View Full Version : Is my pc infected? If not , what's wrong with it.
Hello Spybot Members,
I think that my pc is infected for various reasons. One being that some pograms wont install, like itunes and yahoo messenger. Also, when i run spybot, and the scan is complete, 2 problems wont fix and a message pops up saying that some problems could'nt be fixed, in order to get fixed i need to reboot. But when i do reboot and start the scan again, it says the same thing. PLease help. Here my Log File.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:21 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224878765537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224913463140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
--
End of file - 7517 bytes
Hello and Welcome to the forums!
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3- Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
info.txt logfile of random's system information tool 1.04 2008-10-30 20:19:14
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Picture Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Blackhawk Striker from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5415BC25-6D6C-46C4-B34C-EA8470FE56D5\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\357ECB62-CD36-4B63-B57E-769D0CA174F4\Uninstall.exe"
BlasterBall Wild from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\28BA89E7-2F60-4BE7-BAA2-7949EB3FE527\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Dark Orbit from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7841B68B-B7DD-408E-8B45-D5CA39608185\Uninstall.exe"
Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\63272979-21F0-48EF-9B97-A83DBC05BE39\Uninstall.exe"
easy Internet sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Excavation from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DF479CEA-34C0-460F-9B56-93BCE4CD4086\Uninstall.exe"
GemMaster 3 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet printer preloaded drivers-->MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C}
HP Digital Imaging Album Printing 1.0-->MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}
HP Photo and Imaging 1.2 - Photosmart Cameras-->MsiExec.exe /X{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}
HP Photosmart printers preloaded drivers-->MsiExec.exe /X{9E88DAA4-1352-4272-BA3A-897668408400}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Men In Black II CROSSFIRE from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3EA6838C-5C34-4F9C-A8DA-434D65DD1356\Uninstall.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RingMaster from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8c9c48d7-2d03-4a1f-a303-5bd22ccabae1\Uninstall.exe"
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Simple Backup for My Pictures-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Snowboard Extreme from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\753FE96B-D926-4B6C-BCFB-CC59153D004A\Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Space Rocks from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9FA01E11-9015-4140-B10A-5C6AA949B2FC\Uninstall.exe"
SpamSubtract-->C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
toolkit-->c:\Windows\HPTK\unhptkit.exe
Uninstall USB Storage RW Ver. 2.00.11.b04-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Virtual Warfare from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4F0AE1FB-4082-4A27-8363-05D292D92FB0\Uninstall.exe"
Weblink-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Productivity Pack-->c:\WINDOWS\Corel\Uninst32.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: COMODO Antivirus
FW: COMODO Firewall (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PCToolsDir"=C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\HP Pavilion PC Tools
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-30 20:18:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (17%) free of 34 GB
Total RAM: 503 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:58 PM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UQLBSZPZ\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224878765537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224913463140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
--
End of file - 8189 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-24 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-24 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-24 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-24 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit - C:\HP\EXPLOREBAR\HPTOOLKT.DLL [2003-02-19 106496]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-24 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"KYE_UDSI"=C:\Program Files\USB Storage RW\udsi.exe [2003-02-21 212992]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-22 69632]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"StorageGuard"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-04-09 151597]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-03-18 331776]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-24 136600]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-10-25 278264]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-10-25 1796856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-19 50528]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
customize__IE.lnk - C:\hp\region\customizeIe.wsf
MsnFixer.lnk - C:\hp\bin\msnfix\msnfixjs.js
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2008-10-30 20:18:28 ----D---- C:\rsit
2008-10-30 16:42:58 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-30 16:42:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 16:42:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:55:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-10-28 19:54:27 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 19:53:48 ----D---- C:\Program Files\Bonjour
2008-10-28 12:39:37 ----D---- C:\Program Files\Trend Micro
2008-10-28 11:36:50 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-25 18:55:26 ----D---- C:\Documents and Settings\Owner\Application Data\Comodo
2008-10-25 18:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-25 14:50:27 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-10-25 14:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-25 14:49:31 ----A---- C:\WINDOWS\system32\guard32.dll
2008-10-25 14:49:27 ----D---- C:\Program Files\COMODO
2008-10-25 14:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 14:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-25 13:43:42 ----D---- C:\WINDOWS\Prefetch
2008-10-25 13:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-25 13:23:38 ----D---- C:\WINDOWS\system32\scripting
2008-10-25 13:23:35 ----D---- C:\WINDOWS\l2schemas
2008-10-25 13:23:34 ----D---- C:\WINDOWS\system32\en
2008-10-25 12:53:22 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-25 12:53:17 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-25 12:53:13 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-25 12:53:12 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-25 12:52:59 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-25 12:52:59 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-25 12:52:22 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-25 12:52:07 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-25 12:52:02 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-25 12:52:01 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-25 12:51:58 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-25 12:51:57 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-25 12:51:57 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-25 12:51:50 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-25 12:51:40 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-25 12:51:11 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-25 12:51:11 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-25 12:51:11 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-25 12:51:09 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-25 12:51:08 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-25 12:51:05 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-25 12:51:05 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-25 12:50:44 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-25 12:50:44 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-25 12:50:43 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-25 12:50:43 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-25 12:50:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-25 12:50:26 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-25 12:50:25 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-25 12:50:25 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-25 12:50:25 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-25 12:50:25 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-25 12:50:02 ----A---- C:\WINDOWS\005280_.tmp
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-25 12:49:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-25 12:49:53 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-25 12:49:53 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-25 12:49:52 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-25 12:49:52 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-25 12:49:52 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-25 12:49:52 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-25 12:49:52 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-25 12:49:50 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-25 12:49:50 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-25 12:49:49 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-25 12:49:44 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-25 12:49:35 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-25 12:49:32 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-25 12:49:20 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-25 12:19:22 ----A---- C:\WindowsXP-KB943232-x86-ENU.exe
2008-10-25 01:08:34 ----A---- C:\WINDOWS\wininit.ini
2008-10-25 00:25:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-25 00:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 00:15:19 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-10-24 23:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-10-24 23:19:49 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-10-24 23:19:08 ----D---- C:\WINDOWS\Minidump
2008-10-24 23:17:12 ----A---- C:\WINDOWS\system32\javaee.dll
2008-10-24 23:16:50 ----D---- C:\090cd0b280a9618f8971
2008-10-24 23:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-10-24 23:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-10-24 23:12:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-24 23:12:20 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-24 23:12:20 ----A---- C:\WINDOWS\system32\java.exe
2008-10-24 23:12:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-24 22:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-10-24 22:23:13 ----A---- C:\WINDOWS\004500_.tmp
2008-10-24 21:47:01 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-10-24 21:47:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-24 12:03:54 ----RSHD---- C:\cmdcons
2008-10-24 12:03:33 ----D---- C:\WINDOWS\setupupd
2008-10-24 11:58:08 ----D---- C:\Program Files\USB Storage RW
2008-10-23 14:43:30 ----D---- C:\cmdcons(2)
2008-10-17 14:36:57 ----D---- C:\WINDOWS\Internet Logs
2008-10-17 13:25:19 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-16 18:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 18:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 18:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 18:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 16:11:12 ----D---- C:\Program Files\Gimp-2.0
======List of files/folders modified in the last 1 months======
2008-10-30 20:16:02 ----RD---- C:\Program Files
2008-10-30 20:16:02 ----D---- C:\WINDOWS\system32
2008-10-30 20:16:02 ----D---- C:\Program Files\Common Files
2008-10-30 20:16:01 ----D---- C:\WINDOWS\system32\X2
2008-10-30 20:16:01 ----D---- C:\WINDOWS\system32\drivers
2008-10-30 20:16:01 ----D---- C:\WINDOWS
2008-10-30 20:16:00 ----D---- C:\Program Files\ComPlus Applications
2008-10-30 16:59:20 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-10-30 16:38:45 ----D---- C:\Program Files\Mozilla Firefox
2008-10-30 16:38:44 ----D---- C:\WINDOWS\Temp
2008-10-29 23:34:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 20:53:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 20:28:13 ----HD---- C:\WINDOWS\inf
2008-10-29 19:17:31 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-28 19:56:31 ----SHD---- C:\WINDOWS\Installer
2008-10-28 19:56:31 ----HD---- C:\Config.Msi
2008-10-28 19:55:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-28 19:55:21 ----D---- C:\Program Files\iTunes
2008-10-28 19:54:40 ----D---- C:\Program Files\iPod
2008-10-28 19:51:24 ----D---- C:\Program Files\QuickTime
2008-10-28 19:49:54 ----D---- C:\Program Files\Common Files\Apple
2008-10-28 19:47:21 ----SD---- C:\WINDOWS\Tasks
2008-10-28 19:47:07 ----D---- C:\Program Files\Apple Software Update
2008-10-26 21:40:09 ----D---- C:\Program Files\AWS
2008-10-26 12:11:07 ----D---- C:\Program Files\Common Files\Adobe
2008-10-26 12:11:06 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-25 18:45:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-25 18:43:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 18:43:26 ----A---- C:\WINDOWS\imsins.BAK
2008-10-25 18:42:54 ----D---- C:\WINDOWS\ie7updates
2008-10-25 18:41:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-25 14:39:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 14:35:27 ----D---- C:\WINDOWS\system32\en-US
2008-10-25 14:35:26 ----D---- C:\WINDOWS\Help
2008-10-25 14:35:26 ----D---- C:\Program Files\Internet Explorer
2008-10-25 14:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-25 14:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-25 14:32:11 ----D---- C:\Program Files\Messenger
2008-10-25 14:32:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-25 14:28:39 ----HDC---- C:\WINDOWS\ie7
2008-10-25 14:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-25 14:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-25 14:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-25 14:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-25 14:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-25 14:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-25 14:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-25 13:46:59 ----D---- C:\WINDOWS\WinSxS
2008-10-25 13:44:53 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-25 13:43:50 ----A---- C:\WINDOWS\setuplog.txt
2008-10-25 13:43:05 ----D---- C:\WINDOWS\system32\Setup
2008-10-25 13:43:04 ----D---- C:\WINDOWS\system32\wbem
2008-10-25 13:43:04 ----D---- C:\WINDOWS\AppPatch
2008-10-25 13:43:02 ----RSD---- C:\WINDOWS\Fonts
2008-10-25 13:42:25 ----D---- C:\WINDOWS\security
2008-10-25 13:24:24 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-25 13:24:22 ----D---- C:\Program Files\Windows Media Player
2008-10-25 13:24:05 ----D---- C:\WINDOWS\network diagnostic
2008-10-25 13:24:05 ----D---- C:\WINDOWS\ime
2008-10-25 13:23:40 ----D---- C:\WINDOWS\system32\usmt
2008-10-25 13:23:34 ----D---- C:\WINDOWS\system32\bits
2008-10-25 13:23:33 ----D---- C:\WINDOWS\PeerNet
2008-10-25 13:23:33 ----D---- C:\Program Files\Movie Maker
2008-10-25 13:18:31 ----D---- C:\WINDOWS\system32\Restore
2008-10-25 13:18:31 ----D---- C:\WINDOWS\system32\npp
2008-10-25 13:18:29 ----D---- C:\WINDOWS\msagent
2008-10-25 13:18:26 ----D---- C:\WINDOWS\srchasst
2008-10-25 13:18:25 ----D---- C:\Program Files\NetMeeting
2008-10-25 13:18:23 ----D---- C:\WINDOWS\system32\Com
2008-10-25 13:18:18 ----D---- C:\Program Files\Windows NT
2008-10-25 13:18:18 ----D---- C:\Program Files\Outlook Express
2008-10-25 13:18:13 ----D---- C:\Program Files\Common Files\System
2008-10-25 13:17:41 ----D---- C:\WINDOWS\system32\oobe
2008-10-25 13:17:38 ----D---- C:\WINDOWS\system
2008-10-25 13:12:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-25 13:12:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-25 13:06:19 ----D---- C:\WINDOWS\EHome
2008-10-25 01:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-25 01:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-10-25 01:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-10-25 01:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-10-25 01:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-10-25 01:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-10-25 01:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-10-25 01:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-10-25 01:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-25 01:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-10-25 01:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-10-25 01:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-10-25 01:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-25 01:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-10-25 01:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-10-25 01:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-10-25 01:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-10-25 01:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-10-25 01:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-10-25 01:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-10-25 01:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-10-25 01:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-10-25 01:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-10-25 01:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-10-25 01:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-25 01:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-10-25 01:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-10-25 01:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-10-25 01:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-10-25 01:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-25 01:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-25 01:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-10-25 01:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-25 01:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-10-25 01:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-25 01:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-10-25 01:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-10-25 01:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-25 01:08:52 ----D---- C:\WINDOWS\wt
2008-10-24 23:38:18 ----D---- C:\WINDOWS\Registration
2008-10-24 23:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-24 23:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2008-10-24 23:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-10-24 23:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-10-24 23:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-10-24 23:29:20 ----D---- C:\Program Files\Easy Internet signup
2008-10-24 23:19:00 ----D---- C:\Program Files\Google
2008-10-24 23:17:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-24 23:11:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-10-24 23:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-10-24 23:02:03 ----D---- C:\WINDOWS\Debug
2008-10-24 22:52:20 ----RASH---- C:\boot.ini
2008-10-24 22:47:09 ----RD---- C:\WINDOWS\Web
2008-10-24 22:46:47 ----RASH---- C:\NTDETECT.COM
2008-10-24 22:01:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-24 22:01:10 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-24 21:59:31 ----D---- C:\Program Files\Symantec
2008-10-24 21:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-24 21:49:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-24 21:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-10-24 21:44:29 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-24 12:03:54 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-24 12:03:51 ----D---- C:\WINDOWS\setup.pss
2008-10-24 11:58:40 ----D---- C:\WINDOWS\system32\config
2008-10-23 17:20:22 ----A---- C:\WINDOWS\system.ini
2008-10-23 17:17:48 ----D---- C:\WINDOWS\MSBN
2008-10-23 17:10:08 ----D---- C:\WINDOWS\repair
2008-10-23 17:08:56 ----D---- C:\WINDOWS\CREATOR
2008-10-23 17:08:28 ----HD---- C:\hp
2008-10-23 17:03:21 ----D---- C:\WINDOWS\system32\ras
2008-10-23 17:02:38 ----D---- C:\WINDOWS\system32\icsxml
2008-10-23 17:02:37 ----D---- C:\WINDOWS\system32\ias
2008-10-23 17:00:49 ----D---- C:\WINDOWS\addins
2008-10-23 17:00:47 ----D---- C:\WINDOWS\Media
2008-10-23 17:00:27 ----D---- C:\WINDOWS\Cursors
2008-10-23 17:00:02 ----D---- C:\Program Files\Common Files\Services
2008-10-23 16:59:12 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-23 16:59:08 ----RSD---- C:\WINDOWS\assembly
2008-10-23 15:16:27 ----D---- C:\Program Files\Java
2008-10-23 15:14:50 ----HD---- C:\Program Files\WindowsUpdate
2008-10-23 14:44:58 ----SHD---- C:\RECYCLER
2008-10-23 14:41:21 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-23 14:38:43 ----SHD---- C:\System Volume Information
2008-10-23 14:32:16 ----HDC---- C:\WINDOWS\$NtUninstallQ811789$
2008-10-23 14:31:33 ----HDC---- C:\WINDOWS\$NtUninstallQ331958$
2008-10-23 14:30:52 ----HDC---- C:\WINDOWS\$NtUninstallQ327979$
2008-10-23 14:28:27 ----RASH---- C:\BOOT.BAK
2008-10-22 16:34:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 09:51:41 ----D---- C:\Program Files\LimeWire
2008-10-08 16:50:53 ----D---- C:\Program Files\Picasa2
2008-10-07 08:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 09:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-10-25 99856]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-10-25 31504]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-07 624369]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-04-09 28276]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-26 260736]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-10-25 614136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-24 152984]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-03-03 65536]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 138168]
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.30
Database version: 1340
Windows 5.1.2600 Service Pack 3
10/30/2008 8:16:02 PM
mbam-log-2008-10-30 (20-16-02).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184267
Time elapsed: 2 hour(s), 55 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 45
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\poolsv (Multiple.Malware.Installer) -> Quarantined and deleted successfully.
C:\Program Files\svhost (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\X4 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
Files Infected:
C:\15.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\1F.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\42.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\ComPlus Applications\vizyfinav83122.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\poolsv\YazzleBundle-1549.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1195256972.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1195864017.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1197925365.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP16\A0007483.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP16\A0007484.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP16\A0007489.exe (Adware.Winpop) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP16\A0007490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP21\A0012928.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP21\A0012929.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP21\A0012930.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP21\A0012931.exe (Adware.Webbuying) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP21\A0012935.dll (Adware.WebBuying) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvl.dll (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\FOPN.sys (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\X2\mwspasrt83122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\poolsv\k11u72.exe (Multiple.Malware.Installer) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1192230595.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1192472223.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1193342495.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1193951478.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1194650797.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1198620500.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1199235749.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1199912150.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1200527780.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1201140046.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1201305756.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dll.1202002929.old (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
Hi mari890
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How is the computer running now ?
Thanks peku006
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:40 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224878765537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224913463140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
--
End of file - 7850 bytes
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 31, 2008 17:02:08
Records in database: 1364715
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 119998
Threat name: 6
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 04:37:59
File name / Threat name / Threats count
C:\Documents and Settings\Default User\Application Data\аssembly\сhkdsk.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-2fbf3cda Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-4248e26e Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-56e285cb Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-629b6d74 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-5efb1e54 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6bcfa06e Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-7084a2ab Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-75d8ade6 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-29b91d67 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-4d4ee863 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-71d21241 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7f8139a4 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-1545cfef.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-119c6385.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-35baf840.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\аssembly\сhkdsk.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn 1
C:\Documents and Settings\Owner\Shared\Death Cab For Cutie - I Will Possess Your Heart.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Owner\Shared\private affair the virgins.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\eSoftware\studio.dll Infected: not-a-virus:AdWare.Win32.SurfSide.bj 1
C:\Program Files\QuickTime\bak\qttask.exe Infected: Trojan.Win32.Agent.bxj 1
C:\WINDOWS\system32\config\systemprofile\Application Data\аssembly\сhkdsk.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn 1
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\hkcmd.exe Infected: Trojan.Win32.Agent.bxj 1
The selected area was scanned.
the pc is running a litle better, but i still think its infected.
Hi mari890
1 - Download and Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by OldTimer and save it to your desktop.
Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below.
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\Documents and Settings\Default User\Application Data\?ssembly\?hkdsk.exe
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-2fbf3cda
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-4248e26e
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-56e285cb
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-629b6d74
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-5efb1e54
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6bcfa06e
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-7084a2ab
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-75d8ade6
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-29b91d67
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-4d4ee863
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-71d21241
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7f8139a4
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-1545cfef.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-119c6385.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-35baf840.zip
C:\Documents and Settings\Owner\Application Data\?ssembly\?hkdsk.exe
C:\Documents and Settings\Owner\Shared\Death Cab For Cutie - I Will Possess Your Heart.wma
C:\Documents and Settings\Owner\Shared\private affair the virgins.mp3
C:\Program Files\eSoftware\studio.dll
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\?ssembly\?hkdsk.exe
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\hkcmd.exe
:Commands
[purity]
[emptytemp]
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If you are not asked to reboot close OTMoveIt3.
A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1.the OTMoveIt3 log
2. a fresh HijackThis log
Thanks peku006
========== FILES ==========
File/Folder C:\Documents and Settings\Default User\Application Data\?ssembly\?hkdsk.exe not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-2fbf3cda not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-4248e26e not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-56e285cb not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-629b6d74 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-5efb1e54 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6bcfa06e not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-7084a2ab not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-75d8ade6 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-29b91d67 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-4d4ee863 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-71d21241 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7f8139a4 not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-1545cfef.zip not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-119c6385.zip not found.
File/Folder C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-35baf840.zip not found.
File/Folder C:\Documents and Settings\Owner\Application Data\?ssembly\?hkdsk.exe not found.
File/Folder C:\Documents and Settings\Owner\Shared\Death Cab For Cutie - I Will Possess Your Heart.wma not found.
File/Folder C:\Documents and Settings\Owner\Shared\private affair the virgins.mp3 not found.
File/Folder C:\Program Files\eSoftware\studio.dll not found.
File/Folder C:\Program Files\QuickTime\bak\qttask.exe not found.
File/Folder C:\WINDOWS\system32\config\systemprofile\Application Data\?ssembly\?hkdsk.exe not found.
File/Folder C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\hkcmd.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF1BC0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF1BEE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_70c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11012008_115723
Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll NOT unregistered.
C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll moved successfully.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF1BC0.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF1BEE.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_70c.dat not found!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:22 PM, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224878765537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224913463140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
--
End of file - 7996 bytes
Hi mari890
Logs, looks good but let's run one online scan to be sure
Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.
How is the computer running now ?
Hello!
Do you still need help
It has been four days since my last post.
Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?
Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
Hello, im so sorry for the delay. I've been having some problems with the online scan. For numerous times that I have ran the online scanner something always came up. it would take extremely long, and when I took the patience to run the online scanner this message came up and it could not continue running. it read :
the exception unknown software ecxception (0xe06d7363) occured in the application at location 0x7c81aeb.
following that message came another that said :
run time error.
program the app has requested the runtime to terminate it an unsual way. please contact da applications support team for more information.
Please be advised that the online scan exceeded to run for 12 hours so I had left it on, and when I returned these messages showed up.
Again sorry for the delay.
Hi mari890
Again sorry for the delay.
Ok no problem.
lets try this........
Click here (http://www.pandasecurity.com/homeusers/solutions/activescan/) to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
Click on Scan your PC now.
A new window will open.
Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
Click on Free online scan.
You will be prompted to install an ActiveX. Please allow it.
Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
The scan will start. It takes a while, please be patient.
Once done, click on View Report.
You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-08 19:36:22
PROTECTIONS: 1
MALWARE: 59
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
COMODO Antivirus 3.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@linksynergy[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@anm.co[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tucows[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@stats1.clicktracks[2].txt
00167681 Cookie/Dbbsrv TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@dbbsrv[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@azjmp[3].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.web-stat[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bilbo.counted[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@weborama[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[4].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[3].txt
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fortunecity[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@overture[3].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www5.addfreestats[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@stats1.reliablestats[1].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@stats1.reliablestats[1].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@did-it[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@errorsafe[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@errorsafe[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www1.addfreestats[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@ads.addynamix[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.addynamix[1].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@drivecleaner[1].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@drivecleaner[1].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@winantivirus[1].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@winantivirus[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt
00371752 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP16\A0007482.exe
00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@winantispyware[1].txt
00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@winantispyware[1].txt
00521528 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\owner@www.winantiviruspro[1].txt
00521528 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.winantiviruspro[1].txt
01192641 Adware/PurityScan Adware No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Application Data\аssembly\сhkdsk.exe
01192641 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Owner\Application Data\аssembly\сhkdsk.exe
01192641 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Default User\Application Data\аssembly\сhkdsk.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adserver.easyad[2].txt
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[1].txt
02898734 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP16\A0007485.dll
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP28\A0014144.sys
03982751 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location K
;===================================================================================================================================================================================
No C:\hp\bin\KillIt.exe K
No C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe K
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description K
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Hi mari890
Things are looking good. Do you still notice any problems with your computer?
Well all the programs that i was having problems with before, i jus re installed them and their working fine now. Also, the computer seems to be running more smoothly. The only problem that im having is with trying to download a pc protection called Zonealarm. Everytime i am downloading/installing this program a messages appears saying : the file c:\windows\internetlogs\errorlog.tmp could not be opened. access denied. " i would like to know why this message keeps appearing and why cant i succesfully download this program? Thanks.
Hi mari890
Get Firewall and AntiVirus Status
Please go to Start, Run, type wscui.cpl into the box and hit <Enter>.
Tell me if it reports both AntiVirus and Firewall as ON, and then click on the little down arrows on the right of each, and note the name of the application being used for each.
In your reply please include the application names and ON/OFF status of each.
Thanks peku006
FireWall is on. and it's name is Windows FireWall
Antivirus is on as well. & it's name is COMODO antivirus.
Hi mari890
you have comodo firewall installed
AV: COMODO Antivirus
FW: COMODO Firewall (disabled)
you need uninstall comodo firewall before you install zonealarm firewall
Im having trouble un installing the comodo firewall. i go to add and remove pograms and it only says to remove he whole comodo antivirus. So do i just remove it? And also, before i had comodo i tried downloading Zonealarm and it still didnt work, which is why i downloaded Comodo
H imari890
How to uninstall Comodo Firewall (http://forums.comodo.com/help_for_v2/how_to_uninstall_comodo_firewall-t1184.0.html)
post back if it helped.
Hello!
Do you still need help
It has been three days since my last post.
Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?
Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!