Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

quarantined malware files...which ones to delete?

1K views 2 replies 2 participants last post by  MFDnNC 
#1 ·
Hi, i have followed all the steps you have suggested...with running superantispyware which has returned a log with bunch of qurantined files. I have updated new hj log. What do I do next....which quarantined files can i permanently delete?
 
#2 ·
here is the superantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/04/2007 at 08:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3318
Trace Rules Database Version: 1319

Scan type : Complete Scan
Total Scan Time : 01:35:08

Memory items scanned : 503
Memory threats detected : 0
Registry items scanned : 7372
Registry threats detected : 77
File items scanned : 103559
File threats detected : 127

Adware.BusMaster/SafeSurfing
HKLM\Software\Classes\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32#ThreadingModel
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\ProgID
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\Programmable
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\TypeLib
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\TCBLUCUW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CommA
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CommA#Path

Adware.Mirar/NetNucleus
HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System 32\WinATS.dll [  ]
C:\WINDOWS\Downloaded Program Files\WinATS.inf

Adware.AdRotate/System
HKLM\Software\Classes\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}\InprocServer32
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}\InprocServer32#ThreadingModel
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}\ProgID
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}\Programmable
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}\TypeLib
HKCR\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\ADSPIPE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.screensavers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tripod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adecn[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@date.ventivmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anad.tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.drivecleaner[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@servedby.adorigin[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www1.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@countercentral[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats1.reliablestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@reduxads.valuead[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pacificpoker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktorrent[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.networldmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webstat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toseeka[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.popundersupply[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@roi.clicklab[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adcentriconline[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tremor.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@int.sitestat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.surfcounters[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.websponsors[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@smileycentral[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyopczmap.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.httpool[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ticketcity[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@67.15.239[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bridgetrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rdsa.tripod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.aquamediadirect[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.mtvnservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.plugin[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.addynamix[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.evtv1[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@heavycom.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@roiservice[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@screensavers[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.its.adjuggler[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@67.15.239[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@i.screensavers[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partypoker[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.jackpotmadness[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.joinaxxess[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatraffic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbank[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.engineseeker[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fl01.ct2.comclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.members.tripod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@try.screensavers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.techguy[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@goclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ticketcity[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2.go.globaladsales[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.as4x.tmcs.ticketmast er[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@vitamine.networldmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.easyad[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@valueclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.w3counter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@popunderadvertise[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@int.sitestat[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@enhance[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.treehugger[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.drivecleaner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.euroclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@banner.goldenpalace[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.entrepreneur[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@servedby.adxpower[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@precisionclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@3.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wflouiajwdo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ppctracking[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adorigin[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@winantivirus[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sfed.66609.clickshield[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@entrepreneur[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@popularscreensavers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads1.partnerlogic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sharpadverts[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xcounters[1].txt

Adware.IEPlugin
HKCR\Remove

Adware.AdStart
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#adstart [ C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify ]

Trojan.SearchTool
C:\WINDOWS\SYSTEM32\SEARCHTOOL\NSP4.DLL

Logfile of HijackThis v1.99.1
Scan saved at 8:28:23 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?fae95cf13a404ffca918419e8dc10a9c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?fae95cf13a404ffca918419e8dc10a9c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pezboyzclub.spaces.live.com//...d/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 
#3 ·
Run Hijack - mark this entry - close IE - Click fix checked

O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing)

Permanently remove all Quarantine files

Clean

If you feel its is fixed mark it solved via Thread Tools above

Clear restore points – here’s how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

You will turn them off – boot – turn them on

This clears infected restore points and sets a new, clean one.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top