\HP2007-08-24 16:52:11 0 d-------- C:\Documents and Settings\Pete's\Application Data\Macromedia2007-08-20 12:50:18 0 d-------- C:\Program Files\Accursed Toys2007-08-19 15:54:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.22007-08-17 10:50:28 3648 --a------ C:\WINDOWS\system32\giisjvor.dll2007-08-14 13:56:50 0 d-------- C:\Program Files\LimeWire2007-08-13 19:02:00 0 d-------- C:\Program Files\iPod2007-08-13 18:02:08 0 d-------- C:\Program Files\QuickTime2007-08-13 18:00:19 0 d-------- C:\Program Files\Apple Software Update2007-08-13 17:59:42 0 d-------- C:\Program Files\Common Files\Apple2007-07-25 21:26:12 22907904 --a------ C:\ledbackground2007-07-24 17:44:42 23 --a------ C:\Documents and Settings\Pete's\Application Data\Download.url-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 02:54 PM]"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 04:23 AM]"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 04:15 AM]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM]"VTTimer"="VTTimer.exe" [01/15/2004 09:33 PM C:\WINDOWS\system32\VTTimer.exe]"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/30/2004 10:10 PM]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 01:48 PM]"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/07/2006 01:10 AM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2004 07:07 PM]"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" []"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [10/16/2001 11:10 AM]"C2K"="C:\WINDOWS\Cyb2k.exe" [08/03/2004 10:47 AM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 03:06 AM]"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [10/05/2007 07:09 PM]"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [02/24/2006 07:54 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 02:34 AM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/04/2007 07:23 PM]"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [1/2/2005 4:50:01 PM]EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [8/22/2004 12:45:32 PM]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 1:19:24 PM]Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [4/1/2004 2:16:45 PM][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"-- End of Deckard's System Scanner: finished at 2007-10-13 11:31:32 ------------ Link to post Share on other sites
kohu Posted October 13, 2007 Author Report Share Posted October 13, 2007 And heres the extra.txtDeckard's System Scanner v20070905.67Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: AMD Athlon XP 3200+Percentage of Memory in Use: 73%Physical Memory (total/avail): 511.48 MiB / 136.72 MiBPagefile Memory (total/avail): 1151.71 MiB / 718.46 MiBVirtual Memory (total/avail): 2047.88 MiB / 1955.61 MiBC: is Fixed (NTFS) - 144.25 GiB total, 82.34 GiB free. D: is Fixed (FAT32) - 4.79 GiB total, 0.62 GiB free. E: is CDROM (No Media)F: is CDROM (CDFS)H: is Removable (No Media)I: is Removable (No Media)J: is Removable (No Media)K: is Removable (No Media)\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 4.79 GiB - D: \PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is disabled.FW: COMODO Firewall Pro v2.3.035 (COMODO)AV: avast! antivirus 4.7.1043 [VPS 000780-2] v4.7.1043 (ALWIL Software)[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Pete's\Application DataCLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zipCOLLECTIONID=COL8143CommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=SHADOWComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServletHOMEDRIVE=C:HOMEPATH=\Documents and Settings\Pete'sITEMID=dj-22741-6LANG=1033LOGONSERVER=\\SHADOWNUMBER_OF_PROCESSORS=1OS=Windows_NTOSVER=winXPHPAPATH=c:/devkitPro/PAlib/Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMDPROCESSOR_LEVEL=6PROCESSOR_REVISION=0a00ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zipSESSIONID=1098426280950wuws04-l1e1be92:ffbf4e2f8a:3c80SESSIONNAME=ConsoleSWUTVER=1.0.22.20030804SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Pete's\LOCALS~1\TempTIMEOUT=0TMP=C:\DOCUME~1\Pete's\LOCALS~1\TempTOOLPATH=/c:\Program%20Files\HP\HP%20Software%20Update\install.htmUPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad0131D.tmpUSERDOMAIN=SHADOWUSERNAME=Pete'sUSERPROFILE=C:\Documents and Settings\Pete'sVERSION=3.0.2.97windir=C:\WINDOWS__COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------Owner (admin)Pete's (admin)Kid (new local, admin)Administrator (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAction Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"Adobe ActiveShare 1.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\ActiveShare\Uninst.isu"Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exeAdobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe PhotoDeluxe Home Edition 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} Agere Systems PCI Soft Modem --> agrsmdelApple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanATI DVD Decoder 2.2.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{45D228AA-4284-467A-9DB6-942B92BFF656} /l1033 ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" ATI Multimedia Center 8.6.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB} /l1033 avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetupAVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exeAviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonlyCivilization III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF} COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstallnCrystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74} DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYERDivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODECEnhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /uEPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /rGdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}Ghost Recon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"HijackThis 1.99.1 --> C:\Documents and Settings\Pete's\My Documents\highjackthis\HijackThis.exe /uninstallHotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"How To Master Excel 2000 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Uninst.isuHP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.datHP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.datHP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOGHP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.datHP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.datHP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}Impossible Creatures 1.0.1 --> MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}Ink Monitor --> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -UInterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALLInterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALLiPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033 ips XP 1.11.2600 --> "C:\Program Files\ipsXP\unins000.exe"ips XP 1.11.2600 --> "C:\Program Files\ipsXP\unins000.exe"ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}Kazaa Lite K++ v2.4.3 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exeLexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"Lords of the Realm III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C1EAF33-82AD-4A63-B56D-4739172714DF}\Setup.exe" -l0x9 Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOGMemories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.infMicrosoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, UninstallMicrosoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exeMSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,UninstallNeed For Speed Hot Pursuit 2 --> C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exeNintendo DS - GBA Max Drive --> "C:\Program Files\Datel\Nintendo DS - GBA Max Drive\unins000.exe"Norton Internet Security --> MsiExec.exe /I{88770EA7-9E8F-483C-ADDB-5F633691C036}Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}Paint.NET v3.08 --> MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScanPC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.datPolar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOGProject64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}PS2 --> C:\WINDOWS\system32\ps2.exe uninstallQuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.logRoller Coaster Tycoon --> C:\PROGRA~1\INFOGR~2\ROLLER~1\UNWISE.EXE C:\PROGRA~1\INFOGR~2\ROLLER~1\INSTALL.LOGRollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9 S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'SC Ver 2.60 --> "C:\Program Files\SC\unins000.exe"Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonlySid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033 Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}Sony ACID Music Studio 6.0b --> MsiExec.exe /X{D4A823CA-D124-456E-9A98-71544A928897}SpongeBob SquarePants - The Movie --> RunDll32 C:\DOCUME~1\Pete's\APPLIC~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information\{B98D958E-9E59-43B7-B47F-043D45D73EE6}\setup.exe" -l0x9 -uninst Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"Street Atlas USA Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3409AD65-7A2A-46D4-8F07-DB1508B9158D}\setup.exe" NoModeStumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exeSUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}The Battle for Middle-earth --> C:\Program Files\EA GAMES\The Battle for Middle-earth \EAUninstall.exeThe Hobbit --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{023FFB0A-C5DB-4930-B3E4-D48266C21738} Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exeTradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}UniChrome IGP Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.unsUno --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8E28912-A7B8-488C-B259-33F9014B9D09}\setup.exe" -l0x9 Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIAViewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /kVOCALOID Editor V1.1.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}\setup.exe" -l0x9 VOCALOID Expression DB (Miriam) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44F77FBE-828D-4B04-A02B-C70426F65C86}\setup.exe" -l0x9 VOCALOID Expression DB (Standard) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}\setup.exe" -l0x9 VOCALOID SKIN (Zero-G MIRIAM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BBB3758-6759-4086-835B-1D665DBE979F}\setup.exe" -l0x9 VOCALOID Voice DB (Miriam) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{146303B2-EA46-4BFB-8054-FC75A0D0088B}\setup.exe" -l0x9 VOCALOID VSTi V1.1.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAC611DA-E445-4D7A-8311-7389C627FA32}\setup.exe" -l0x9 VOCALOID2 Editor V2.0.2.4J --> C:\Program Files\InstallShield Installation Information\{F1C1C21B-F56E-400B-B0B0-270D817889F3}\setup.exe -runfromtemp -l0x0009 -removeonlyVOCALOID2 Expression DB (Standard) --> C:\Program Files\InstallShield Installation Information\{B6588186-9657-486C-AEB1-F57D8E160F19}\setup.exe -runfromtemp -l0x0009 -removeonlyVOCALOID2 Voice DB (Miku) --> C:\Program Files\InstallShield Installation Information\{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}\setup.exe -runfromtemp -l0x0009 -removeonlyVOCALOID2 VSTi V2.0.2.0 --> C:\Program Files\InstallShield Installation Information\{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}\setup.exe -runfromtemp -l0x0009 -removeonlyWhere Am I Dataset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A202CE5-2F2C-484F-B43E-523943D68E68}\setup.exe" NoModeWindows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"Word Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstallZoo Tycoon 2 Patch --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTPA.EXE" /runtemp /uninstall-- Application Event Log -------------------------------------------------------Event Record #/Type13141 / ErrorEvent Submitted/Written: 10/13/2007 11:29:28 AMEvent ID/Source: 5 / CYBERsitterEvent Description:Exception Error - GETCIP [11004] Valid name, no data record of requested typeEvent Record #/Type13140 / ErrorEvent Submitted/Written: 10/13/2007 11:28:43 AMEvent ID/Source: 5 / CYBERsitterEvent Description:Exception Error - GETCIP [11004] Valid name, no data record of requested typeEvent Record #/Type13139 / ErrorEvent Submitted/Written: 10/13/2007 11:27:28 AMEvent ID/Source: 5 / CYBERsitterEvent Description:Exception Error - GETCIP [11004] Valid name, no data record of requested typeEvent Record #/Type13138 / ErrorEvent Submitted/Written: 10/13/2007 11:26:29 AMEvent ID/Source: 5 / CYBERsitterEvent Description:Exception Error - GETCIP [11004] Valid name, no data record of requested typeEvent Record #/Type13137 / ErrorEvent Submitted/Written: 10/13/2007 11:25:30 AMEvent ID/Source: 5 / CYBERsitterEvent Description:Exception Error - GETCIP [11004] Valid name, no data record of requested type-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type16918 / ErrorEvent Submitted/Written: 10/13/2007 10:30:11 AMEvent ID/Source: 7034 / Service Control ManagerEvent Description:The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).Event Record #/Type16888 / ErrorEvent Submitted/Written: 10/13/2007 08:58:27 AMEvent ID/Source: 7026 / Service Control ManagerEvent Description:The following boot-start or system-start driver(s) failed to load: rxpEvent Record #/Type16859 / ErrorEvent Submitted/Written: 10/12/2007 05:35:50 PMEvent ID/Source: 7026 / Service Control ManagerEvent Description:The following boot-start or system-start driver(s) failed to load: rxpEvent Record #/Type16821 / ErrorEvent Submitted/Written: 10/12/2007 03:23:46 PMEvent ID/Source: 7026 / Service Control ManagerEvent Description:The following boot-start or system-start driver(s) failed to load: rxpEvent Record #/Type16788 / ErrorEvent Submitted/Written: 10/11/2007 05:20:15 PMEvent ID/Source: 7026 / Service Control ManagerEvent Description:The following boot-start or system-start driver(s) failed to load: rxp-- End of Deckard's System Scanner: finished at 2007-10-13 11:31:32 ------------ Link to post Share on other sites
Andro1d Posted October 14, 2007 Report Share Posted October 14, 2007 Hello again,Step 1I see you have Kazaa Lite K++ v2.4.3 installed on your system. While the program itself is legal, most of the files downloaded with it are not. Also, quite often the files can be infected with viruses, malware, and other undesirable applications. I highly recommend uninstalling Kazaa Lite K++ v2.4.3 via Add or Remove Programs, but this program is optional for you if you choose to want to keep it.See HERE for details on P2P file sharing programs.Step 2Since you already have AVG Anti Spyware installed, please do the following.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.NOTE: if you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net/en/download/updates/NOTE: if you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ewido.net/public.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".Answer "Yes" and wait for a message to appear similar to "Merged Successfully".Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Link to post Share on other sites
kohu Posted October 14, 2007 Author Report Share Posted October 14, 2007 Strange, I had no reports to save. Well, all it found and removed where tracking cookies and nothing else. 28 of them. Link to post Share on other sites
Andro1d Posted October 15, 2007 Report Share Posted October 15, 2007 Good to hear.Are you still receiving any problems, and how is everything running? Link to post Share on other sites
kohu Posted October 15, 2007 Author Report Share Posted October 15, 2007 Every things running fine, And I haven't noticed any bad things so far! Thanks a lot for the help so far! And sorry its taking a while. I'm loving the firewall and Avast! Link to post Share on other sites
Andro1d Posted October 15, 2007 Report Share Posted October 15, 2007 Nice job your log looks clean ! How is it running ?Please use the following suggestion to help prevent reinfection.Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the followingClick Start, Settings, Control PanelDouble-click the System iconClick the Performance tab, File System, Troubleshooting tabCheck "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore pointsThen uncheck "Turn off System Restore" which will create a new System Restore pointClick OKI highly recommend downloading the following programs, to keep malware of your computer to begin with.The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system. SpywareBlaster - Great prevention tool to keep malware from installing on your system.**Tutorial on installing & using this product can be found HERE**SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.**Tutorial on installing & using this product can be found HERE**IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.**Tutorial on installing & using this product can be found HERE**ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir. DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.**Tutorial on Firewalls can be found HERE**Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.You must stay on top of your updates at all times, for the above mentioned applications.It is vitally important to stay on top of your critical updates provided by Microsoft.And finally a little How did I get infected in the first place?(by Tony Klein)Good luck and safe surfing Link to post Share on other sites
kohu Posted October 16, 2007 Author Report Share Posted October 16, 2007 W00t! nice to know I'm clean! Thank you again for all your help! Link to post Share on other sites
Andro1d Posted October 16, 2007 Report Share Posted October 16, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts