1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: XP Antivirus and others removal help

Discussion in 'Virus & Other Malware Removal' started by eyox1, Sep 19, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    I am trying to fix my friends computer, they had XP Antivirus 08 (amung other things) installed. Between Avast and Spybot I think I've gotten the majority. Could yo uplease look at this Hijack log and let me know what else to remove? They have some other programs that I'm just not sure about. If you need anything else to figure it out pls let me know!! Thanks so much!
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You didn't post the HJT log. ;)
     
  3. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    Well don't I feel silly....
    Thanks for telling me!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:27:40 PM, on 9/21/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauboot.exe" -vt yazb
    O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\kboxschn.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Owner\Application Data\SpeedRunner\SpeedRunner.exe
    O4 - HKCU\..\Run: [zfwm] C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221666596734
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O24 - Desktop Component 0: (no name) - http://www.collegehillshonda.com/artman/uploads/06semasi.jpg

    --
    End of file - 6613 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
    • Instead of Windows loading as normal, the Advanced Options Menu should appear
    • Select the first option, to run Windows in Safe Mode, then press Enter
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to the clipboard ready for posting back on the forum).
    • Paste the contents of the Report.txt back here with a new HijackThis log
     
  5. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    SDFix: Version 1.228
    Run by Owner on Mon 09/22/2008 at 11:58 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Name :
    MsSecurity1.209.4

    Path :
    C:\WINDOWS\444.470 service

    MsSecurity1.209.4 - Deleted



    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\s - Deleted
    C:\Documents and Settings\Owner\Application Data\SpeedRunner\config.cfg - Deleted
    C:\Program Files\BChanger\data.dat - Deleted
    C:\Program Files\BChanger\Uninstall.exe - Deleted
    C:\Program Files\VnrBlock\xtarga.gz - Deleted
    C:\WINDOWS\system32\000080.exe - Deleted
    C:\WINDOWS\astctl32.ocx - Deleted
    C:\WINDOWS\cpan.dll - Deleted
    C:\WINDOWS\ctfmon32.exe - Deleted
    C:\WINDOWS\ctrlpan.dll - Deleted
    C:\WINDOWS\directx32.exe - Deleted
    C:\WINDOWS\dnsrelay.dll - Deleted
    C:\WINDOWS\editpad.exe - Deleted
    C:\WINDOWS\explore.exe - Deleted
    C:\WINDOWS\explorer32.exe - Deleted
    C:\WINDOWS\funniest.exe - Deleted
    C:\WINDOWS\funny.exe - Deleted
    C:\WINDOWS\gfmnaaa.dll - Deleted
    C:\WINDOWS\helpcvs.exe - Deleted
    C:\WINDOWS\inetinf.exe - Deleted
    C:\WINDOWS\internet.exe - Deleted
    C:\WINDOWS\mainms.vpi - Deleted
    C:\WINDOWS\megavid.cdt - Deleted
    C:\WINDOWS\msconfd.dll - Deleted
    C:\WINDOWS\msspi.dll - Deleted
    C:\WINDOWS\mswsc10.dll - Deleted
    C:\WINDOWS\mswsc20.dll - Deleted
    C:\WINDOWS\muotr.so - Deleted
    C:\WINDOWS\qttasks.exe - Deleted
    C:\WINDOWS\quicken.exe - Deleted
    C:\WINDOWS\rundll16.exe - Deleted
    C:\WINDOWS\rundll32.vbe - Deleted
    C:\WINDOWS\searchword.dll - Deleted
    C:\WINDOWS\sistem.exe - Deleted
    C:\WINDOWS\svchost32.exe - Deleted
    C:\WINDOWS\svcinit.exe - Deleted
    C:\WINDOWS\system32\hljwugsf.bin - Deleted
    C:\WINDOWS\system32\pac.txt - Deleted
    C:\WINDOWS\time.exe - Deleted
    C:\WINDOWS\xplugin.dll - Deleted
    C:\WINDOWS\system32\PfModNT.sys - Deleted



    Folder C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc - Removed
    Folder C:\Documents and Settings\Owner\Application Data\SpeedRunner - Removed
    Folder C:\Program Files\BChanger - Removed
    Folder C:\Program Files\VnrBlock - Removed
    Folder C:\Temp\1cb - Removed
    Folder C:\Temp\tn3 - Removed
    Folder C:\WINDOWS\system32\1039a - Removed
    Folder C:\WINDOWS\system32\459849 - Removed
    Folder C:\WINDOWS\system32\mgi - Removed
    Folder C:\WINDOWS\system32\stk - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-22 12:24:59
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
    "C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
    "C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
    "C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Fri 27 Dec 2002 1,084,536 A..HR --- "C:\WINDOWS\Downloaded Program Files\WebDriverFullInstall.exe"
    Sat 2 Oct 2004 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti45.tmp"
    Fri 7 May 2004 156,784 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc10.0a\aoltray.exe"
    Fri 7 May 2004 54,384 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc11.0b\aolphx.exe"
    Fri 7 May 2004 156,784 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc11.0b\aoltray.exe"
    Fri 7 May 2004 31,344 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc11.0b\RBM.exe"
    Wed 7 May 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
    Wed 7 May 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"

    Finished!

    **********************************************************************
    ********************************************************************
    *********************************************************************


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:50:47 PM, on 9/22/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauboot.exe" -vt yazb
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [zfwm] C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221666596734
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O24 - Desktop Component 0: (no name) - http://www.collegehillshonda.com/artman/uploads/06semasi.jpg

    --
    End of file - 6274 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  7. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    Well I don't know what the above post is, unless you updated your post, the email, with your post, I got was to run MBAM, so that is what I had done, if you want me to run Combofix plz let me know. Here is my logs for Hi Jack & MBAM.
    *******************************
    *******************************

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:53:45 PM, on 9/22/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [zfwm] C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221666596734
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O24 - Desktop Component 0: (no name) - http://www.collegehillshonda.com/artman/uploads/06semasi.jpg

    --
    End of file - 5910 bytes
     
  8. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    Malwarebytes' Anti-Malware 1.28
    Database version: 1194
    Windows 5.1.2600 Service Pack 3

    9/22/2008 5:38:11 PM
    mbam-log-2008-09-22 (17-38-10).txt

    Scan type: Quick Scan
    Objects scanned: 51630
    Time elapsed: 8 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 49
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 29
    Files Infected: 124

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\asapcom.asapclass (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapclass.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapenvelope (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapmain (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapmessage (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asaprecipients (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{03c4c5f4-1893-444c-b8d8-002f0034da92} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{11e2bc0c-5d4f-4e0c-b438-501ffe05a382} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{37587889-fc28-4507-b6d3-8557305f7511} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4a5e947e-c407-4dcc-a0b5-5658e457153b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4fd5c4d3-6c15-4ea0-9eb9-eee8fc74a91b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{620d55b0-f2fb-464e-a278-b4308db1db2b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7a41359e-0407-470f-b3f7-7c6a0f7c449a} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7c4a630a-de98-4e3e-8093-e8f5e159bb72} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7ed1e9b1-cb57-4fa0-84e8-fae653fe8e6b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a6931b16-90fa-4d69-a49f-3abfa2c04060} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5aa36a1-8bd1-47e0-90f8-47e7239c6ea1} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fa2cbafb-f7b1-4f41-9b7a-73329a6c1cb7} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpsecuritycenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ltho (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 10.2.215.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\components (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\ASAPCom.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\1_Trash.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\2_Balloon.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\3_Shot Gun.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Cml.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\CoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostOE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\link.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Redemption.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBClientSinkPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBOLExt.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBSrvPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBTrayAppPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUIRes.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUISkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SpamBlockerUtilityUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Wallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\plugins\npclntax_SBUSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\cursors.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\editblbuttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hb_ie_menu.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_games_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_video.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
     
  9. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sbu_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sdfmodifier.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\weathericon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Yes, please run ComboFix.
     
  11. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    Ok ran the combofix, now computer is all messed up!!
    Windows loads to a blank desktop, wallpaper is there but nothing else. No Desktop no start menu. I can get into the task manager, so I can get to a run prompt. I don't know how to recover from the XP Recovery Console, it is a boot up option for me, so I can load it, but I don't know what to do once Im in there. Safe Mode loads to black screen.
    ComboFix seemed to run ok, I did get a Logfile, but I cant be sure it went thru all the right steps because I didn't watch it run. After the log file popped up some of my icons started turning to that pic you get when it can't find the destination. And I couldn't run any programs, so I restarted the computer, and nothing has been the same since.
    Windows system restore loads to a blank page. I tried microsoft's fix for that and it didn't work. Im assuming it deleted stuff it shouldnt have. But I don't know where the log file is saved at to read thru it. If I could find it I might be able to get it copied to the shared drive and copy it to my working computer and post it for you.
    So...what do I do now....
     
  12. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    And somebody suggested I run explorer.exe, it doesn't work.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    What do you mean you deleted stuff you shouldn't have?

    The log will be at C:\ComboFix.txt

    We can use Recovery Console to try and restore the files if nothing has changed since your last posts.
     
  14. eyox1

    eyox1 Thread Starter

    Joined:
    Aug 28, 2004
    Messages:
    56
    I said I think ComboFix must have deleted something it shouldn't have. I didn;t do anything other than what was instructed.

    No nothing has changed. How do I go about restoring from the recovery console?

    I managed to get the log copied to the shared folder so here it is:

    ComboFix 08-09-20.05 - Owner 2008-09-23 9:25:40.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.68 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
    C:\Documents and Settings\Owner\Application Data\WNSXS~1
    C:\Documents and Settings\Owner\Application Data\WNSXS~1\W?nSxS\
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\CPV.stt
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\gemy.bin
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ydysyqufe._dl
    C:\Program Files\Altnet
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
    C:\Program Files\comet systems
    C:\Program Files\comet systems\DM\activeJobs.xml
    C:\Program Files\comet systems\DM\completedJobs.xml
    C:\Program Files\comet systems\DM\jobIndex.xml
    C:\Program Files\comet systems\DM\productInfo.xml
    C:\Program Files\comet systems\DM\request.xml
    C:\Program Files\comet systems\Platform\Bin\comet.exe
    C:\Program Files\comet systems\Platform\Bin\csband.dll
    C:\Program Files\comet systems\Platform\Bin\csctx.dll
    C:\Program Files\comet systems\Platform\Bin\cseng.dll
    C:\Program Files\comet systems\Platform\Bin\cshz.dll
    C:\Program Files\comet systems\Platform\Bin\csutil.dll
    C:\Program Files\comet systems\Platform\Bin\fileutil.dll
    C:\Program Files\comet systems\Platform\Bin\packageinstaller.exe
    C:\Program Files\comet systems\Platform\Bin\skinui.dll
    C:\Program Files\comet systems\Platform\Bin\unins.exe
    C:\Program Files\comet systems\Platform\Data\csres.dat
    C:\Program Files\comet systems\Platform\Services\activity.xml
    C:\Program Files\comet systems\Platform\Services\AddRemove\aricon_1a.ico
    C:\Program Files\comet systems\Platform\Services\AddRemove\aricon_1b.ico
    C:\Program Files\comet systems\Platform\Services\AddRemove\arskin_1a.gif
    C:\Program Files\comet systems\Platform\Services\AddRemove\arskin_1b.gif
    C:\Program Files\comet systems\Platform\Services\AddRemove\arskin_mask.gif
    C:\Program Files\comet systems\Platform\Services\cnfmgr.js
    C:\Program Files\comet systems\Platform\Services\context.js
    C:\Program Files\comet systems\Platform\Services\helpbutton.bmp
    C:\Program Files\comet systems\Platform\Services\LogQueue\p0000003E_o01391E80_logging_1113185885750_1.xml
    C:\Program Files\comet systems\Platform\Services\LogQueue\p00000064_o013FDD10_logging_1113595115968_1.xml
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left_small.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left_small_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right_small.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right_small_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left_small.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left_small_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right_small.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right_small_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left_small.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left_small_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right_small.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right_small_mask.gif
    C:\Program Files\comet systems\Platform\Services\Messaging\Listeners\travel_0001.js
    C:\Program Files\comet systems\Platform\Services\tbmgr.js
    C:\Program Files\comet systems\Platform\Services\unins.ico
    C:\Program Files\comet systems\Platform\Uninstall\cleaner.xml
    C:\Program Files\comet systems\Platform\Uninstall\un_screensaver.xml
    C:\Program Files\comet systems\Platform\Uninstall\un_sswpmgr.xml
    C:\Program Files\comet systems\Products\Search\autosrch.js
    C:\Program Files\comet systems\Products\Search\related.js
    C:\Program Files\comet systems\Products\Search\related.xml
    C:\Program Files\comet systems\Products\SSWP\launcher_searchbtn.gif
    C:\Program Files\comet systems\Products\SSWP\launcher_searchbtn_over.gif
    C:\Program Files\comet systems\Products\SSWP\onlinecheck.js
    C:\Program Files\comet systems\Products\SSWP\scr_offline.js
    C:\Program Files\comet systems\Products\SSWP\sswp.ico
    C:\Program Files\comet systems\Products\SSWP\sswp_launch.js
    C:\Program Files\comet systems\Products\SSWP\sswp_mask.gif
    C:\Program Files\comet systems\Products\SSWP\sswp_offline.gif
    C:\Program Files\comet systems\Products\SSWP\sswp_offline.html
    C:\Program Files\comet systems\Products\SSWP\sswp_shortcut.exe
    C:\Program Files\comet systems\Products\SSWP\sswp_skin.gif
    C:\Program Files\comet systems\Products\SSWP\sswp_skinover.gif
    C:\Program Files\comet systems\Products\SSWP\sswp_systray.js
    C:\Program Files\comet systems\Products\SSWP\sswpmgr.js
    C:\Program Files\comet systems\Products\SSWP\sswpmgr.xml
    C:\Program Files\comet systems\Products\SSWP\sswpmgr_ar.js
    C:\Program Files\comet systems\Products\Toolbar\adzap_tb.js
    C:\Program Files\comet systems\Products\Toolbar\adzapper.ani
    C:\Program Files\comet systems\Products\Toolbar\beep.wav
    C:\Program Files\comet systems\Products\Toolbar\bullet_blue.gif
    C:\Program Files\comet systems\Products\Toolbar\bullet_green.gif
    C:\Program Files\comet systems\Products\Toolbar\clsdown.gif
    C:\Program Files\comet systems\Products\Toolbar\clsmask.gif
    C:\Program Files\comet systems\Products\Toolbar\clsover.gif
    C:\Program Files\comet systems\Products\Toolbar\clsskin.gif
    C:\Program Files\comet systems\Products\Toolbar\def_arr.gif
    C:\Program Files\comet systems\Products\Toolbar\doh.wav
    C:\Program Files\comet systems\Products\Toolbar\funbutton.bmp
    C:\Program Files\comet systems\Products\Toolbar\hzbutton.bmp
    C:\Program Files\comet systems\Products\Toolbar\hzbutton_disable.bmp
    C:\Program Files\comet systems\Products\Toolbar\hzbutton_on.bmp
    C:\Program Files\comet systems\Products\Toolbar\label_instruction.gif
    C:\Program Files\comet systems\Products\Toolbar\logo_starter.gif
    C:\Program Files\comet systems\Products\Toolbar\logotitle.gif
    C:\Program Files\comet systems\Products\Toolbar\meep.wav
    C:\Program Files\comet systems\Products\Toolbar\meow.wav
    C:\Program Files\comet systems\Products\Toolbar\minmiz_norm.gif
    C:\Program Files\comet systems\Products\Toolbar\minmiz_over.gif
    C:\Program Files\comet systems\Products\Toolbar\panic_norm.gif
    C:\Program Files\comet systems\Products\Toolbar\panic_over.gif
    C:\Program Files\comet systems\Products\Toolbar\pcursor.gif
    C:\Program Files\comet systems\Products\Toolbar\pix.gif
    C:\Program Files\comet systems\Products\Toolbar\pubutton.bmp
    C:\Program Files\comet systems\Products\Toolbar\pubutton_alert.bmp
    C:\Program Files\comet systems\Products\Toolbar\pubutton_off.bmp
    C:\Program Files\comet systems\Products\Toolbar\pwr_offdown.gif
    C:\Program Files\comet systems\Products\Toolbar\pwr_offover.gif
    C:\Program Files\comet systems\Products\Toolbar\pwr_ondown.gif
    C:\Program Files\comet systems\Products\Toolbar\pwr_onover.gif
    C:\Program Files\comet systems\Products\Toolbar\refbutton.bmp
    C:\Program Files\comet systems\Products\Toolbar\scmask.gif
    C:\Program Files\comet systems\Products\Toolbar\screensaver.bmp
    C:\Program Files\comet systems\Products\Toolbar\screensaver.js
    C:\Program Files\comet systems\Products\Toolbar\scskin.gif
    C:\Program Files\comet systems\Products\Toolbar\scskin_over.gif
    C:\Program Files\comet systems\Products\Toolbar\smileytown.bmp
    C:\Program Files\comet systems\Products\Toolbar\smileytown.xml
    C:\Program Files\comet systems\Products\Toolbar\supercursors.bmp
    C:\Program Files\comet systems\Products\Toolbar\supercursors.ico
    C:\Program Files\comet systems\Products\Toolbar\sys_except.xml
    C:\Program Files\comet systems\Products\Toolbar\textbox.gif
    C:\Program Files\comet systems\Products\Toolbar\travelbutton.bmp
    C:\Program Files\comet systems\Products\Toolbar\webbutton.bmp
    C:\Program Files\comet systems\Products\Toolbar\yes.wav
    C:\Program Files\comet systems\Products\Toolbar\zap.wav
    C:\Program Files\comet systems\Products\Travel\cars.xsl
    C:\Program Files\comet systems\Products\Travel\flights.xsl
    C:\Program Files\comet systems\Products\Travel\hotels.xsl
    C:\Program Files\comet systems\Products\Travel\travel.js
    C:\Program Files\comet systems\Products\Travel\travel_context.xml
    C:\Program Files\comet systems\Wallpaper\swpstart.exe
    C:\Program Files\icroso~1
    C:\WINDOWS\system32\3941\4522.dll
    C:\WINDOWS\system32\actskn43.ocx
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\smante~1

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
    .

    2008-09-23 09:30 . 2008-09-23 09:30 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx
    2008-09-22 17:10 . 2008-09-22 17:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-22 17:10 . 2008-09-22 17:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-09-22 17:10 . 2008-09-22 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-22 17:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-22 17:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-22 16:10 . 2008-09-22 16:11 <DIR> d-------- C:\Program Files\QuickTime
    2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Common Files\Apple
    2008-09-22 16:09 . 2008-09-22 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-22 16:08 . 2008-09-22 16:08 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-09-22 16:08 . 2008-09-22 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-22 12:05 . 2008-09-22 12:05 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-09-22 11:57 . 2008-09-22 11:57 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-09-22 11:55 . 2008-09-22 11:55 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-09-22 11:51 . 2008-09-22 12:29 <DIR> d-------- C:\SDFix
    2008-09-19 09:06 . 2008-09-19 09:06 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-17 09:01 . 2008-09-17 09:01 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-09-17 09:01 . 2008-09-17 09:01 <DIR> d-------- C:\WINDOWS\system32\en
    2008-09-17 09:01 . 2008-09-17 09:01 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-09-16 22:47 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-09-16 22:44 . 2008-04-13 19:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
    2008-09-16 22:43 . 2008-04-13 19:12 786,432 -----c--- C:\WINDOWS\system32\dllcache\migrate.exe
    2008-09-16 22:42 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-09-16 22:42 . 2008-04-13 19:11 286,720 -----c--- C:\WINDOWS\system32\dllcache\blackbox.dll
    2008-09-16 22:42 . 2008-04-13 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
    2008-09-16 22:42 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
    2008-09-16 22:42 . 2008-04-13 12:23 8,192 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll
    2008-09-16 22:42 . 2008-04-13 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
    2008-09-16 22:42 . 2002-09-03 08:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
    2008-09-16 22:14 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-09-16 17:24 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-09-16 17:24 . 2003-03-18 15:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-09-16 17:24 . 2003-02-20 22:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2008-09-16 17:23 . 2008-09-16 17:23 <DIR> d-------- C:\Program Files\Alwil Software
    2008-09-16 16:54 . 2008-09-16 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
    2008-09-16 16:53 . 2008-09-16 16:53 <DIR> d-------- C:\Program Files\AVG
    2008-09-16 16:53 . 2008-09-19 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-19 14:12 --------- d-----w C:\Program Files\PhoneTools
    2008-09-19 14:12 --------- d-----w C:\Program Files\HP
    2008-09-19 14:12 --------- d-----w C:\Program Files\FruityLoops 3.56
    2008-09-19 14:12 --------- d-----w C:\Program Files\FinePixViewer
    2008-09-19 14:12 --------- d-----w C:\Program Files\Creative
    2008-09-19 14:12 --------- d-----w C:\Program Files\Common Files\aolshare
    2008-09-19 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
    2008-09-17 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-17 16:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-17 16:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-16 21:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
    2008-07-02 08:13 128 ----a-w C:\3g324623.bat
    2008-06-15 21:21 17,911 -c--a-w C:\Documents and Settings\All Users\Application Data\gykecevij.sys
    2008-06-15 21:21 16,628 -c--a-w C:\Documents and Settings\Owner\Application Data\qopyhah.dll
    2008-06-15 21:21 16,523 -c--a-w C:\Program Files\Common Files\ahyrusir.ban
    2008-06-15 21:21 16,523 -c--a-w C:\Documents and Settings\All Users\Application Data\byrikody.vbs
    2008-06-15 21:21 11,898 -c--a-w C:\Program Files\Common Files\ovigakasof.bat
    2004-09-19 17:05 41,416 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 49152]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 4841472]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
    "Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
    "GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2003-05-07 53248]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
    "CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
    "nwiz"="nwiz.exe" [2003-07-28 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= vdrcodec.dll
    "msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
    backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmakieb]
    C:\WINDOWS\system32\S?mantec\j?vaw.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
    --a------ 2004-05-07 16:54 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    --a------ 2004-01-16 18:23 26112 C:\Program Files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    --a------ 2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
    --a------ 2003-05-07 06:00 90112 C:\WINDOWS\GWMDMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
    --------- 2001-01-03 15:50 66048 C:\WINDOWS\system32\SK9910DM.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\WinMX\\WinMX.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 RioPNP;RioPNP;C:\WINDOWS\system32\drivers\RioPNP.sys [2000-06-06 6736]
    S3 DVDACCSS;DVDACCSS;C:\PROGRA~1\DVDACC~1\DVDAX.SYS [2000-07-26 179264]
    S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys [2001-11-09 17648]
    S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys [2001-11-09 69744]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-zfwm - C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
    SSODL-CDBurn- - (no file)
    MSConfigStartUp-Antivirus - C:\Program Files\Antivirus2008\Antvrs.exe
    MSConfigStartUp-GetModule23 - C:\Program Files\GetModule\GetModule23.exe
    MSConfigStartUp-GetPack21 - C:\Program Files\GetPack\GetPack21.exe
    MSConfigStartUp-lphc1g7j0ec4n - C:\WINDOWS\system32\lphc1g7j0ec4n.exe
    MSConfigStartUp-Microsoft Windows Installer - C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\13330.exe
    MSConfigStartUp-mjc - C:\Program Files\mjc\mjc.exe
    MSConfigStartUp-Sakora - C:\Program Files\Sakora\Sakora.exe
    MSConfigStartUp-SBUSA - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe
    MSConfigStartUp-SMrhc5g7j0ec4n - C:\Program Files\rhc5g7j0ec4n\rhc5g7j0ec4n.exe
    MSConfigStartUp-Spam Blocker for Outlook Express - C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
    MSConfigStartUp-SpamBlockerUtilityOE - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
    MSConfigStartUp-SpeedRunner - C:\Documents and Settings\Owner\Application Data\SpeedRunner\SpeedRunner.exe
    MSConfigStartUp-WeatherDPA - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe
    MSConfigStartUp-webHancer Agent - C:\Program Files\webHancer\Programs\whagent.exe
    MSConfigStartUp-zfwm - C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
    MSConfigStartUp-{4c19b279-d1bc-e7ab-5af0-792276eae63f} - C:\WINDOWS\system32\pnrsveepycvnobaeq.dll


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

    O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\TechTools.INF
    C:\WINDOWS\System32\scrrun.dll
    C:\WINDOWS\system32\msvcrt.dll
    C:\WINDOWS\system32\msstkprp.dll
    C:\WINDOWS\system32\msvbvm60.dll
    C:\WINDOWS\system32\oleaut32.dll
    C:\WINDOWS\system32\olepro32.dll
    C:\WINDOWS\system32\asycfilt.dll
    C:\WINDOWS\system32\stdole2.tlb
    C:\WINDOWS\system32\COMCAT.DLL
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\TechTools.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-23 09:35:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\NMSSvc.Exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\snmp.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-23 9:40:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-23 14:40:38

    Pre-Run: 66,032,472,064 bytes free
    Post-Run: 66,368,577,536 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    363 --- E O F --- 2008-09-23 08:06:40
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Before we do anything can you explain how you went about this? What kind of access do you have to the machine? Can we remove more malware, because there is still plenty there?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Antivirus others
  1. Pinkesh
    Replies:
    1
    Views:
    322
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/751354

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice