Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adware, spyware, trojan... help

Started by Salku69 , Feb 09 2007 01:32 AM

  • This topic is locked This topic is locked

#16
SNOWHITE
Posted 15 February 2007 - 08:09 PM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hi :whistling:

Excuse me but do you know what is windows cardspace? I never downloaded it b4 and it appeared in my control panel...

Windows CardSpace is safe you can read more about it at the links bellow

http://msdn2.microso...k/aa663320.aspx

http://cardspace.netfx3.com/
------------------------------------------------------------
Now follow this step:

Open HijackThis (Salku.exe), click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Regards,
  • 0

Advertisements

#17
Salku69
Posted 15 February 2007 - 10:11 PM

Salku69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Acoustica MP3 To Wave Converter PLUS
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead Nero Burning ROM
Ahead NeroMIX
Ahead NeroVision Express
Alpha Galaxy 1024 Screensaver
Alpha Galaxy Screensaver
AppCore
ATI Control Panel
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
Battlefield 2™
Battlefield 2142 Demo
BitLord 1.1
BroadJump Client Foundation
Call of Duty® 2
CCleaner (remove only)
CursorXP
Data Fax SoftModem with SmartCP
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
eyeQ
FEARCombat
GdiplusUpgrade
Google Earth
Hamachi 1.0.1.5
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP LCD Monitor Driver Software 2.00
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
ICatch (VI) PC Camera
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Lexmark 510 Series
LogonStudio
MapleStory
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! for Windows XP
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Miranda IM
Modem Booster
Mozilla Firefox (2.0.0.1)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
ObjectDock
Office 2003 Tour
Otto
PC-Doctor 5 for Windows
PCLinq2 High-Speed USB Bridge Cable
Personal License Update Wizard for Windows Media Player
Photo Story 3 for Windows
PowerDVD
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2005
QuickTime
RealPlayer
Registry Cleaner 3.1
Rome - Total War
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB926255)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Starcraft
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
USB Dual Vibration Joystick
Ventrilo Client
Ventrilo Server
Vtech i5807 Image Editor
Winamp (remove only)
WinCustomize Browser
WindowBlinds
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Wireless LAN Utility
Xfire (remove only)

Edited by Salku69, 15 February 2007 - 10:13 PM.

  • 0

#18
SNOWHITE
Posted 16 February 2007 - 01:14 PM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Salku69 :whistling:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Regards,
  • 0

#19
Salku69
Posted 18 February 2007 - 08:32 AM

Salku69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hello Snowhite,

When I gotten on the internet it already found more viruses trying to get in :whistling: but i dont know what going on right now, still when i surf on the internet to this page IE7 opens up and goes to this link http://89.188.16.10/...m...p;lid=&url=
or http://www.winantivi...E365FD69798D1AB

I really do appreciate you taking the time reading these reports and helping me getting rid of these viruses

also while surfing on the internet AVG and avast! found these trying to get in



Win32:Agent-EIE [Trj]
Win32:Adware-gen. [Adw] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\xqdmxofb.dll
Win32:Trojan-gen. {Other} http://l.mezzicodec.....php?b=3024&m=1
Win32:Trojan-gen. {Other} C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ET0TQCD0\xc42[1].exe C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ET0TQCD0\xc42[1].exe then it could not accessed it because its being used in another process
http://89.188.16.10/...m...p;lid=&url=


Well when i ran Salku.exe (hijackthis.exe) it could not access c:\WINDOWS\system32\drivers\etc\hosts
then it had an error #75

Ok I did a system restore and also gotten to be able to get the log back on


SDFix: Version 1.65

Run by: HP_Administrator - Sat 02/17/2007 @ 19:56:06.65

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages
MsaSvc

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272
C:\WINDOWS\system32\msasvc.exe

COM+ Messages Deleted
MsaSvc Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\win225.tmp.exe"="C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\win225.tmp.exe:*:Enabled:win225.tmp"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\Common Files\\AOL\\1143959304\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1143959304\\ee\\aolsoftware.exe:*:Disabled:AOL Services"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Microsoft Money 2005\mnysl05.dll
C:\Program Files\Microsoft Money 2005\mnysvc05.dll
C:\Program Files\Microsoft Money 2005\unicows.dll
C:\Program Files\Microsoft Money 2005\utilsurf.dll
C:\Program Files\Microsoft Money 2005\mnyupdate!@#@.exe
C:\Program Files\Outlook Express\msimn.exe
C:\swsetup\Monitors\vs15\INSTALL.EXE
C:\swsetup\Monitors\vs15\SETMON.EXE
C:\temp\HPCD.sys
C:\WINDOWS\SMINST\HPCD.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Media Player\MTVN\Downloads\00164981\BIT6E.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL0003.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL0665.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL0854.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL1229.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL1315.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL1386.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL1515.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL2176.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL2320.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL2483.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL2607.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL3251.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL3458.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL3587.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\~WRL3994.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\English 101\~WRL1286.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\English 101\~WRL1889.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\English 101\~WRL2431.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\English 101\~WRL3102.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Fall 2005\English 101\~WRL3774.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Winter2006\ENGLISH 101\~WRL1091.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Winter2006\GEOG 155\~WRL1509.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Freshmen Year\Winter2006\GEOG 155\~WRL3409.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Phi Sigma Kappa\~WRL2551.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0003.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0005.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0038.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0293.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0341.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0683.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0747.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0826.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0955.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1013.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1237.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1256.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1306.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1380.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1483.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1685.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2000.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2291.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2303.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2534.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2620.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2815.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2993.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3173.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3206.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3269.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3355.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3411.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3567.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3608.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3692.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3809.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3823.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3911.tmp
C:\Documents and Settings\HP_Administrator\My Documents\CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3972.tmp
C:\Program Files\Google\BIT469.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\242de31122d71e92d2d0d6941af860fd\download\BIT74F.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ca4869d87c4751adb7f48eb66eedb79\BIT5F3.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\661357362ec49ac3cefe1deeadbb5e60\BIT5F8.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7b49598ac3a72268839b21d372a08418\BIT5F9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\af10ad1ba106dbeb814878bb0bf7578f\download\BIT758.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b75a3f1ceb9b6c91137c6b793414016f\BIT5FA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bc8f95ed18f1b2993f869ea8fec0f085\BIT5FB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cf6034b9352dd852b280611a0edca27e\download\BIT74E.tmp

Finished

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\winCC1.tmp.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\win225.tmp.exe"="C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\win225.tmp.exe:*:Enabled:win225.tmp"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\Common Files\\AOL\\1143959304\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1143959304\\ee\\aolsoftware.exe:*:Disabled:AOL Services"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Microsoft Money 2005\mnysl05.dll
C:\Program Files\Microsoft Money 2005\mnysvc05.dll
C:\Program Files\Microsoft Money 2005\unicows.dll
C:\Program Files\Microsoft Money 2005\utilsurf.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\wvutsrq.dll
C:\Program Files\Microsoft Money 2005\mnyupdate!@#@.exe
C:\Program Files\Outlook Express\msimn.exe
C:\swsetup\Monitors\vs15\INSTALL.EXE
C:\swsetup\Monitors\vs15\SETMON.EXE
C:\temp\HPCD.sys
C:\WINDOWS\SMINST\HPCD.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Media Player\MTVN\Downloads\00164981\BIT6E.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL0003.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL0665.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL0854.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL1229.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL1315.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL1386.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL1515.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL2176.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL2320.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL2483.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL2607.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL3251.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL3458.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL3587.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\~WRL3994.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\English 101\~WRL1286.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\English 101\~WRL1889.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\English 101\~WRL2431.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\English 101\~WRL3102.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Fall 2005\English 101\~WRL3774.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Winter2006\ENGLISH 101\~WRL1091.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Winter2006\GEOG 155\~WRL1509.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Freshmen Year\Winter2006\GEOG 155\~WRL3409.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Phi Sigma Kappa\~WRL2551.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0003.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0005.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0038.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0293.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0341.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0683.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0747.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0826.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL0955.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1013.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1237.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1256.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1306.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1380.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1483.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL1685.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2000.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2291.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2303.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2534.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2620.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2815.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL2993.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3173.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3206.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3269.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3355.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3411.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3567.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3608.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3692.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3809.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3823.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3911.tmp
C:\Documents and Settings\HP_Administrator\My Documents\2. CSULA\Sophmore Year\Fall 2006\Philosophy 151\~WRL3972.tmp
C:\Program Files\Google\BIT469.tmp

Finished
Logfile of HijackThis v1.99.1
Scan saved at 7:55:14 AM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HJT\Salku.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD2B228-F5E0-486C-A2B4-0646955D5583} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\lpdapllc.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157093217132
O20 - Winlogon Notify: efcyyvw - efcyyvw.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjee32 - C:\WINDOWS\SYSTEM32\winjee32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


Also the restore was back when i was using the program you sent me so it reloaded the program and still killed those viruses


Thank You For Reading This Report,

Edited by Salku69, 18 February 2007 - 10:09 AM.

  • 0

#20
SNOWHITE
Posted 18 February 2007 - 10:08 PM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hi Salku69 :whistling:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please do not use system restore anymore and try to keep the computer off line as much as possible, don't download any programs except if i told you so until we clean it from the infections. The problems may get complicated further if you don't follow the instructions right.

Please download again VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Post back with the contents of vundofix.txt and new HijackThis log (Salku.exe)

Regards,
  • 0

#21
Salku69
Posted 19 February 2007 - 12:32 AM

Salku69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 1:45:02 PM 2/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.tmp
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\wqlmohfo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpqss.tmp
C:\WINDOWS\system32\qpqss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\wqlmohfo.dll
C:\WINDOWS\system32\wqlmohfo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 2:03:03 PM 2/15/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 6:31:55 PM 2/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\wqlmohfo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\oqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\sstqo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 6:42:17 PM 2/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\wqlmohfo.dll

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 10:32:17 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Miranda IM\miranda32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\Salku.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD2B228-F5E0-486C-A2B4-0646955D5583} - (no file)
O2 - BHO: (no name) - {3569298A-24A1-7EF9-4A00-092E9537AF38} - C:\WINDOWS\system32\klmcoym.dll
O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\wvusrqo.dll
O2 - BHO: (no name) - {D792BCFC-CBE3-4817-89F1-39FD376F960D} - C:\WINDOWS\system32\sstqo.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\lpdapllc.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpum.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157093217132
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4FAED14-B5AC-4134-B579-99B349DA279B}: NameServer = 206.13.29.12 206.13.30.12
O20 - Winlogon Notify: efcyyvw - efcyyvw.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjee32 - C:\WINDOWS\SYSTEM32\winjee32.dll
O20 - Winlogon Notify: wvusrqo - C:\WINDOWS\SYSTEM32\wvusrqo.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
  • 0

#22
SNOWHITE
Posted 19 February 2007 - 12:00 PM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hi Salku69 :whistling:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Follow the steps bellow to update and run scan with AVG Anti-Spyware
  • Locate AVG Anti-Spyware, and double-click on it to start the program
  • Update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Post back with AVG Anti-Spyware report scan and new HijackThis scan!

Regards,
  • 0

#23
Salku69
Posted 26 February 2007 - 02:27 AM

Salku69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Dear Snowhite,
I Would Like To Thank You For Your Efforts Because I Was Able To Extract My Work Away Safely Before The Viruses Made Any More Damages, But I Needed To Reformat My Hardrive. I Learned Alot From What I Can Do And What Programs To Defend Myself With.. So Great Thanks

-Salku
  • 0

#24
SNOWHITE
Posted 27 February 2007 - 12:38 AM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts

Dear Snowhite,
I Would Like To Thank You For Your Efforts Because I Was Able To Extract My Work Away Safely Before The Viruses Made Any More Damages, But I Needed To Reformat My Hardrive. I Learned Alot From What I Can Do And What Programs To Defend Myself With.. So Great Thanks


Hi Salku69 :whistling:

Glad that i was at least of some help for you. The following is a list of tools that I recommend to people for better protections and preventing from re-infecting of the computer.
  • SpywareBlaster - Helps preventing spyware from installing in the first place.
  • SpywareGuard - To catch and block spyware before it can execute.
  • IESpy-Ad - Blocks access to malicious websites so you cannot be redirected to them from an infected site or email.
  • MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • SUPERAntiSpyware Home Edition (free version) – Another effective program for helping remove some of the more difficult infections
  • More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and Opera
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Also see So how did I get infected in the first place?

Best regards,
  • 0

#25
Salku69
Posted 28 February 2007 - 08:06 PM

Salku69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
:whistling: I'll try those out right now
  • 0

Advertisements

#26
don77
Posted 02 March 2007 - 02:04 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP