sellout007
New member
Oh and still getting pop ups and I also think that I get big huge ads on a ton of website pages. Just big ads at the top of pages.
DriverCleaner/Compaq Conections Agent/Pop ups
- Thread starter sellout007
- Start date
Lets try running combofix.exe
Download it from one of the links below:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Download it from one of the links below:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
sellout007
New member
"Compaq_Administrator" - 07-02-02 20:22:32 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Compaq_Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-01-02 to 2007-02-02 ))))))))))))))))))))))))))))))))))
2007-02-02 15:45 45,568 --a------ C:\Program Files\Common Files\quha691.dll
2007-02-02 08:02 45,568 --a------ C:\Program Files\Common Files\quha.dll
2007-02-01 17:29 <DIR> d-------- C:\!KillBox
2007-01-31 16:47 93,564 --a------ C:\WINDOWS\TTC.exe
2007-01-30 22:19 <DIR> d-------- C:\Avenger
2007-01-28 10:15 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\Viewpoint
2007-01-27 18:21 <DIR> d-------- C:\Program Files\Entriq
2007-01-15 19:02 <DIR> d-------- C:\Spyware
2007-01-12 08:01 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-12 07:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-09 17:00 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\System Restore
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-02 19:06 379 --a------ C:\Program Files\Common Files\quha691
2007-02-02 15:45 -------- d-------- C:\Program Files\messenger
2007-02-02 15:45 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobeum
2007-01-28 22:28 -------- d-------- C:\Program Files\bodog poker
2007-01-23 21:06 12308 --a------ C:\DOCUME~1\COMPAQ~1\Application Data\wklnhst.dat
2007-01-12 08:00 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\mozilla
2007-01-12 07:55 -------- d---s---- C:\DOCUME~1\COMPAQ~1\Application Data\microsoft
2007-01-04 06:50 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobe
2007-01-02 16:22 -------- d-------- C:\Program Files\java
2006-12-28 20:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-28 17:04 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
2006-12-28 16:41 -------- d-------- C:\Program Files\lavasoft
2006-12-28 16:41 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\lavasoft
2006-12-06 22:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 15:21 142 --a------ C:\Program Files\Common Files\rteqe.html
2006-11-07 23:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"PID41IER.exe "="C:\\WINDOWS\\system32\\PID41IER.exe "
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EntriqMediaTray"="\"C:\\Program Files\\Entriq\\MediaSphere\\EntriqMediaTray.exe\""
"nokomola"="C:\\WINDOWS\\$NtUninstallKB893756$\\nokomola.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\rteqe.html
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{720e29cd-d9f7-11da-877f-0015f2f10a83}]
Shell\AutoRun\command J:\setupSNK.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070202-080555-539
O2 - BHO: (no name) - {CDA3F57D-B88E-4928-92AD-0341AE776394} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080555-411
O2 - BHO: (no name) - {EC3ED3B1-AAA8-4027-B42C-4460BD7BB7AB} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080555-657
O2 - BHO: (no name) - {E8DF1257-E558-4302-A220-72FE761CDB9E} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-470
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
backup-20070202-080554-847
O2 - BHO: (no name) - {8238EDBC-17BF-44F7-8BF6-EE9E28176C78} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-271
O2 - BHO: (no name) - {9CD629F7-B73A-4719-862C-6C1002108B5A} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-367
O2 - BHO: (no name) - {89FAC2C8-02A6-4F5D-BB50-4B29E26068D9} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-181
O2 - BHO: (no name) - {8CC77AE9-6B94-45C6-89DD-1110FB663EBF} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-943
O2 - BHO: (no name) - {81B2CFBC-BDF6-4E03-9F54-AED5819A74A4} - C:\Program Files\Messenger\mevobuli.dll
backup-20070201-172844-879
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070201-172844-273
O2 - BHO: 0 - {B2025671-3F42-4C11-CF8E-9AAC63E7180E} - C:\Program Files\Common Files\quha.dll
backup-20070115-184619-453
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
backup-20070112-175953-964
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
backup-20070112-175953-723
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
backup-20070112-175831-173
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
backup-20070112-175831-751
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
backup-20070112-175831-697
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20070112-175831-682
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
backup-20070112-175831-436
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
backup-20070112-175831-946
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20070112-175649-484
O2 - BHO: 0 - {0463234D-D25E-4FA0-C186-5421DF169C54} - C:\Program Files\Common Files\quha.dll
backup-20070112-175629-938
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070112-175629-927
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070112-175629-718
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070112-175629-113
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070109-210827-611
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20070109-210827-937
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070109-210723-251
O4 - HKCU\..\Run: [PID41IER.exe ] C:\WINDOWS\system32\PID41IER.exe
backup-20070109-210723-333
O4 - HKLM\..\Run: [wasa] C:\WINDOWS\$NtUninstallKB898461$\wasa.exe
Completion time: 07-02-02 20:24:14
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Compaq_Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-01-02 to 2007-02-02 ))))))))))))))))))))))))))))))))))
2007-02-02 15:45 45,568 --a------ C:\Program Files\Common Files\quha691.dll
2007-02-02 08:02 45,568 --a------ C:\Program Files\Common Files\quha.dll
2007-02-01 17:29 <DIR> d-------- C:\!KillBox
2007-01-31 16:47 93,564 --a------ C:\WINDOWS\TTC.exe
2007-01-30 22:19 <DIR> d-------- C:\Avenger
2007-01-28 10:15 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\Viewpoint
2007-01-27 18:21 <DIR> d-------- C:\Program Files\Entriq
2007-01-15 19:02 <DIR> d-------- C:\Spyware
2007-01-12 08:01 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-12 07:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-09 17:00 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\System Restore
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-02 19:06 379 --a------ C:\Program Files\Common Files\quha691
2007-02-02 15:45 -------- d-------- C:\Program Files\messenger
2007-02-02 15:45 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobeum
2007-01-28 22:28 -------- d-------- C:\Program Files\bodog poker
2007-01-23 21:06 12308 --a------ C:\DOCUME~1\COMPAQ~1\Application Data\wklnhst.dat
2007-01-12 08:00 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\mozilla
2007-01-12 07:55 -------- d---s---- C:\DOCUME~1\COMPAQ~1\Application Data\microsoft
2007-01-04 06:50 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobe
2007-01-02 16:22 -------- d-------- C:\Program Files\java
2006-12-28 20:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-28 17:04 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
2006-12-28 16:41 -------- d-------- C:\Program Files\lavasoft
2006-12-28 16:41 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\lavasoft
2006-12-06 22:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 15:21 142 --a------ C:\Program Files\Common Files\rteqe.html
2006-11-07 23:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"PID41IER.exe "="C:\\WINDOWS\\system32\\PID41IER.exe "
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EntriqMediaTray"="\"C:\\Program Files\\Entriq\\MediaSphere\\EntriqMediaTray.exe\""
"nokomola"="C:\\WINDOWS\\$NtUninstallKB893756$\\nokomola.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\rteqe.html
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{720e29cd-d9f7-11da-877f-0015f2f10a83}]
Shell\AutoRun\command J:\setupSNK.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070202-080555-539
O2 - BHO: (no name) - {CDA3F57D-B88E-4928-92AD-0341AE776394} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080555-411
O2 - BHO: (no name) - {EC3ED3B1-AAA8-4027-B42C-4460BD7BB7AB} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080555-657
O2 - BHO: (no name) - {E8DF1257-E558-4302-A220-72FE761CDB9E} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-470
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
backup-20070202-080554-847
O2 - BHO: (no name) - {8238EDBC-17BF-44F7-8BF6-EE9E28176C78} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-271
O2 - BHO: (no name) - {9CD629F7-B73A-4719-862C-6C1002108B5A} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-367
O2 - BHO: (no name) - {89FAC2C8-02A6-4F5D-BB50-4B29E26068D9} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-181
O2 - BHO: (no name) - {8CC77AE9-6B94-45C6-89DD-1110FB663EBF} - C:\Program Files\Messenger\mevobuli.dll
backup-20070202-080554-943
O2 - BHO: (no name) - {81B2CFBC-BDF6-4E03-9F54-AED5819A74A4} - C:\Program Files\Messenger\mevobuli.dll
backup-20070201-172844-879
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070201-172844-273
O2 - BHO: 0 - {B2025671-3F42-4C11-CF8E-9AAC63E7180E} - C:\Program Files\Common Files\quha.dll
backup-20070115-184619-453
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
backup-20070112-175953-964
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
backup-20070112-175953-723
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
backup-20070112-175831-173
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
backup-20070112-175831-751
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
backup-20070112-175831-697
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20070112-175831-682
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
backup-20070112-175831-436
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
backup-20070112-175831-946
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20070112-175649-484
O2 - BHO: 0 - {0463234D-D25E-4FA0-C186-5421DF169C54} - C:\Program Files\Common Files\quha.dll
backup-20070112-175629-938
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070112-175629-927
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070112-175629-718
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070112-175629-113
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
backup-20070109-210827-611
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20070109-210827-937
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070109-210723-251
O4 - HKCU\..\Run: [PID41IER.exe ] C:\WINDOWS\system32\PID41IER.exe
backup-20070109-210723-333
O4 - HKLM\..\Run: [wasa] C:\WINDOWS\$NtUninstallKB898461$\wasa.exe
Completion time: 07-02-02 20:24:14
Delete the other copy of avenger.
Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!
Copy all the text contained in the code box below to your Clipboard.
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!
Copy all the text contained in the code box below to your Clipboard.
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
sellout007
New member
Still get the error message.
Copy only the bold text.
Comment:add a line at the end
Files to delete:
C:\Program Files\Common Files\quha691.dll
C:\Program Files\Common Files\quha.dll
Files to replace with dummy:
C:\Program Files\Common Files\quha691.dll
C:\Program Files\Common Files\quha.dll
Comment:add a line at the end
Files to delete:
C:\Program Files\Common Files\quha691.dll
C:\Program Files\Common Files\quha.dll
Files to replace with dummy:
C:\Program Files\Common Files\quha691.dll
C:\Program Files\Common Files\quha.dll
sellout007
New member
Ok, I have to admit here, Im a dummy. I didnt copy the entire damn box you told me to the first 3 times. I only coppied the C:/ parts. I never put in the entire thing. So sorry.
Everything seemed to work, when it rebooted I got an error message telling me that there was no disk in the drive.
I also have an adobe acrobat updater pop up everytime I start my computer. Not sure if this is something bad or just normal.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mbfvxbev
*******************
Script file located at: \??\C:\WINDOWS\system32\hgqctmfm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\quha691.dll deleted successfully.
File C:\Program Files\Common Files\quha.dll deleted successfully.
File C:\Program Files\Common Files\quha691.dll not found!
Replacement with dummy of file C:\Program Files\Common Files\quha691.dll failed!
Could not process line:
C:\Program Files\Common Files\quha691.dll
Status: 0xc0000034
File C:\Program Files\Common Files\quha.dll not found!
Replacement with dummy of file C:\Program Files\Common Files\quha.dll failed!
Could not process line:
C:\Program Files\Common Files\quha.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Everything seemed to work, when it rebooted I got an error message telling me that there was no disk in the drive.
I also have an adobe acrobat updater pop up everytime I start my computer. Not sure if this is something bad or just normal.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mbfvxbev
*******************
Script file located at: \??\C:\WINDOWS\system32\hgqctmfm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\quha691.dll deleted successfully.
File C:\Program Files\Common Files\quha.dll deleted successfully.
File C:\Program Files\Common Files\quha691.dll not found!
Replacement with dummy of file C:\Program Files\Common Files\quha691.dll failed!
Could not process line:
C:\Program Files\Common Files\quha691.dll
Status: 0xc0000034
File C:\Program Files\Common Files\quha.dll not found!
Replacement with dummy of file C:\Program Files\Common Files\quha.dll failed!
Could not process line:
C:\Program Files\Common Files\quha.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
sellout007
New member
Also another problem I have is that sometimes I will open and IE window, it will pop open, then dissapear.
It seems that the pop up windows have halted for the moment as well.
It seems that the pop up windows have halted for the moment as well.
Can I see a new hijackthis log. 
sellout007
New member
This is the what the ad looks like at the top of my pages. I even get them on my yahoo mail site.
sellout007
New member
Logfile of HijackThis v1.99.1
Scan saved at 9:47:08 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\$NtUninstallKB896358$\pulu.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Spyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f817.mail.yahoo.com/ym/login?.rand=diuo5i6qrtv1a
O2 - BHO: 0 - {07413911-CBB2-4EE8-5AA1-8CE892019BE2} - C:\Program Files\Common Files\quha.dll
O2 - BHO: (no name) - {2B0EB79E-01C1-49ED-B2A2-4E5558AEFD11} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2D80B616-88C4-4A0E-87BD-A89860FD3173} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2FE134D7-0C3D-4110-9F1D-395D1AA6FAFF} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61E40CC7-73A5-4ADC-8A23-A7E16C105C23} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {7105F763-B025-4267-B758-693D4D729F73} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {77FD8994-AD80-4CF6-97FF-36016AAF3E00} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {88579024-C127-48AE-963A-DDCFF090AC49} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {C1340760-5F8E-468A-88AD-63FF5670AA59} - C:\Program Files\Messenger\mevobuli.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [pulu] C:\WINDOWS\$NtUninstallKB896358$\pulu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [PID41IER.exe ] C:\WINDOWS\system32\PID41IER.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeBHInstall.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Scan saved at 9:47:08 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\$NtUninstallKB896358$\pulu.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Spyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f817.mail.yahoo.com/ym/login?.rand=diuo5i6qrtv1a
O2 - BHO: 0 - {07413911-CBB2-4EE8-5AA1-8CE892019BE2} - C:\Program Files\Common Files\quha.dll
O2 - BHO: (no name) - {2B0EB79E-01C1-49ED-B2A2-4E5558AEFD11} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2D80B616-88C4-4A0E-87BD-A89860FD3173} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2FE134D7-0C3D-4110-9F1D-395D1AA6FAFF} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61E40CC7-73A5-4ADC-8A23-A7E16C105C23} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {7105F763-B025-4267-B758-693D4D729F73} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {77FD8994-AD80-4CF6-97FF-36016AAF3E00} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {88579024-C127-48AE-963A-DDCFF090AC49} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {C1340760-5F8E-468A-88AD-63FF5670AA59} - C:\Program Files\Messenger\mevobuli.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [pulu] C:\WINDOWS\$NtUninstallKB896358$\pulu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [PID41IER.exe ] C:\WINDOWS\system32\PID41IER.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeBHInstall.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Copy all the text contained in the code box below to your Clipboard.
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log. After fixing theae with hijackthis.
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.
O2 - BHO: 0 - {07413911-CBB2-4EE8-5AA1-8CE892019BE2} - C:\Program Files\Common Files\quha.dll
O2 - BHO: (no name) - {2B0EB79E-01C1-49ED-B2A2-4E5558AEFD11} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2D80B616-88C4-4A0E-87BD-A89860FD3173} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2FE134D7-0C3D-4110-9F1D-395D1AA6FAFF} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {61E40CC7-73A5-4ADC-8A23-A7E16C105C23} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {7105F763-B025-4267-B758-693D4D729F73} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {77FD8994-AD80-4CF6-97FF-36016AAF3E00} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {88579024-C127-48AE-963A-DDCFF090AC49} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {C1340760-5F8E-468A-88AD-63FF5670AA59} - C:\Program Files\Messenger\mevobuli.dll
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [pulu] C:\WINDOWS\$NtUninstallKB896358$\pulu.exe
O4 - HKCU\..\Run: [PID41IER.exe ] C:\WINDOWS\system32\PID41IER.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
Reboot the PC before scanning with hijackthis.
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log. After fixing theae with hijackthis.
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.
O2 - BHO: 0 - {07413911-CBB2-4EE8-5AA1-8CE892019BE2} - C:\Program Files\Common Files\quha.dll
O2 - BHO: (no name) - {2B0EB79E-01C1-49ED-B2A2-4E5558AEFD11} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2D80B616-88C4-4A0E-87BD-A89860FD3173} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {2FE134D7-0C3D-4110-9F1D-395D1AA6FAFF} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {61E40CC7-73A5-4ADC-8A23-A7E16C105C23} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {7105F763-B025-4267-B758-693D4D729F73} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {77FD8994-AD80-4CF6-97FF-36016AAF3E00} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {88579024-C127-48AE-963A-DDCFF090AC49} - C:\Program Files\Messenger\mevobuli.dll
O2 - BHO: (no name) - {C1340760-5F8E-468A-88AD-63FF5670AA59} - C:\Program Files\Messenger\mevobuli.dll
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [pulu] C:\WINDOWS\$NtUninstallKB896358$\pulu.exe
O4 - HKCU\..\Run: [PID41IER.exe ] C:\WINDOWS\system32\PID41IER.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
Reboot the PC before scanning with hijackthis.
sellout007
New member
Logfile of HijackThis v1.99.1
Scan saved at 10:34:23 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Spyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f817.mail.yahoo.com/ym/login?.rand=diuo5i6qrtv1a
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udmmxbmn
*******************
Script file located at: \??\C:\WINDOWS\cletcyek.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\quha.dll deleted successfully.
File C:\Program Files\Messenger\mevobuli.dll deleted successfully.
File C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe deleted successfully.
File C:\WINDOWS\$NtUninstallKB896358$\pulu.exe deleted successfully.
Folder C:\Program Files\Entriq deleted successfully.
Folder C:\WINDOWS\$NtUninstallKB896358$ deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Scan saved at 10:34:23 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Spyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f817.mail.yahoo.com/ym/login?.rand=diuo5i6qrtv1a
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udmmxbmn
*******************
Script file located at: \??\C:\WINDOWS\cletcyek.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\quha.dll deleted successfully.
File C:\Program Files\Messenger\mevobuli.dll deleted successfully.
File C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe deleted successfully.
File C:\WINDOWS\$NtUninstallKB896358$\pulu.exe deleted successfully.
Folder C:\Program Files\Entriq deleted successfully.
Folder C:\WINDOWS\$NtUninstallKB896358$ deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
:bigthumb: Run this online scan and post the results here.
sellout007
New member
Here is the log for the Panda scan. I scaned my computer out of the options listed. Figured thats what you wanted.
Incident Status Location
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UERS_9999_N91S2507NetInstaller.exe
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[counter9.sextracker.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.2o7.net/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-4343e3d2.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-4343e3d2.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-4343e3d2.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-31fd2d1f.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-31fd2d1f.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-31fd2d1f.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[VerifierBug.class]
Virus:Trj/Classloader.AD Disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.hbmediapro[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-eu.falkag[1].txt
Incident Status Location
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UERS_9999_N91S2507NetInstaller.exe
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[counter9.sextracker.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\tlpuhytj.default\cookies.txt[.2o7.net/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-4343e3d2.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-4343e3d2.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-4343e3d2.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-31fd2d1f.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-31fd2d1f.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-31fd2d1f.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[VerifierBug.class]
Virus:Trj/Classloader.AD Disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-19a230d7.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5f2bd2c1-7e2ef53e.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.hbmediapro[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-eu.falkag[1].txt
sellout007
New member
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@azjmp[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@banners.searchingbooth[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bravenet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cgi-bin[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cs.sexcounter[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@dist.belnk[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@entrepreneur[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@findwhat[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hc2.humanclick[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@i.screensavers[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@server.iad.liveperson[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats.drivecleaner[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.myaffiliateprogram[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@xiti[1].txt
Virus:Trj/Clicker.XQ Disinfected C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\QJKJA5O3\acdt-pid41[1].exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@azjmp[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@banners.searchingbooth[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bravenet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cgi-bin[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cs.sexcounter[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@dist.belnk[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@entrepreneur[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@findwhat[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hc2.humanclick[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@i.screensavers[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@server.iad.liveperson[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats.drivecleaner[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.myaffiliateprogram[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@xiti[1].txt
Virus:Trj/Clicker.XQ Disinfected C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\QJKJA5O3\acdt-pid41[1].exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
sellout007
New member
"Note: I would not delete the prefetch unless you have cleaned out some spyware from your system.
You will notice a slow startup after cleaning out you prefetch files."
Am I deleting the prefetch as well? Or no?
You will notice a slow startup after cleaning out you prefetch files."
Am I deleting the prefetch as well? Or no?
yes
sellout007
New member
Computer name: YOUR-4DACD0EA75
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 9 malware found
Trojan-Clicker.Win32.VB.pm (virus)
C:\WINDOWS\$NTUNINSTALLKB899591$\COWO.EXE (Renamed & Submitted)
C:\WINDOWS\$NTUNINSTALLKB898461$\WASA.EXE (Renamed & Submitted)
Trojan.Win32.BHO.ab (virus)
C:\WINDOWS\LOHO.EXE (Renamed & Submitted)
C:\SPYWARE\BACKUPS\BACKUP-20070112-175649-484.DLL (Renamed & Submitted)
C:\SPYWARE\BACKUPS\BACKUP-20070201-172844-273.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA222.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA32.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA972.DLL (Renamed & Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 38496
System: 5349
Not scanned: 3
Actions:
Disinfected: 0
Renamed: 9
Deleted: 0
None: 0
Submitted: 9
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-02-01
F-Secure AVP: 7.0.171, 2007-02-03
F-Secure Orion: 1.2.37, 2007-02-02
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-00-31
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 9 malware found
Trojan-Clicker.Win32.VB.pm (virus)
C:\WINDOWS\$NTUNINSTALLKB899591$\COWO.EXE (Renamed & Submitted)
C:\WINDOWS\$NTUNINSTALLKB898461$\WASA.EXE (Renamed & Submitted)
Trojan.Win32.BHO.ab (virus)
C:\WINDOWS\LOHO.EXE (Renamed & Submitted)
C:\SPYWARE\BACKUPS\BACKUP-20070112-175649-484.DLL (Renamed & Submitted)
C:\SPYWARE\BACKUPS\BACKUP-20070201-172844-273.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA222.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA32.DLL (Renamed & Submitted)
C:\!KILLBOX\QUHA972.DLL (Renamed & Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 38496
System: 5349
Not scanned: 3
Actions:
Disinfected: 0
Renamed: 9
Deleted: 0
None: 0
Submitted: 9
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-02-01
F-Secure AVP: 7.0.171, 2007-02-03
F-Secure Orion: 1.2.37, 2007-02-02
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-00-31
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics