Jump to content


Photo

spyware adware and popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 Amon-Ra

Amon-Ra

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 05 July 2007 - 04:37 PM

Hi there i hope someone here can help me with my computer problem
My computer is a Windows Xp Home edition
and i'm getting lots of popups from Adultfriendfinder, WinAnti-Viruspro2007, reward amazon,AVSystemCare
when ever i search at google and i pick a result i always get redirected to ebay or some other search engine site.
I read the Faq and i downloaded the Ewido Anti-spyware
after scanning 165,362 files with 56 infections
it said "Something bad happened in the Application. Error diagnostic file saved to C:\ProgramFiles\Grisoft\AVGAnti=Spyware7.5\avgas.err"
then it shut down withoout completing the scan
and here are some of the files that were in the preview box
Name threat level
Adware.WebRebate Medium
Adware.InternetOptimizer Medium
Adware.WinAntiVirus Medium
Adware.Generic Medium
Adware.Gator Medium
Adware PriorityScan Medium
Dialer.InstantAccess.f High
Downloader.VBawj High
the rest were a bunch of tracking cookies

I did a quick scan with AVG Anti-Spyware 7.5
and here is the report

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:51:04 PM 07/05/2007

+ Scan result:



HKU\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Ignored.
C:\WINDOWS\system32\F2\mwspasrt83122.exe -> Adware.TTC : Ignored.
C:\WINDOWS\system32\wvuspnn.dll -> Adware.Virtumonde : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.
C:\WINDOWS\system32\av.cpl -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Ignored.
C:\WINDOWS\Downloaded Program Files\website.dll -> Downloader.Agent.bls : Ignored.
C:\WINDOWS\system32\dwutqoin.exe -> Downloader.Tiny.id : Ignored.
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe -> Downloader.VB.awj : Ignored.
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe -> Downloader.VB.awj : Ignored.
C:\WINDOWS\system32\F4\wen2.exe -> Dropper.Agent.bfr : Ignored.
C:\WINDOWS\Downloaded Program Files\search.inf -> Hijacker.StartPage : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@er4ddrtv.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@mcclatchy.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@nba.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt -> TrackingCookie.Enhance : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ehg-chartercommunications.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ehg-eline.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ehg-kasperskylab.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ehg-veohnetworksinc.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@www.paypal[1].txt -> TrackingCookie.Paypal : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@d3.zedo[1].txt -> TrackingCookie.Zedo : Ignored.
C:\WINDOWS\system32\fktrigvh.exe -> Trojan.Agent.anr : Ignored.
C:\WINDOWS\system32\wnstsicom32.exe -> Trojan.Small : Ignored.


::Report end

Also my SBC yahoo Anti Virus Detected these viruses
Win32/Abetear.A
Win32/Matacash.AG
Win32/Vundo.DL
Also nomatter how many rimes i change my internet options hey always revert back to Accept all cookies

i'm gonna run Hijackthis next

Here is my Hijack this Log

ogfile of HijackThis v1.99.1
Scan saved at 6:04:25 PM, on 07/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\desksite\bin\cma.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Z\pop block\PopUpBuster.exe
C:\Documents and Settings\Owner\My Documents\Z\pop block\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jdunfaos.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127144320409
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax3313.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


recently when i'm surfing the internet, the start bar and all the desktop icons will disappear and i'll have to press ctrl+atl+delete to bring up the Task Manager select new task windows explorer o bring it back
it works sometime but the it will disapper again randomly.

I triyed doing a full scan with AVG Anti-Spyware but it messes up again after scanning with windows Denfender and some ther program i came to the concusion that things always go wrong once this file is scanned C:\Documents and Settings\Owner\Local Setings\Temp\JET1519.tmp
i've tried going to the file it self but as soon as i get to Local settings and sometimes even the Owner folder
everything on my windows screen disappears so whatevr is wrong it has to do with these folders
te virus must be somewhere in there but i just can't get to it.


This is the Scan report from Spybot Search and Destroy


--- Search result list ---
RegistryOptimizer: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\AffiliateCreator

RegistryOptimizer: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\RegistryOptimizer.com

CallingHome.biz: Temporary folder (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\THI1C3A.tmp

CallingHome.biz: Temporary folder (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\THI2D40.tmp

CallingHome.biz: Temporary folder (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\THI5374.tmp

CallingHome.biz: Temporary folder (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\THIA5C.tmp

DyFuCA.InternetOptimizer: Executable (File, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\cfout.txt

DyFuCA.InternetOptimizer: Data (File, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\cfin

MagicControl.Agent: Library (File, fixed)
C:\WINDOWS\system32\msegcompid.dll

MagicControl.Agent: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\mc\SA

Mirar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}

Mirar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}

WinFixer: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ApiMon

WinFixer: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApiMon

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension\=...{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}...

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension\=...{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}...

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension\=...{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}...

Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD\VSPF_HK

Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VxD\VSPF_HK

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootStera

Winsoftware.WinAntiVirusPro2006: Application ID (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL

Winsoftware.WinAntiVirusPro2006: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\

Bearshare: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader

Bearshare: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader.1

Bearshare: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare

DriveCleaner 2006: Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_0001_D19M2808\

DriveCleaner 2006: Executable (File, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_0001_D19M2808\installer.exe

DriveCleaner 2006: Data (File, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_0001_D19M2808\size.dat

SpySpotter: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Noah.CDownloadProgressController

SpySpotter: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Noah.CDownloadProgressController.1

SpySpotter: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D7F152AA-2FE1-4cfa-9838-6782BF85C929}

SpySpotter: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Noah.RegistrationObj

SpySpotter: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Noah.RegistrationObj.1

SpySpotter: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3D20508E-59B9-4602-9CF9-49387E9D9BEB}

SpySpotter: Shared DLL (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Oem Common\robj1.dll

SpySpotter: System file (File, fixed)
C:\Program Files\Common Files\Oem Common\robj1.dll

SpySpotter: Program directory (Directory, fixed)
C:\Program Files\Common Files\Oem Common\

WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\

WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\updater\

YazzleSudoku: Executable (File, fixed)
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe

Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

GAIN.Gator: Module usage (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1019.dll

WinAntiVirusPro2006: Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootStera

WinAntiVirusPro2006: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera

Zlob.SiteEntry: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\SiteEntry

Zlob.SiteEntry: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\SiteEntry\

Zlob.SiteEntry: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SiteEntry

Smitfraud-C.CoreService: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

Smitfraud-C.CoreService: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core

Smitfraud-C.CoreService: Data (File, fixing failed)
C:\WINDOWS\system32\drivers\core.cache.dsk

Smitfraud-C.CoreService: System file (File, fixing failed)
C:\WINDOWS\system32\drivers\core.sys

Virtumonde: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\Microsoft\aldd

Virtumonde: Executable (File, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\removalfile.bat

Virtumonde: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


ReliableStats: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


GoClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Statcounter: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Clickbank: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Zedo: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


ErrorSafe: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


ErrorSafe: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Marketengines: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Aornum: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


BlackCore: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Tradedoubler: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Virtumonde: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


TagASaurus: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-03 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-03 Includes\DialerC.sbi (*)
2007-06-20 Includes\Hijackers.sbi (*)
2007-07-03 Includes\HijackersC.sbi (*)
2007-06-27 Includes\Keyloggers.sbi (*)
2007-07-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-20 Includes\Malware.sbi (*)
2007-07-03 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-07-03 Includes\PUPSC.sbi (*)
2007-07-03 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-03 Includes\SecurityC.sbi (*)
2007-06-20 Includes\Spybots.sbi (*)
2007-07-03 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-03 Includes\Trojans.sbi (*)
2007-07-03 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896727
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [See KB885492 for more information]
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: cc6bc45dd5a58158645e7fb2953604fe

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617fa5be646b5e8d6670fd4710acd2d3

Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88209
MD5: 230ea041666125b6812fe3ff964b2df3

Located: HK_LM:Run, CaAvTray
command: "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
file: C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
size: 230512
MD5: 08b9d05430a91a17595e4c80dd06311f

Located: HK_LM:Run, CAVRID
command: "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
file: C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
size: 185456
MD5: a4d690288ffec74b6bd1522354b6aeec

Located: HK_LM:Run, Desksite CMA
command: C:\Program Files\desksite\bin\cma.exe
file: C:\Program Files\desksite\bin\cma.exe
size: 188416
MD5: c4792dbc06f02875c855a10be6532135

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: d7acbc053673f37505b6e2b3c4444f74

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: f498eb87ff75980f5c31827d72fb4d53

Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\System32\hphmon05.exe
file: C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: ec273d5f06235f8f003316003f518ee3

Located: HK_LM:Run, HPHUPD05
command: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
size: 49152
MD5: 671f926abfabfb767d708bbee49df45d

Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7

Located: HK_LM:Run, icq.com
command: rundll32.exe "C:\WINDOWS\system32\jvrncsyt.dll",forkonce
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, icq.com
command: rundll32.exe "C:\WINDOWS\system32\jvrncsyt.dll",forkonce
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 17e216c3b7f4ad39826c219d597bbf03

Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: 4a95f15b706b8fd9ec8715b6401eab7b

Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 98304
MD5: 8b3d67651581347878cd7d8fbf016a64

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: fa7eb9aff3d726a6bf0494bee7e378f6

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9c1c80bbf8e6044980890e2d2d91091c

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac

Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 57344
MD5: 842c7b3e4bb7b7ebf0db9f60ab08ce3e

Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 397312
MD5: 13ce2ad044884884295b1c2377dd5d25

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Compaq Connections.lnk
command: C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
file: C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
size: 16384
MD5: 708fc5318f6ab059104ffd415f146781

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 288472
MD5: 4543367e50bd35e7d1269d42841b156e

Located: System.ini, awvvv
command:
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ddccd
command: C:\WINDOWS\system32\ddccd.dll
file: C:\WINDOWS\system32\ddccd.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, iifgfcc
command: iifgfcc.dll
file: iifgfcc.dll

Located: System.ini, khfdbab
command: khfdbab.dll
file: khfdbab.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{4E346556-6674-464E-A188-A39F84B28B7E} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ddccd.dll

{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
BHO name:
CLSID name:

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
BHO name:
CLSID name: UberButton Class
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 06/12/2006 9:36:14 PM
Date (last access): 07/08/2007 11:32:00 PM
Date (last write): 05/26/2005 3:39:14 AM
Filesize: 181352
Attributes: archive
MD5: 3105430A206291D7F8768F6CD6F3C3BD
CRC32: 28147C76
Version: 2005.5.26.1

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
BHO name:
CLSID name: YahooTaggedBM Class
Path: C:\Program Files\Yahoo!\Common\
Long name: YIeTagBm.dll
Short name:
Date (created): 06/12/2006 9:35:48 PM
Date (last access): 07/09/2007 12:50:54 AM
Date (last write): 01/24/2005 1:55:32 AM
Filesize: 115832
Attributes: archive
MD5: A7DFD7463C4AC34309D2304546D7A96A
CRC32: E2DA49AB
Version: 2005.1.24.1

{868865EC-0295-4C7D-B25D-9F65314145E9} ()
BHO name:
CLSID name:

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 05/28/2007 7:36:34 PM
Date (last access): 07/08/2007 11:31:56 PM
Date (last write): 01/19/2007 11:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\
Long name: swg.dll
Short name:
Date (created): 05/30/2007 2:48:40 PM
Date (last access): 07/08/2007 11:32:00 PM
Date (last write): 05/30/2007 2:48:40 PM
Filesize: 325048
Attributes: archive
MD5: 1DC47CA76A0FFEAA25B45DE5706F2115
CRC32: E2052360
Version: 2.0.301.7164

{DC192567-65F9-4AB6-ADB7-E13575F81726} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: khfdbab.dll

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 06/12/2006 9:18:26 PM
Date (last access): 07/08/2007 11:32:00 PM
Date (last write): 02/03/2005 9:07:08 AM
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft...ney/default.asp
info source: TonyKlein



--- ActiveX list ---
{36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class)
DPF name:
CLSID name: CDKey Class
Installer: C:\WINDOWS\Downloaded Program Files\ITCDKey.inf
Codebase: http://www.cdkeybonu...key/ITCDKey.cab
description:
classification: Open for discussion
known filename: ITCDKEY.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: ITCDKey.dll
Short name:
Date (created): 07/11/2002 5:23:52 AM
Date (last access): 07/08/2007 11:49:52 PM
Date (last write): 07/11/2002 5:23:52 AM
Filesize: 102400
Attributes: archive
MD5: 60E3C62E221031E34FAA093A26AA63B1
CRC32: 05033F07
Version: 1.0.0.11

{7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class)
DPF name:
CLSID name: luna Class
Installer:
Codebase: [url="http://axcab.wrs.mcboo.com/website.cab"]http://

Edited by Amon-Ra, 09 July 2007 - 12:59 AM.


#2 Amon-Ra

Amon-Ra

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 05 July 2007 - 05:34 PM

HI my Norton Anti-Virus is saying i'm infected with
Win32/Abetear.A
and also in my intenet options no matter how many times i change it when i check it again its
back at accept all cookies.

Edited by Amon-Ra, 05 July 2007 - 05:37 PM.


#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 08 July 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 July 2007 - 01:51 PM

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Next:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 Amon-Ra

Amon-Ra

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 13 July 2007 - 01:46 PM

I di what you said and ran the Dr.Wed Cureit it did the first scan and found no viruses
then i selected all drives and pressed the green arrow
and then it said an error has occured and the application shut down
i tryied it 2 times and it did the same thing

here is my CombFix log

"Owner" - 2007-07-13 13:13:54 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

/wow section - STAGE #3
/wow section not completed

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\nqcpvpfu.dll
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\Documents and Settings\Owner.\err.log
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\kdogd.exe
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\pjzqwexy.dat
C:\WINDOWS\system32\pjzqwexy.exe
C:\WINDOWS\system32\pjzqwexy_nav.dat
C:\WINDOWS\system32\pjzqwexy_navps.dat
C:\WINDOWS\system32\win
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_VSPF
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 13:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 00:42 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-07-11 01:05 <DIR> d-------- C:\Program Files\IrfanView
2007-07-08 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-05 16:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-05 14:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-05 01:02 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-03 01:10 <DIR> d-------- C:\Program Files\GraphicsGale FreeEdition
2007-07-03 00:01 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-07-02 04:48 <DIR> d-------- C:\Program Files\GraphicsGale
2007-07-02 04:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Humanbalance
2007-06-27 02:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-06-27 02:05 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-27 02:05 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-27 02:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-27 02:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-06-27 02:05 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-06-27 02:04 <DIR> d-------- C:\Program Files\DivX
2007-06-27 01:28 <DIR> d-------- C:\Program Files\WMV9_VCM
2007-06-24 17:49 <DIR> d-------- C:\Program Files\Windows Defender


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 20:14:36 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-05 20:14:36 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-23 22:41:55 -------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2007-06-08 12:51:13 -------- d-----w C:\Program Files\Easy Internet signup
2007-06-08 09:23:38 -------- d-----w C:\Program Files\MUGEN Editing Ensemble
2007-06-05 17:56:02 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-01 06:46:57 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-29 23:10:42 -------- d-----w C:\Program Files\WinAce
2007-05-29 23:04:22 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-05-29 17:51:08 -------- d-----w C:\Program Files\Google
2007-05-29 09:38:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-05-30 15:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E346556-6674-464E-A188-A39F84B28B7E}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2005-05-26 03:39 181352 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
2005-01-24 01:55 115832 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-30 14:48 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
2005-02-03 09:07 124032 --a------ C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 04:01 C:\WINDOWS\AGRSMMSG.exe]
"Desksite CMA"="C:\Program Files\desksite\bin\cma.exe" [2003-10-19 08:14]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 06:02]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-06-12 22:49]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-06-12 22:49]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-04-22 11:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-15 00:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-20 08:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 06:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccd]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfcc]
iifgfcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdbab]
khfdbab.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_Check]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_Check]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2006 Free]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]


Contents of the 'Scheduled Tasks' folder
2007-07-13 19:34:04 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-13 19:33:04 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-07-13 01:03:02 C:\WINDOWS\tasks\User_Feed_Synchronization-{476C98B5-6996-4DD1-BDF8-616ACC784783}.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 13:31:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 13:38:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-13 13:37

--- E O F ---

thanks for your help what do i do next

hey i just noticed i stoped getting pop ups and my search results on google don't get redirected anymore
i don't know if i'm completly free of the viruses but my computer is working fast again
thanks alot i really appreciate the help you gave me.

Edited by Amon-Ra, 14 July 2007 - 01:00 AM.


#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 July 2007 - 03:57 AM

Hi again,

Yes, ComboFix removed the main infection.

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccd]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfcc]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdbab]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_Check]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_Check]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2006 Free]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]




Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Please do the following:
Run a BitDefender Online scan Here and post the results.

Please also post a new HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 Amon-Ra

Amon-Ra

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 14 July 2007 - 03:17 PM

her is my Bit Defender Online Scan report

BitDefender Online Scanner



Scan report generated at: Sat, Jul 14, 2007 - 15:10:13





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:25:16

Files
345862

Folders
6771

Boot Sectors
3

Archives
13335

Packed Files
18444




Results

Identified Viruses
22

Infected Files
37

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
37




Engines Info

Virus Definitions
672197

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcpas.exe
Infected with: Trojan.Downloader.Winfixer.E

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcpas.exe
Disinfection failed

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcpas.exe
Deleted

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcsdr.exe
Infected with: Trojan.Downloader.Winfixer.E

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcsdr.exe
Disinfection failed

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcsdr.exe
Deleted

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp\CComm.dll
Detected with: Adware.SyncroAD

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp\CComm.dll
Disinfection failed

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp\CComm.dll
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\kdogd.exe.vir
Infected with: Trojan.Peed.Gen

C:\QooBox\Quarantine\C\WINDOWS\system32\kdogd.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\kdogd.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\nqcpvpfu.dll.vir
Infected with: Trojan.JuanSearch.A

C:\QooBox\Quarantine\C\WINDOWS\system32\nqcpvpfu.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\nqcpvpfu.dll.vir
Deleted

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip=>core.sys
Infected with: Rootkit.Agent.EV

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip=>core.sys
Disinfection failed

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip=>core.sys
Deleted

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip
Updated

C:\RECYCLER\S-1-5-21-2775007810-2956847180-3899977248-500\Dc5.vbs
Infected with: Trojan.Clicker.VBS.Krepper

C:\RECYCLER\S-1-5-21-2775007810-2956847180-3899977248-500\Dc5.vbs
Disinfection failed

C:\RECYCLER\S-1-5-21-2775007810-2956847180-3899977248-500\Dc5.vbs
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043965.exe
Infected with: Trojan.Downloader.Winfixer.E

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043965.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043965.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043966.exe
Infected with: Trojan.Downloader.Winfixer.E

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043966.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043966.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050080.exe
Infected with: Trojan.Downloader.Winfixer.O

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050080.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050080.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050138.exe
Infected with: Trojan.Downloader.S.TR

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050138.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050138.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050202.exe
Infected with: Trojan.Fakealert.BX

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050202.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050202.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050367.dll
Infected with: DeepScan:Generic.Dialer.949C67F6

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050367.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050367.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050368.dll
Infected with: DeepScan:Generic.Dialer.309F0008

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050368.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050368.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050369.dll
Infected with: DeepScan:Generic.Dialer.DA4CFC17

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050369.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050369.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050374.dll
Detected with: Dialer.BAX

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050374.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050374.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050375.dll
Infected with: DeepScan:Generic.Dialer.949C67F6

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050375.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050375.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP308\A0050418.dll
Infected with: MemScan:Trojan.Virtumod.AMA

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP308\A0050418.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP308\A0050418.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP313\A0052565.exe
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP313\A0052565.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP313\A0052565.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052626.exe
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052626.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052626.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052627.exe
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052627.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052627.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052632.dll
Infected with: Trojan.PurityScan.DL

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052632.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052632.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054361.exe
Infected with: Trojan.Dropper.Agent.BFR

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054361.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054361.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054363.exe
Infected with: Trojan.Downloader.Vb.AWJ

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054363.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054363.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054364.exe
Infected with: Trojan.Downloader.VB.VDP

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054364.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054364.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054367.exe
Infected with: Dropped:Trojan.Downloader.Adload.NCJ

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054367.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054367.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055472.exe
Infected with: Trojan.Downloader.VB.VDP

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055472.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055472.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055473.exe
Infected with: Trojan.Downloader.S.TR

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055473.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055473.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055475.exe
Infected with: Trojan.Downloader.Winfixer.O

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055475.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055475.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055476.exe
Infected with: Trojan.Fakealert.FB

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055476.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055476.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055479.dll
Infected with: Trojan.Downloader.Adload.NCJ

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055479.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055479.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056845.dll
Infected with: Trojan.JuanSearch.A

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056845.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056845.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056857.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056857.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056857.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056985.exe
Infected with: Trojan.Downloader.Winfixer.E

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056985.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056985.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056986.exe
Infected with: Trojan.Downloader.Winfixer.E

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056986.exe
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056986.exe
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056987.dll
Detected with: Adware.SyncroAD

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056987.dll
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056987.dll
Deleted

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056988.vbs
Infected with: Trojan.Clicker.VBS.Krepper

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056988.vbs
Disinfection failed

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056988.vbs
Deleted

and here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 3:16:02 PM, on 07/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\desksite\bin\cma.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Z\pop block\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E346556-6674-464E-A188-A39F84B28B7E} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127144320409
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax3313.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 July 2007 - 04:10 PM

Hi again,

Scan with HiJackThis and put a check in the box next to the following items;

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {4E346556-6674-464E-A188-A39F84B28B7E} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab


Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 Amon-Ra

Amon-Ra

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 August 2007 - 01:39 AM

sorry about the delay
i did what you said and here is the log

Logfile of HijackThis v1.99.1
Scan saved at 1:37:07 AM, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\desksite\bin\cma.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\My Documents\Z\pop block\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127144320409
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax3313.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 August 2007 - 02:24 AM

Hi again,

Your log looks clean, how is the PC running now?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 Amon-Ra

Amon-Ra

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 August 2007 - 09:52 PM

Hi again,

Your log looks clean, how is the PC running now?

jedi


My PC is running great the only thing is when i go to certain sites this thing pops up
windows installer peparing to install microsoft office 2000 professional
and i have to hit cancel to stop it.
i'm just wondering if its my computer of just the website.

Thanks for all your help with everything i never though i'd get my computer to run fast again

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 August 2007 - 03:31 AM

Hi again,

Glad I could help. As for the installer problem, Office has a tendency to do this, it's very annoying. My work PC does it every time I open an E-Mail!
MS do an installer cleanup utility here:
http://support.microsoft.com/kb/290301
You can remove the Office installer if you follow the instructions on the page.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 August 2007 - 03:40 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button