Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! App I installed was a virus. Computer crashed.[Resolved]


  • This topic is locked This topic is locked

#1
llynxx

llynxx

    New Member

  • Member
  • Pip
  • 6 posts
Something has attacked my computer and stopped me from running most of any Security software. My problem is similar (if not nearly identical) to two other posters in this forum. Here are their links...

1. http://www.geekstogo...amp;pid=1146594

2. http://www.geekstogo...of-t185429.html

Being my problem is related to both these guys i followed removal instructions from both these post and will paste the logs below. Many of the programs would not work for me, such as, HJT, which i know is going to hurt me from receiving help for my problem. The difference between me and the other two guys is that i know where i got into trouble. I installed what i thought was a legitamite(sp?) program and it crashed my computer. When my computer booted back up (recovered from a serious error) one of my icons (abyss web server) changed to look like the icon of the malicious program i installed. Even though i deleted this file i probably can download it again if anyone is interested in finding out exactly what threat this is. I then attempted to run virus and spyware scanners and rootkit software. None would work. Nod and Norton would no longer start at boot up. My Norton was expired but the firewall still worked. Nod i used as my antivirus. My rootkits either froze or i got the dreaded Win32 error. Adaware froze. Can't boot my machine into Safe Mode. It just restarts. Can't do a successful Restore. I have Windows XP Home SP2 and all my Windows updates were up to date at time of infection.


Here are the steps i took in the order i took them...

1. Installed ATF Cleaner but cant open the program. It just blinks on my screen and immediately shuts down.

2. Set a System Restore point as instructed in one of the threads

3. Installed AVG Anti-Spyware but program returns error when i try to start it. (Again i can't boot to Safe Mode)

4. Installed SUPERAntiSpyware Home Edition. When i ran a scan (3 attempts) immediately my computer crashes when the program starts
to scan files and folders.

5. Online Panda Scan Successful. Here are the results....(After scan i deleted all my cookies)...



Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.com.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.overture.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.statcounter.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[landing.domainsponsor.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.atdmt.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.hotlog.ru/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.xiti.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.spylog.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.yadro.ru/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.ehg.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.com.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.did-it.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.overture.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.bravenet.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-14_21-45-31-379[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.fastclick.net/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.hotlog.ru/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.casalemedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.com.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[stat.onestat.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.doubleclick.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.azjmp.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.cdfreaks.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.yadro.ru/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.xiti.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[www.myaffiliateprogram.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.perf.overture.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.webpower.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.paycounter.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.revenue.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.realmedia.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.clickbank.net/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[landing.domainsponsor.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.spylog.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.ehg.hitbox.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[.did-it.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-23_8-0-59-578[statse.webtrendslive.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.tradedoubler.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.fastclick.net/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.hotlog.ru/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.yadro.ru/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.casalemedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-5-3_18-55-26-937[.statcounter.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.atdmt.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[server.iad.liveperson.net/hc/66096084]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[server.iad.liveperson.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.casalemedia.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[landing.domainsponsor.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.as-eu.falkag.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.tradedoubler.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.xiti.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.overture.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.adultfriendfinder.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.hotlog.ru/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.bravenet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.advertising.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[.as-us.falkag.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-3_13-20-32-500[counter.hitslink.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.ccbill.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.sexlist.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.cs.sexcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.adultfriendfinder.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[counter12.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.sextracker.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.paycounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.toplist.cz/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.systemdoctor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[landing.domainsponsor.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.yadro.ru/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.as-us.falkag.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.atdmt.com/]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[stats1.clicktracks.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.questionmarket.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[statse.webtrendslive.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[server.iad.liveperson.net/hc/66096084]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[server.iad.liveperson.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cookies_2006-6-5_1-46-45-265[.fastclick.net/]
Spyware
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello llynxx

Welcome to G2Go. :)
==================
Try to do this
Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#3
llynxx

llynxx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I couldn't save this file with Mozilla. Finally got smart and tried IE. Here is the log....



"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Advanced Uninstaller PRO Installation Monitor" = ""C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"" ["Innovative Solutions [url="http://www.innovative-sol.com/""]http://www.innovative-sol.com/"[/url]]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"1Click Clocksync" = ""C:\Program Files\1Click Clocksync\clocksync.exe" /auto /auto" ["Express Computing"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"PCDrProfiler" = (empty string) [file not found]
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" ["Hewlett-Packard Company"]
"WMC_AutoUpdate" = (empty string) [file not found]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Motive SmartBridge" = "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" ["Motive, Inc."]
"UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe"" [null data]
"Home Theater SchSvr" = ""C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"" ["InterVideo Inc."]
"WINREMOTE" = ""C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"" ["InterVideo Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"PtiuPbmd" = "Rundll32.exe ulutil2.dll,SetWriteBack" [MS]
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"EEventManager" = "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" ["SEIKO EPSON CORPORATION"]
"Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]
"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{000123B4-9B42-4900-B3F7-F4B073EFC214}\(Default) = "btorbit.com"
-> {HKLM...CLSID} = "Octh Class"
\InProcServer32\(Default) = "C:\Program Files\Orbitdownloader\orbitcth.dll" ["Orbitdownloader.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}\(Default) = "GigagetIEHelper"
-> {HKLM...CLSID} = "GigagetIEHelper Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\gigagetbho_v10.dll" ["Giganology Inc."]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\(Default) = "HpWebHelper"
-> {HKLM...CLSID} = "hpWebHelper Class"
\InProcServer32\(Default) = "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll" ["Hewlett-Packard"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\erasext.dll" ["-"]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{4EB37360-49E8-11D3-95B5-004033382980}" = "ALZip 4.0 Context Menu Shell Extension"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]
"{463e6ce0-ade4-11d1-bb29-00c0f022239b}" = "ThumbsPlus"
-> {HKLM...CLSID} = "ThumbsPlus"
\InProcServer32\(Default) = "C:\Program Files\Thumbs7\cswshlex.dll" ["Cerious Software, Inc."]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
-> {HKLM...CLSID} = "GMail Drive"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
-> {HKLM...CLSID} = "GMailFS Property Sheet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
-> {HKLM...CLSID} = "GMailFS Drop Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
-> {HKLM...CLSID} = "GMailFS Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> ldr64\DLLName = "ldr64.dll" [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\erasext.dll" ["-"]
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
PicoZip\(Default) = "{5054D91A-D865-4B58-9296-87FA0465DE09}"
-> {HKLM...CLSID} = "PicoZip Context Menu for All Files"
\InProcServer32\(Default) = "C:\Program Files\PicoZip\ZipMenu.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
ThumbsPlus\(Default) = "{463e6ce0-ade4-11d1-bb29-00c0f022239b}"
-> {HKLM...CLSID} = "ThumbsPlus"
\InProcServer32\(Default) = "C:\Program Files\Thumbs7\cswshlex.dll" ["Cerious Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
ThumbsPlus\(Default) = "{463e6ce0-ade4-11d1-bb29-00c0f022239b}"
-> {HKLM...CLSID} = "ThumbsPlus"
\InProcServer32\(Default) = "C:\Program Files\Thumbs7\cswshlex.dll" ["Cerious Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\erasext.dll" ["-"]
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
PicoZip\(Default) = "{5054D91A-D865-4B58-9296-87FA0465DE09}"
-> {HKLM...CLSID} = "PicoZip Context Menu for All Files"
\InProcServer32\(Default) = "C:\Program Files\PicoZip\ZipMenu.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

"Connwiz Admin Lock" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{User Account Control: Run All Administrators In Admin Approval Mode}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Compaq_Owner\Application Data\IrfanView\IrfanView_Wallpaper.bmp"


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\HP\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]


Startup items in "Compaq_Owner" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
"No-IP DUC" -> shortcut to: "C:\Program Files\No-IP\DUC20.exe" ["Vitalwerks LLC"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"AT&T Self Support Tool" -> shortcut to: "C:\Program Files\SBC Self Support Tool\bin\matcli.exe -boot" ["Motive Communications, Inc."]


Enabled Scheduled Tasks:
------------------------

"Norton Internet Security - Run Full System Scan - Compaq_Owner" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Internet Connection Help"
"MenuText" = "Internet Connection Help"
"Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{44F9B173-041C-4825-A9B9-D914BD9DCBB3}" = "*b" (unwritable string)
-> {HKLM...CLSID} = "SrchHook Class"
\InProcServer32\(Default) = "C:\Program Files\EarthLink TotalAccess\ElnIE.dll" ["EarthLink, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NMSAccessU, NMSAccessU, "C:\Program Files\CDBurnerXP\NMSAccessU.exe" [null data]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


---------- (launch time: 2008-01-29 19:13:19)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 14 seconds.
---------- (total run time: 86 seconds)
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.


Very Important when you are asked to save this file save it as Combo-fix note the - in between the Combo and fix this is extremely important.
If you do not do this then this infection will stop combofix from running.


After you download it
  • Close any open browsers.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. >"C:\ComboFix.txt"
  • Post that log here in your next reply.

  • 0

#5
llynxx

llynxx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I was wondering why u ask for this log because i supplied this info already, so i checked and see there must be a limit of words we can post at one time. So here is the log for Combo fix...

6. HJT installation failed. Win32 error.

7. Silent Runner This program won't download or i don't know how to download it. I right clicked and saved but wont show up on my desktop where all other programs go when i do this.

8. Installed Combo-fix. Results are as follows....

ComboFix 08-01-29.2 - Compaq_Owner 2008-01-29 11:28:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
D:\Autorun.inf
C:\Documents and Settings\Compaq_Owner\Application Data\macromedia\Flash Player\#SharedObjects\VE8T7LD6\www.broadcaster.com
C:\Documents and Settings\Compaq_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Compaq_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-29 10:29 . 2008-01-29 10:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-29 05:16 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-29 04:56 . 2008-01-29 09:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-29 04:56 . 2008-01-29 04:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-29 04:56 . 2008-01-29 04:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-29 04:56 . 2008-01-29 04:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-29 04:26 . 2008-01-29 10:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-29 04:26 . 2008-01-29 04:26 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-01-29 04:26 . 2008-01-29 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-29 04:18 . 2008-01-29 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-29 01:34 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-01-29 01:34 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\dllcache\bthpan.sys
2008-01-29 01:34 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-01-29 01:34 . 2004-08-03 23:10 35,456 --a------ C:\WINDOWS\system32\dllcache\bthprint.sys
2008-01-29 01:34 . 2001-08-17 12:11 31,529 --a------ C:\WINDOWS\system32\dllcache\brzwlan.sys
2008-01-29 01:34 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\dllcache\bthusb.sys
2008-01-29 01:34 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\dllcache\bthenum.sys
2008-01-29 01:34 . 2001-08-17 13:51 13,824 --a------ C:\WINDOWS\system32\dllcache\bulltlp3.sys
2008-01-29 01:34 . 2001-08-17 13:12 10,368 --a------ C:\WINDOWS\system32\dllcache\brusbscn.sys
2008-01-29 01:32 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-29 01:31 . 2004-08-04 00:56 516,768 --a------ C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-01-29 01:30 . 2001-08-17 12:48 289,664 --a------ C:\WINDOWS\system32\dllcache\atimpab.sys
2008-01-29 01:29 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-01-29 01:28 . 2001-08-17 14:07 56,960 --a------ C:\WINDOWS\system32\dllcache\aic78xx.sys
2008-01-29 01:27 . 2001-08-17 12:19 747,392 --a------ C:\WINDOWS\system32\dllcache\adm8830.sys
2008-01-29 01:26 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-29 01:25 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-29 00:20 . 2008-01-29 00:24 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-28 23:58 . 2008-01-29 10:26 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 23:57 . 2008-01-29 00:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-01-28 14:45 . 2008-01-28 14:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 14:45 . 2008-01-28 14:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 00:21 . 2008-01-28 00:21 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-24 22:07 . 2008-01-24 22:07 <DIR> d-------- C:\WINDOWS\system32\SYSTEM32
2008-01-24 22:07 . 2008-01-24 22:07 <DIR> d-------- C:\Program Files\Guitarpad
2008-01-24 22:07 . 2004-08-04 05:00 126,976 --a------ C:\WINDOWS\system32\SYSTEM32\APPHELP.DLL
2008-01-24 14:48 . 2008-01-24 14:48 <DIR> d-------- C:\Program Files\PHP
2008-01-22 19:00 . 2008-01-29 08:26 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-01-22 19:00 . 2008-01-22 21:13 <DIR> d-------- C:\Downloads
2008-01-22 19:00 . 2008-01-29 04:18 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Orbit
2008-01-22 12:14 . 2008-01-22 12:14 <DIR> d-------- C:\Program Files\Tunatic
2008-01-22 10:01 . 2008-01-23 10:06 250 --a------ C:\WINDOWS\gmer.ini
2008-01-22 08:41 . 2008-01-29 12:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-19 05:37 . 2008-01-19 05:37 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\DesktopFixed ZIP Files
2008-01-19 05:37 . 2008-01-19 05:37 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\DesktopExtracted from ZIP
2008-01-19 05:35 . 2008-01-19 05:35 <DIR> d-------- C:\Program Files\Object Fix Zip
2008-01-14 08:42 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-14 08:40 . 2008-01-14 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
2007-12-30 19:16 . 2007-12-30 19:16 <DIR> d-------- C:\Program Files\GCH Guitar academy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 17:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys
2008-01-29 14:02 --------- d-----w C:\Program Files\No-IP
2008-01-29 13:13 --------- d-----w C:\Program Files\Google
2008-01-29 12:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-29 12:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 11:58 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-01-29 11:56 --------- d-----w C:\Program Files\CDBurnerXP
2008-01-29 10:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 09:56 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-01-29 07:16 --------- d-----w C:\Program Files\Jigs@w Puzzle Platinum Edition
2008-01-29 02:40 --------- d-----w C:\Program Files\eMule
2008-01-28 06:21 --------- d-----w C:\Program Files\Real
2008-01-28 06:20 --------- d-----w C:\Program Files\Common Files\Real
2008-01-22 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-18 16:50 --------- d-----w C:\Program Files\Thumbs7
2008-01-10 02:10 --------- d-----w C:\Program Files\IrfanView
2008-01-01 16:23 --------- d-----w C:\Program Files\dvdSanta
2007-12-28 00:12 --------- d-----w C:\Program Files\Digital Guitar Tuner 2.3
2007-12-22 01:47 --------- d-----w C:\Program Files\EGUITAR1
2007-12-21 14:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 14:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 14:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-13 06:29 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-12 16:21 --------- d-----w C:\Program Files\DivX
2007-12-12 14:43 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 14:43 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-12 14:43 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-12 14:43 --------- d-----w C:\Program Files\Symantec
2007-12-11 16:10 --------- d-----w C:\Program Files\MPEG-Corrector
2007-12-11 14:39 --------- d-----w C:\Program Files\avifixed20b1
2007-12-11 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-08 12:41 --------- d-----w C:\Program Files\XviD
2007-12-06 01:29 --------- d-----w C:\Program Files\World of Warcraft
2007-12-04 17:26 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-04 14:16 --------- d-----w C:\Program Files\The Rosetta Stone
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-31 19:17 54,824 ----a-w C:\WINDOWS\agrsmdel.exe
2006-05-01 04:49 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:00 15360]
"Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [2008-01-29 12:02 1215488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 19:04 68856]
"1Click Clocksync"="C:\Program Files\1Click Clocksync\clocksync.exe" [2007-09-26 00:05 385024]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 05:24 167368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 21:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 21:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 17:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 11:29 249856]
"WMC_AutoUpdate"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 21:50 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-05 22:46 282624]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-05-06 07:29 6656]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-06-14 00:57 106496]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2005-06-14 00:07 233472]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-29 12:02 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-01-29 12:02 26248]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 17:06 110592 C:\WINDOWS\system32\ulutil2.dll]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 14:09 102400]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 00:20 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-21 21:21:17 27136]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-21 21:21:17 27136]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-11-19 00:36:37 1172992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]
ldr64.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 14:25]
R0 ulsata2;ulsata2;C:\WINDOWS\system32\DRIVERS\ulsata2.sys [2006-04-06 16:52]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 08:27]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 06:41:20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 13:09:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\1Click Clocksync\clocksync.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2008-01-29 13:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 19:15:15
  • 0

#6
llynxx

llynxx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I ran Kaspersky after Combo fix....

9. KASPERSKY ONLINE SCANNER Log results as follows...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 29, 2008 4:05:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/01/2008
Kaspersky Anti-Virus database records: 536185
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
L:\

Scan Statistics:
Total number of scanned objects: 103478
Number of viruses found: 3
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:57:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\499C091B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A9E02B65.TMP Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\history.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\key3.db Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qiequhdx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\FirefoxTempFolder\Cache\_CACHE_001_ Object is locked skipped
C:\FirefoxTempFolder\Cache\_CACHE_002_ Object is locked skipped
C:\FirefoxTempFolder\Cache\_CACHE_003_ Object is locked skipped
C:\FirefoxTempFolder\Cache\_CACHE_MAP_ Object is locked skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\QooBox\Quarantine\catchme2008-01-29_130900.82.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.in skipped
C:\QooBox\Quarantine\catchme2008-01-29_130900.82.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP661\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S813BCCCE.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5C06B49A-EC0D-4434-A023-7EB192EBCD8E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\APPS\APP01444\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP01444\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP01444\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP01444\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\I386\APPS\APP01444\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP01444\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP01444\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP01444\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP661\change.log Object is locked skipped

Scan process completed.
  • 0

#7
llynxx

llynxx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I then ran Dr. Web and then HJT...(both logs below)

10. Dr. Web Scanner Log results as follows....

AD54D78Cd01;C:\FirefoxTempFolder\Cache;Probably BATCH.Virus;Incurable.Deleted.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted.;
InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;Incurable.Deleted.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
A0118474.sys;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP659;Win32.HLLM.Beagle;Deleted.;
A0119478.sys;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP660;Win32.HLLM.Beagle;Deleted.;
A0120477.sys;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP660;Win32.HLLM.Beagle;Deleted.;
A0121480.sys;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP660;Win32.HLLM.Beagle;Deleted.;
A0121505.bat;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP661;Probably BATCH.Virus;Incurable.Deleted.;
A0121564.exe;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP661;Trojan.Click.2093;Deleted.;
sb6adts.htc\Script.0;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\sb6adts.htc;Probably SCRIPT.Virus;;
sb6adts.htc;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts;Archive contains infected objects;Moved.;
firstopt.js;D:\I386\APPS\APP13662;Probably SCRIPT.Virus;Incurable.Deleted.;


11. HijackThis (I was able to finally run this App. Did this after Dr. Web without a system restart) Log file as follows....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:20 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\cureit.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [1Click Clocksync] "C:\Program Files\1Click Clocksync\clocksync.exe" /auto /auto
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://E:\components\hidinputmonitorx.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://E:\components\A9.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145210223125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145288260109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13852 bytes

Edited by llynxx, 29 January 2008 - 07:56 PM.

  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great looks like its gone. :)
=====================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)


Now click on Fix Checked and then close Hijackthis.
==================================
After that it appears you are running 2 antivirus programs Norton and Nod which ever one you choose to keep remove the other as running 2 can have conflicting results you only need one.
==================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combo-fix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
======================================
Let me know if things are normal again.
  • 0

#9
llynxx

llynxx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Kahdah. My computer is now free of infections. Everything is working fine, except the programs that the infection corrupted i had to reinstall or lose. This is a great forum.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP