1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

winantivirus 2007

Discussion in 'Virus & Other Malware Removal' started by Lee55, Sep 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    Don't know if I can post, it has taken over!
    Windows XP sp2, and running Avg7, windows defender, & adaware.
    Have completed running:
    SmitRem
    SmitFraudFix
    RogueRemover
    CCleaner
    I have used the forums and tried to fix this myself to no avail.

    I enclose my Hijackthis Log and would be really grateful for the help!
    Thank You
     

    Attached Files:

  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please post the logs not attach


    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :


    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    =====================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others as they were.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me regardless of what it finds with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    ComboFix appears to have been very effective. Logs posted seperately due to length restrictions.

    ComboFix 07-09-14.2 - "LeePaul" 2007-09-15 18:57:29.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.103 [GMT -4:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\d.exe
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\566217.sdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\domains.txt
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\hstat\32a3.dat
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\ustat\32a3.dat
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\ads.cdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\business_promo.htm
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\buttondir.txt
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\components.cdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\country.exe
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar10.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar11.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar12.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar13.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar14.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar2.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar3.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar4.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar5.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar6.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar7.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar8.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar9.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_x.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\default.cdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_ringtone.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\icons2.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\keywords.idx
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\keywords1.dat
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\layout.cdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\progress.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\t2_bg.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\theweb.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\top7.cdf
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\tsd_bg.res
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\country.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar10.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar11.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar12.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar13.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar14.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar2.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar3.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar4.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar5.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar6.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar7.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar8.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar9.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_x.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\default.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    C:\DOCUME~1\SARAHB~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
    C:\Temp\fse
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\abeeg.bak1
    C:\WINDOWS\system32\abeeg.bak2
    C:\WINDOWS\system32\abeeg.ini
    C:\WINDOWS\system32\abeeg.ini2
    C:\WINDOWS\system32\abeeg.tmp
    C:\WINDOWS\system32\alog.txt
    C:\WINDOWS\system32\awtssrp.dll
    C:\WINDOWS\system32\cbxvuuu.dll
    C:\WINDOWS\system32\cbxwtuv.dll
    C:\WINDOWS\system32\ddcddec.dll
    C:\WINDOWS\system32\dycesdxw.exe
    C:\WINDOWS\system32\f03WtR
    C:\WINDOWS\system32\f03WtR\f03WtR1066.exe
    C:\WINDOWS\system32\fccdbca.dll
    C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\gtnescsb.exe
    C:\WINDOWS\system32\help.txt
    C:\WINDOWS\system32\hggggdd.dll
    C:\WINDOWS\system32\iifdeec.dll
    C:\WINDOWS\system32\iifdefd.dll
    C:\WINDOWS\system32\iifebcd.dll
    C:\WINDOWS\system32\iifeddd.dll
    C:\WINDOWS\system32\iiffggh.dll
    C:\WINDOWS\system32\imlxthoi.exe
    C:\WINDOWS\system32\ljirftxs.exe
    C:\WINDOWS\system32\ljjhfde.dll
    C:\WINDOWS\system32\opnnkkl.dll
    C:\WINDOWS\system32\qomlklm.dll
    C:\WINDOWS\system32\qqapsxqi.exe
    C:\WINDOWS\system32\ssqnkhe.dll
    C:\WINDOWS\system32\urqnoml.dll
    C:\WINDOWS\system32\urqoono.dll
    C:\WINDOWS\system32\urqqnom.dll
    C:\WINDOWS\system32\urqqrpq.dll
    C:\WINDOWS\system32\vynrwjpj.exe
    C:\WINDOWS\system32\wvuronl.dll
    C:\WINDOWS\system32\wvusqon.dll
    C:\WINDOWS\system32\wvutsrp.dll
    C:\WINDOWS\system32\wvuttqr.dll
    C:\WINDOWS\system32\wvuvwwv.dll
    C:\WINDOWS\system32\xpdx.sys
    C:\WINDOWS\system32\xqgocyxv.exe
    C:\WINDOWS\system32\xtafmyrq.exe
    C:\WINDOWS\system32\xxyvuvu.dll
    C:\WINDOWS\system32\xxyxuss.dll
    C:\WINDOWS\system32\xxyxuuu.dll
    C:\WINDOWS\system32\yaywuut.dll
    C:\WINDOWS\system32\yayyyyv.dll
    C:\WINDOWS\system32\ymfywniu.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService
    -------\xpdx


    ((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
    .

    2007-09-15 19:15 112,128 --a------ C:\rvdc.exe
    2007-09-15 18:54 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-15 15:09 52,736 --a------ C:\WINDOWS\system32\windsw.dll
    2007-09-15 15:01 59,904 --a------ C:\hxvaqsbo.exe
    2007-09-15 15:01 52,736 --a------ C:\WINDOWS\system32\smuhdd.dll
    2007-09-15 15:01 51,200 --a------ C:\hbwpb.exe
    2007-09-15 15:01 5,632 --a------ C:\tjncm.exe
    2007-09-15 14:45 <DIR> d-------- C:\WINDOWS\LastGood
    2007-09-15 14:19 69,120 --a------ C:\WINDOWS\system32\spoolsv.exe
    2007-09-15 13:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-09-15 13:37 69,417 --a------ C:\WINDOWS\hpoins05.dat
    2007-09-15 13:37 19,696 --------- C:\WINDOWS\hpomdl05.dat
    2007-09-15 13:35 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
    2007-09-15 13:35 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
    2007-09-15 13:35 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
    2007-09-15 13:30 90,176 --a------ C:\WINDOWS\system32\cwyhcmag.exe
    2007-09-15 08:43 <DIR> d-------- C:\Program Files\Windows Resource Kits
    2007-09-14 21:41 90,176 --a------ C:\WINDOWS\system32\xsrpgavb.exe
    2007-09-14 16:14 <DIR> d-------- C:\Program Files\Windows Defender
    2007-09-14 06:50 <DIR> d-------- C:\DOCUME~1\LeePaul\APPLIC~1\Uniblue
    2007-09-13 21:50 <DIR> d-------- C:\DOCUME~1\LeePaul\.housecall6.6
    2007-09-13 21:38 122,432 --a------ C:\WINDOWS\system32\swtbipmg.exe
    2007-09-13 21:17 90,176 --a------ C:\WINDOWS\system32\xamhoyld.exe
    2007-09-13 19:23 <DIR> d-------- C:\DOCUME~1\bamm2061\.housecall6.6
    2007-09-13 15:41 <DIR> d-------- C:\Program Files\WinAble
    2007-09-12 21:13 13,312 --a------ C:\WINDOWS\smtp.exe
    2007-09-11 13:19 90,176 --a------ C:\WINDOWS\system32\iphnbrga.exe
    2007-09-10 16:47 <DIR> d-------- C:\Program Files\CCleaner
    2007-09-10 16:39 4,214 --a------ C:\WINDOWS\system32\tmp.reg
    2007-09-10 16:06 <DIR> d-------- C:\Program Files\RogueRemover FREE
    2007-09-10 14:27 <DIR> d-------- C:\DOCUME~1\OWNERY~1.000\APPLIC~1\Tenebril
    2007-09-10 14:25 <DIR> d-------- C:\DOCUME~1\OWNERY~1.000\APPLIC~1\Symantec
    2007-09-10 14:25 <DIR> d-------- C:\DOCUME~1\OWNERY~1.000\APPLIC~1\Sonic
    2007-09-10 14:25 <DIR> d-------- C:\DOCUME~1\OWNERY~1.000\APPLIC~1\Apple Computer
    2007-09-09 18:45 <DIR> d-------- C:\DOCUME~1\LeePaul\APPLIC~1\Tenebril
    2007-09-09 18:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
    2007-09-09 18:30 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-09-09 18:30 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
    2007-09-06 16:28 43,542 --a------ C:\WINDOWS\system32\ddcddde.dll.vir
    2007-09-05 22:47 43,542 --a------ C:\WINDOWS\system32\awtrrsr.dll.vir
    2007-09-03 22:04 1,998,994 --ahs---- C:\WINDOWS\system32\qpqss.bak2
    2007-09-03 08:25 6,448 --ahs---- C:\WINDOWS\system32\qpqss.bak1
    2007-09-03 08:04 18,672 --a------ C:\WINDOWS\system32\drivers\antispyfilter.sys
    2007-09-03 06:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-09-02 19:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
    2007-09-02 19:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
    2007-09-02 19:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    2007-09-02 19:25 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Symantec
    2007-09-02 19:25 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Sonic
    2007-09-02 19:25 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Apple Computer
    2007-09-02 09:01 <DIR> d-------- C:\WINDOWS\tmp
    2007-09-02 08:58 <DIR> d-------- C:\WINDOWS\tmpcopy
    2007-09-02 06:44 <DIR> d-------- C:\WINDOWS.000
    2007-09-01 20:19 1,884,364 --ahs---- C:\WINDOWS\system32\uttss.bak2
    2007-09-01 08:18 6,448 --ahs---- C:\WINDOWS\system32\uttss.bak1
    2007-09-01 07:32 <DIR> d-------- C:\DOCUME~1\LeePaul\APPLIC~1\AdwareAlert
    2007-09-01 07:31 <DIR> d-------- C:\Program Files\AdwareAlert
    2007-08-31 13:12 <DIR> d-------- C:\michigan
    2007-08-30 15:39 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-08-30 08:25 1,893,002 --ahs---- C:\WINDOWS\system32\ddeeg.bak2
    2007-08-29 20:25 6,448 --ahs---- C:\WINDOWS\system32\ddeeg.bak1
    2007-08-29 12:18 <DIR> d-------- C:\DOCUME~1\LeePaul\.autodesk
    2007-08-28 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    2007-08-21 21:40 <DIR> d-------- C:\DOCUME~1\LeePaul\APPLIC~1\acccore
    2007-08-21 19:41 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
    2007-08-16 09:49 <DIR> d-------- C:\Program Files\MSXML 6.0

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-15 13:42 --------- d-------- C:\Program Files\HP
    2007-09-15 11:36 --------- d-------- C:\Program Files\RecordNow!
    2007-09-15 11:36 --------- d-------- C:\Program Files\QuickTime
    2007-09-15 11:36 --------- d-------- C:\Program Files\MFInstall
    2007-09-15 11:35 --------- d-------- C:\Program Files\Apoint2K
    2007-09-14 17:53 --------- d-------- C:\Program Files\ArcGIS
    2007-09-14 17:49 --------- d-------- C:\Program Files\Common Files\ESRI
    2007-09-14 17:44 --------- d-------- C:\Program Files\ESRI
    2007-09-13 21:13 --------- d-------- C:\Program Files\PC Protection Plus
    2007-09-10 16:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-09 20:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    2007-09-09 19:24 --------- d-------- C:\Program Files\Common Files\Download Manager
    2007-09-03 08:12 --------- d-------- C:\Program Files\AWS
    2007-08-28 19:33 --------- d-------- C:\Program Files\Yahoo! Games
    2007-08-22 22:20 --------- d-------- C:\DOCUME~1\bamm2061\APPLIC~1\Big Fish Games
    2007-08-10 12:39 --------- d-------- C:\Program Files\VirtualGeo
    2007-08-10 12:27 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-10 12:27 --------- d-------- C:\Program Files\LizardTech
    2007-08-06 17:26 --------- d-------- C:\DOCUME~1\LeePaul\APPLIC~1\ESRI
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-20 01:24 --------- d-------- C:\DOCUME~1\bamm2061\APPLIC~1\Gamelab
    2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
    2007-07-12 13:17 1165 --a------ C:\Program Files\INSTALL.LOG
    2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 10:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 10:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 10:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 10:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 10:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 10:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 10:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 10:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 10:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 10:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 10:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 10:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 10:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 04:27 74240 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 04:27 701440 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 04:27 24576 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 03:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 22:10 361472 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
    2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-15 04:12 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-06-15 04:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-06-15 04:12 1498112 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-06-15 04:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
    2007-06-15 04:12 1022976 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
    2006-12-24 18:04 87608 --a------ C:\DOCUME~1\bamm2061\APPLIC~1\ezpinst.exe
    2006-12-24 18:04 47360 --a------ C:\DOCUME~1\bamm2061\APPLIC~1\pcouffin.sys
    1998-06-19 12:23 347136 --a------ C:\Program Files\UNWISE.EXE
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C8DE14D-EF92-492f-BBF7-B61F1405F328}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 23:40]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 16:01 C:\WINDOWS\AGRSMMSG.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22]
    "nwiz"="nwiz.exe" [2004-04-07 15:22 C:\WINDOWS\system32\nwiz.exe]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
    "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 22:55]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 11:33]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 16:05]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 17:49]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-15 09:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RecordNow!"="" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "Aim6"="" []
    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-08-10 16:08]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    1.kpp [2007-09-13 09:50:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispBackgroundPage"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)
    "NoSetActiveDesktop"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccy]
    C:\WINDOWS\system32\ddccy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcddde]
    ddcddde.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
    C:\WINDOWS\system32\jkhfd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=secuload.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\geeba

    R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DRIVERS\antispyfilter.sys
    R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe"
    R2 ONSIO;ONSIO;\??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
    S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS
    S2 BackWeb Plug-in - 6731405;PC Protection Plus;C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
    S2 NSEsvc;Network Source Engine;"C:\WINDOWS\Help\nsecvc.exe"
    S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-15 23:17:25 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.exe
    "2007-08-18 02:20:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-09-15 23:18:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-15 19:16:27
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?1?2?9??????? ???B???????????????B? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-15 19:19:07 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-15 19:18
    .
    --- E O F ---
     
  4. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/15/2007 at 09:35 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3307
    Trace Rules Database Version: 1313

    Scan type : Complete Scan
    Total Scan Time : 02:05:36

    Memory items scanned : 381
    Memory threats detected : 0
    Registry items scanned : 6356
    Registry threats detected : 0
    File items scanned : 40462
    File threats detected : 161

    Adware.Tracking Cookie
    C:\Documents and Settings\LeePaul\Cookies\[email protected][2].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][1].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][2].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][1].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][2].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][1].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][1].txt
    C:\Documents and Settings\LeePaul\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][3].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][3].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][4].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][2].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\bamm2061\Cookies\[email protected][1].txt
    C:\Documents and Settings\SarahBeth\Cookies\[email protected][2].txt
    C:\Documents and Settings\SarahBeth\Cookies\[email protected][2].txt
    C:\Documents and Settings\SarahBeth\Cookies\[email protected][1].txt
    C:\Documents and Settings\SarahBeth\Cookies\[email protected][2].txt
    C:\Documents and Settings\SarahBeth\Cookies\[email protected][3].txt

    Adware.eZula
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DYCESDXW.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GTNESCSB.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IMLXTHOI.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LJIRFTXS.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QQAPSXQI.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VYNRWJPJ.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XQGOCYXV.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XTAFMYRQ.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YMFYWNIU.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP838\A0778025.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP838\A0780027.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP839\A0781163.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP842\A0784166.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP843\A0786168.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP844\A0787169.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP844\A0788168.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788207.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788208.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788209.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788210.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788211.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788212.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788213.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788214.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788215.EXE
    C:\WINDOWS\SYSTEM32\CWYHCMAG.EXE
    C:\WINDOWS\SYSTEM32\IPHNBRGA.EXE
    C:\WINDOWS\SYSTEM32\SWTBIPMG.EXE
    C:\WINDOWS\SYSTEM32\XAMHOYLD.EXE
    C:\WINDOWS\SYSTEM32\XSRPGAVB.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788216.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788217.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788218.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788219.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788220.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788221.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788222.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788223.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788224.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788225.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788226.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788227.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788228.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788229.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788230.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788231.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788232.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788233.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788234.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788235.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788236.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788237.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788238.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788239.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788240.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788241.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788242.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788243.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0788255.DLL

    EOF​
     
  5. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:26:13 AM, on 9/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\LeePaul\Desktop\Security\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin....com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1.0.0.0:80
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
    O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - smuhdd.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: 1.kpp
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3606.cab
    O20 - AppInit_DLLs: secuload.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll (file missing)
    O20 - Winlogon Notify: ddcddde - ddcddde.dll (file missing)
    O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
    O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: PC Protection Plus (BackWeb Plug-in - 6731405) - Unknown owner - C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Source Engine (NSEsvc) - Unknown owner - C:\WINDOWS\Help\nsecvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 9582 bytes
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)

    O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - smuhdd.dll (file missing)

    O4 - Global Startup: 1.kpp

    O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll (file missing)

    O20 - Winlogon Notify: ddcddde - ddcddde.dll (file missing)

    O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)

    O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.
    Be sure to note the EXACT spelling of the file

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1.kpp

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode



    How are things on the PC???????????
     
  7. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    Latest and Greatest HijackThis Log
    My Puter is really happy and relieved.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:03:14 PM, on 9/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\LeePaul\Desktop\Security\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin....com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1.0.0.0:80
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3606.cab
    O20 - AppInit_DLLs: secuload.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: PC Protection Plus (BackWeb Plug-in - 6731405) - Unknown owner - C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Source Engine (NSEsvc) - Unknown owner - C:\WINDOWS\Help\nsecvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 9044 bytes
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  9. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    System Restore is not functioning!
    I get a Dos Command Prompt Window with a blinking cursor?
    Lee55

    I checking my registry at the moment.
     
  10. Lee55

    Lee55 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    11
    This problem has been happily solved and closed!
    Computer & User are happy campers.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/624409

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice