Lots of problems and viruses attacking in less than an hour

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
O.K. So heres how it started, I was looking for some "Video and Photo Material" when I ran across a site that redirected me to a "Antivirus Download Site", but when I e words Contra Virus as the page was brought up I immediatley closed it and searched for information on the virus and how to get rid of it, and that's when my computer became and open target. I downloaded SpywareBot and just a minute ago security task manager, but before that I started getting more of what I believe are fake alerts. So now after a good 30 minutes to and hour I've gotten over 30 alerts which I've refused, 1 which I am keeping on hold, my desktops background has turned into a red background with a red biohazard symbol and the words "Your Privacy is in danger, please download privacy protection software". I'd love to give more detail but the infections are slowing my computer to a stop and due to that I've spent 20 minutes typing this. the only more information I can give is that SpywareBot says I have about 11465 infections on my computer, which goes to show Norton is slacking off. anyway I need URGENT HELP or just advice on what I should do.
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
Alright so heres what have found I have on my computer.

"Privacy in Danger, Download privacy security program" Background that leads to a website that tries to install udefender which is what I believe a virus.

"Windows Security Alert" pop-up which redirects me into a website on internet explorer which leads me to automatically assume it's a virus because my default browser is firefox.

"Spyware alert" pop-up which does the exact same as the pop-up above

Through Security Task Manager I have quarantined Mgrs.exe , BhoNew Module (Don't know what it is exactly), and Google web accelerator (quarantined just because it was still on my computer after removing it)

I'm Still waiting for my SuperAntiSpyware Pro scan to finish, about to run a Hijack This scan

Edit: don't know if this effects anything but my time went from 3:58 P.M. to 15:58 without me changing it.
 
Joined
Sep 7, 2004
Messages
49,014
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
Thank you here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05, on 2007-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135329934\ee\AOLSoftware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135329934\ee\AOLSoftware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135329934\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [QuickCamPro.exe] (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-3787300670-4182442122-2149885210-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'HP_Administrator')
O4 - S-1-5-21-3787300670-4182442122-2149885210-1008 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'HP_Administrator')
O4 - S-1-5-21-3787300670-4182442122-2149885210-1008 User Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'HP_Administrator')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor2/sis/mjolauncher.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/databases/actimage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: msqnx - {3697FB8D-8EE0-484E-A828-ABA5C14CDDB7} - C:\WINDOWS\msqnx.dll
O21 - SSODL: msddx - {868F0864-79F3-4F6B-B4D2-D44B170868FE} - C:\WINDOWS\msddx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 21773 bytes
 
Joined
Sep 7, 2004
Messages
49,014
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

This will take some time!!!!!!!!
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
I have good news along with probably fatal bad news. it seems the viruses and threats have been eliminated but now my computer will not start normally or access the internet. I am typing to you through my vide game consoles web browser. Is there anything that could've caused this like deleting the non-threatening files that were detected through super anti spyware? If theres no chance in recovery I'll just learn from my mistakes
 
Joined
Sep 7, 2004
Messages
49,014
I had you run a standard malware program, it is well known and I doubt it did anything

Boot and try to go to last know good config by tapping F8 at the first black screen
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
alright it works normally but still can't connect to the internet. now the background is gone but it's icons are still there and one of the pop-ups is still there
 
Joined
Sep 7, 2004
Messages
49,014
I can't help you if you do not follow the directions and post the logs from the programs and a new hijack log - please read the directions!
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
I'm sorry about all of that just happened but my computer just wasn't responding but now my internet on my PC is back so I can now give you the logs. Worse news is nothing has changed and all viruses seem to be back. there are 2 SAS logs and the hijack this log you asked for:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2007 at 04:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Quick Scan
Total Scan Time : 00:42:14

Memory items scanned : 267
Memory threats detected : 0
Registry items scanned : 998
Registry threats detected : 58
File items scanned : 16888
File threats detected : 152

Unclassified.SpywareBot (Not A Threat)
HKU\S-1-5-21-3787300670-4182442122-2149885210-1014\Software\SpywareBot
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Setup Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: App Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Icon Group
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: User
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Selected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Deselected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#QuietUninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallDate
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\Program Files\SpywareBot\SpywareBot.exe -boot ]
C:\Program Files\SpywareBot\Launcher.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\SpywareBot\SpywareBot.url
C:\Program Files\SpywareBot\unins000.dat
C:\Program Files\SpywareBot\unins000.exe
C:\Program Files\SpywareBot
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\Uninstall SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot
C:\Documents and Settings\The Armageddon\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareBot.lnk
C:\DOCUMENTS AND SETTINGS\THE ARMAGEDDON\DESKTOP\SETUP.EXE

Trojan.VideoCach/Gen
HKCR\NewMediaCodec.VideoSupport
HKCR\NewMediaCodec.VideoSupport\CLSID
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Control
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32#ThreadingModel
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus\1
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ProgID
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ToolboxBitmap32
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\TypeLib
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Version
HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}
HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}\InprocServer32
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0\win32
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\FLAGS
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\HELPDIR
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid32
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib#Version
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid32
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#uninstallString
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\NewMediaCodec.ocx
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\NewMediaCodec

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\The Armageddon\Desktop\Error Cleaner.url
C:\Documents and Settings\The Armageddon\Desktop\Privacy Protector.url
C:\Documents and Settings\The Armageddon\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\The Armageddon\Favorites\Error Cleaner.url
C:\Documents and Settings\The Armageddon\Favorites\Privacy Protector.url
C:\Documents and Settings\The Armageddon\Favorites\Spyware&Malware Protection.url

Trojan.Downloader-Gen/A
C:\ARENA\A.EXE

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt

Trojan.Media-Codec/NewMedia
C:\DOCUMENTS AND SETTINGS\THE ARMAGEDDON\DESKTOP\NEWMEDIACODECINSTALLER.EXE

Trojan.Downloader-Gen/AVP
C:\WINDOWS\AVP.EXE

Desktop Hijacker.AboutYourPrivacy-Installer
C:\WINDOWS\MAIN_UNINSTALLER.EXE

Trojan.Downloader-MGRS
C:\WINDOWS\MGRS.EXE
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
LOG 2:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2007 at 08:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 03:56:11

Memory items scanned : 346
Memory threats detected : 0
Registry items scanned : 12813
Registry threats detected : 24
File items scanned : 39162
File threats detected : 156

Unclassified.SpywareBot (Not A Threat)
[SpywareBot] C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
[SpywareBot] C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
HKU\S-1-5-21-3787300670-4182442122-2149885210-1014\Software\SpywareBot
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Setup Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: App Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Icon Group
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: User
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Selected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Deselected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#QuietUninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallDate
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\Program Files\SpywareBot\SpywareBot.exe -boot ]
C:\Program Files\SpywareBot\Launcher.exe
C:\Program Files\SpywareBot\SpywareBot.url
C:\Program Files\SpywareBot\unins000.dat
C:\Program Files\SpywareBot\unins000.exe
C:\Program Files\SpywareBot
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\Uninstall SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot
C:\Documents and Settings\The Armageddon\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareBot.lnk
C:\DOCUMENTS AND SETTINGS\THE ARMAGEDDON\DESKTOP\SETUP.EXE

Trojan.Downloader-Gen/AVP
[avp] C:\WINDOWS\AVP.EXE
C:\WINDOWS\AVP.EXE

Adware.Tracking Cookie
C:\Documents and Settings\The Armageddon\Cookies\[email protected][1].txt
C:\Documents and Settings\The Armageddon\Cookies\[email protected][2].txt
C:\Documents and Settings\The Armageddon\Cookies\[email protected][1].txt
C:\Documents and Settings\The Armageddon\Cookies\[email protected][3].txt
C:\Documents and Settings\The Armageddon\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrat[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\The Armageddon\Cookies\[email protected][2].txt

Trojan.VideoCach/Gen
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\NewMediaCodec.ocx
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\NewMediaCodec

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\The Armageddon\Desktop\Error Cleaner.url
C:\Documents and Settings\The Armageddon\Desktop\Privacy Protector.url
C:\Documents and Settings\The Armageddon\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\The Armageddon\Favorites\Error Cleaner.url
C:\Documents and Settings\The Armageddon\Favorites\Privacy Protector.url
C:\Documents and Settings\The Armageddon\Favorites\Spyware&Malware Protection.url

Trojan.Downloader-Gen/A
C:\ARENA\A.EXE

Trojan.Media-Codec/NewMedia
C:\DOCUMENTS AND SETTINGS\THE ARMAGEDDON\DESKTOP\NEWMEDIACODECINSTALLER.EXE
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43, on 2007-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135329934\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\THEARM~1\LOCALS~1\Temp\SSUPDATE.EXE
C:\DOCUME~1\THEARM~1\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135329934\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor2/sis/mjolauncher.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/databases/actimage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: msqnx - {3697FB8D-8EE0-484E-A828-ABA5C14CDDB7} - C:\WINDOWS\msqnx.dll
O21 - SSODL: msddx - {868F0864-79F3-4F6B-B4D2-D44B170868FE} - C:\WINDOWS\msddx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 17058 bytes
 
Joined
Sep 7, 2004
Messages
49,014
DownLoad http://www.cexx.org/lspfix.htm

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
=================

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
 

TheArmegeddon

Thread Starter
Joined
Jul 9, 2007
Messages
132
while I wait for the scan to complete can I ask you a question? if so then heres the question. If I do a system restore/ system recover, would that work, as in could I do that as a last case scenario?
 
Joined
Sep 7, 2004
Messages
49,014
Yes but that is treating the symptom and not the cure - the files will still be there
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top