• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Amon-Ra

spyware adware and popups

13 posts in this topic

Hi there i hope someone here can help me with my computer problem

My computer is a Windows Xp Home edition

and i'm getting lots of popups from Adultfriendfinder, WinAnti-Viruspro2007, reward amazon,AVSystemCare

when ever i search at google and i pick a result i always get redirected to ebay or some other search engine site.

I read the Faq and i downloaded the Ewido Anti-spyware

after scanning 165,362 files with 56 infections

it said "Something bad happened in the Application. Error diagnostic file saved to C:\ProgramFiles\Grisoft\AVGAnti=Spyware7.5\avgas.err"

then it shut down withoout completing the scan

and here are some of the files that were in the preview box

Name threat level

Adware.WebRebate Medium

Adware.InternetOptimizer Medium

Adware.WinAntiVirus Medium

Adware.Generic Medium

Adware.Gator Medium

Adware PriorityScan Medium

Dialer.InstantAccess.f High

Downloader.VBawj High

the rest were a bunch of tracking cookies

 

I did a quick scan with AVG Anti-Spyware 7.5

and here is the report

 

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 5:51:04 PM 07/05/2007

 

+ Scan result:

 

 

 

HKU\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Ignored.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Ignored.

C:\WINDOWS\system32\F2\mwspasrt83122.exe -> Adware.TTC : Ignored.

C:\WINDOWS\system32\wvuspnn.dll -> Adware.Virtumonde : Ignored.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.

C:\WINDOWS\system32\av.cpl -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\FWSvc -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Ignored.

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Ignored.

C:\WINDOWS\Downloaded Program Files\website.dll -> Downloader.Agent.bls : Ignored.

C:\WINDOWS\system32\dwutqoin.exe -> Downloader.Tiny.id : Ignored.

C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe -> Downloader.VB.awj : Ignored.

C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe -> Downloader.VB.awj : Ignored.

C:\WINDOWS\system32\F4\wen2.exe -> Dropper.Agent.bfr : Ignored.

C:\WINDOWS\Downloaded Program Files\search.inf -> Hijacker.StartPage : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@er4ddrtv.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@mcclatchy.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@nba.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt -> TrackingCookie.Enhance : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@ehg-chartercommunications.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@ehg-eline.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@ehg-kasperskylab.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@ehg-veohnetworksinc.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@www.paypal[1].txt -> TrackingCookie.Paypal : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignored.

C:\Documents and Settings\Owner\Cookies\owner@d3.zedo[1].txt -> TrackingCookie.Zedo : Ignored.

C:\WINDOWS\system32\fktrigvh.exe -> Trojan.Agent.anr : Ignored.

C:\WINDOWS\system32\wnstsicom32.exe -> Trojan.Small : Ignored.

 

 

::Report end

 

Also my SBC yahoo Anti Virus Detected these viruses

Win32/Abetear.A

Win32/Matacash.AG

Win32/Vundo.DL

Also nomatter how many rimes i change my internet options hey always revert back to Accept all cookies

 

i'm gonna run Hijackthis next

 

Here is my Hijack this Log

 

ogfile of HijackThis v1.99.1

Scan saved at 6:04:25 PM, on 07/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\desksite\bin\cma.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Yahoo!\Antivirus\ISafe.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Yahoo!\Antivirus\CAVTray.exe

C:\Program Files\Yahoo!\Antivirus\CAVRID.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\My Documents\Z\pop block\PopUpBuster.exe

C:\Documents and Settings\Owner\My Documents\Z\pop block\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jdunfaos.dll",forkonce

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127144320409

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGD...ESS_1069_XP.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax3313.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

 

 

recently when i'm surfing the internet, the start bar and all the desktop icons will disappear and i'll have to press ctrl+atl+delete to bring up the Task Manager select new task windows explorer o bring it back

it works sometime but the it will disapper again randomly.

 

I triyed doing a full scan with AVG Anti-Spyware but it messes up again after scanning with windows Denfender and some ther program i came to the concusion that things always go wrong once this file is scanned C:\Documents and Settings\Owner\Local Setings\Temp\JET1519.tmp

i've tried going to the file it self but as soon as i get to Local settings and sometimes even the Owner folder

everything on my windows screen disappears so whatevr is wrong it has to do with these folders

te virus must be somewhere in there but i just can't get to it.

 

 

This is the Scan report from Spybot Search and Destroy

 

 

--- Search result list ---

RegistryOptimizer: Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\AffiliateCreator

 

RegistryOptimizer: Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\RegistryOptimizer.com

 

CallingHome.biz: Temporary folder (Directory, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\THI1C3A.tmp

 

CallingHome.biz: Temporary folder (Directory, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\THI2D40.tmp

 

CallingHome.biz: Temporary folder (Directory, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\THI5374.tmp

 

CallingHome.biz: Temporary folder (Directory, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\THIA5C.tmp

 

DyFuCA.InternetOptimizer: Executable (File, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\cfout.txt

 

DyFuCA.InternetOptimizer: Data (File, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\cfin

 

MagicControl.Agent: Library (File, fixed)

C:\WINDOWS\system32\msegcompid.dll

 

MagicControl.Agent: User settings (Registry value, fixed)

HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\mc\SA

 

Mirar: Interface (Registry key, fixed)

HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}

 

Mirar: Interface (Registry key, fixed)

HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}

 

WinFixer: Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ApiMon

 

WinFixer: Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApiMon

 

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension\=...{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}...

 

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension\=...{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}...

 

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension\=...{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}...

 

Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD\VSPF_HK

 

Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VxD\VSPF_HK

 

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

 

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

 

Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootStera

 

Winsoftware.WinAntiVirusPro2006: Application ID (Registry key, fixed)

HKEY_CLASSES_ROOT\AppID\WinPGI.DLL

 

Winsoftware.WinAntiVirusPro2006: Program group (Directory, fixed)

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\

 

Bearshare: Root class (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader

 

Bearshare: Root class (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader.1

 

Bearshare: Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare

 

DriveCleaner 2006: Program directory (Directory, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_0001_D19M2808\

 

DriveCleaner 2006: Executable (File, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_0001_D19M2808\installer.exe

 

DriveCleaner 2006: Data (File, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_0001_D19M2808\size.dat

 

SpySpotter: Root class (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\Noah.CDownloadProgressController

 

SpySpotter: Root class (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\Noah.CDownloadProgressController.1

 

SpySpotter: Class ID (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D7F152AA-2FE1-4cfa-9838-6782BF85C929}

 

SpySpotter: Root class (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\Noah.RegistrationObj

 

SpySpotter: Root class (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\Noah.RegistrationObj.1

 

SpySpotter: Class ID (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3D20508E-59B9-4602-9CF9-49387E9D9BEB}

 

SpySpotter: Shared DLL (1 apps) (Registry value, fixed)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Oem Common\robj1.dll

 

SpySpotter: System file (File, fixed)

C:\Program Files\Common Files\Oem Common\robj1.dll

 

SpySpotter: Program directory (Directory, fixed)

C:\Program Files\Common Files\Oem Common\

 

WildTangent: Program directory (Directory, fixed)

C:\WINDOWS\wt\

 

WildTangent: Program directory (Directory, fixed)

C:\WINDOWS\wt\updater\

 

YazzleSudoku: Executable (File, fixed)

C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe

 

Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

 

Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

 

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

GAIN.Gator: Module usage (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1019.dll

 

WinAntiVirusPro2006: Settings (Registry value, fixing failed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootStera

 

WinAntiVirusPro2006: Settings (Registry value, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera

 

Zlob.SiteEntry: User settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\SiteEntry

 

Zlob.SiteEntry: Settings (Registry key, fixed)

HKEY_CLASSES_ROOT\SiteEntry\

 

Zlob.SiteEntry: Uninstall settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SiteEntry

 

Smitfraud-C.CoreService: Settings (Registry key, fixing failed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

 

Smitfraud-C.CoreService: Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core

 

Smitfraud-C.CoreService: Data (File, fixing failed)

C:\WINDOWS\system32\drivers\core.cache.dsk

 

Smitfraud-C.CoreService: System file (File, fixing failed)

C:\WINDOWS\system32\drivers\core.sys

 

Virtumonde: Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\Microsoft\aldd

 

Virtumonde: Executable (File, fixed)

C:\Documents and Settings\Owner\Local Settings\Temp\removalfile.bat

 

Virtumonde: User settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-2775007810-2956847180-3899977248-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}

 

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

SystemDoctor2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

ReliableStats: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

GoClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Statcounter: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

SystemDoctor2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Clickbank: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Zedo: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

ErrorSafe: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

ErrorSafe: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Marketengines: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Aornum: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

BlackCore: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Tradedoubler: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

Virtumonde: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

TagASaurus: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

 

 

 

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

 

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2007-07-08 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2007-05-23 advcheck.dll (1.5.3.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2007-01-02 Tools.dll (2.0.1.0)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2007-07-03 Includes\Cookies.sbi (*)

2007-05-30 Includes\Dialer.sbi (*)

2007-07-03 Includes\DialerC.sbi (*)

2007-06-20 Includes\Hijackers.sbi (*)

2007-07-03 Includes\HijackersC.sbi (*)

2007-06-27 Includes\Keyloggers.sbi (*)

2007-07-03 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2007-06-20 Includes\Malware.sbi (*)

2007-07-03 Includes\MalwareC.sbi (*)

2007-03-21 Includes\PUPS.sbi (*)

2007-07-03 Includes\PUPSC.sbi (*)

2007-07-03 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-07-03 Includes\SecurityC.sbi (*)

2007-06-20 Includes\Spybots.sbi (*)

2007-07-03 Includes\SpybotsC.sbi (*)

2005-02-17 Includes\Tracks.uti

2007-07-03 Includes\Trojans.sbi (*)

2007-07-03 Includes\TrojansC.sbi (*)

2007-06-06 Plugins\TCPIPAddress.dll

 

 

 

--- System information ---

Windows XP (Build: 2600) Service Pack 2

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

/ DataAccess: Microsoft Data Access Components KB870669

/ DataAccess: Security Update for Microsoft Data Access Components

/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643

/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282

/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB883939

/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923

/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688

/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896727

/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2

/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715

/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)

/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)

/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs

/ Windows / SP1: Microsoft National Language Support Downlevel APIs

/ Windows Media Player: Windows Media Player Hotfix [see Q828026 for more information]

/ Windows Media Player / SP0: Windows Media Player Hotfix [see Q828026 for more information]

/ Windows Media Player: Windows Media Update 819639

/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)

/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)

/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)

/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [see KB885492 for more information]

/ Windows XP: Security Update for Windows XP (KB923689)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)

/ Windows XP / SP2: Windows XP Service Pack 2

/ Windows XP / SP3: Windows XP Hotfix - KB873333

/ Windows XP / SP3: Windows XP Hotfix - KB873339

/ Windows XP / SP3: Windows XP Hotfix - KB885250

/ Windows XP / SP3: Windows XP Hotfix - KB885835

/ Windows XP / SP3: Windows XP Hotfix - KB885836

/ Windows XP / SP3: Windows XP Hotfix - KB886185

/ Windows XP / SP3: Windows XP Hotfix - KB887472

/ Windows XP / SP3: Windows XP Hotfix - KB887742

/ Windows XP / SP3: Windows XP Hotfix - KB888113

/ Windows XP / SP3: Windows XP Hotfix - KB888302

/ Windows XP / SP3: Security Update for Windows XP (KB890046)

/ Windows XP / SP3: Windows XP Hotfix - KB890047

/ Windows XP / SP3: Windows XP Hotfix - KB890175

/ Windows XP / SP3: Windows XP Hotfix - KB890859

/ Windows XP / SP3: Windows XP Hotfix - KB891781

/ Windows XP / SP3: Security Update for Windows XP (KB893066)

/ Windows XP / SP3: Windows XP Hotfix - KB893086

/ Windows XP / SP3: Security Update for Windows XP (KB893756)

/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

/ Windows XP / SP3: Security Update for Windows XP (KB896358)

/ Windows XP / SP3: Security Update for Windows XP (KB896422)

/ Windows XP / SP3: Security Update for Windows XP (KB896423)

/ Windows XP / SP3: Security Update for Windows XP (KB896424)

/ Windows XP / SP3: Security Update for Windows XP (KB896428)

/ Windows XP / SP3: Security Update for Windows XP (KB896688)

/ Windows XP / SP3: Update for Windows XP (KB898461)

/ Windows XP / SP3: Security Update for Windows XP (KB899587)

/ Windows XP / SP3: Security Update for Windows XP (KB899588)

/ Windows XP / SP3: Security Update for Windows XP (KB899591)

/ Windows XP / SP3: Update for Windows XP (KB900485)

/ Windows XP / SP3: Security Update for Windows XP (KB900725)

/ Windows XP / SP3: Security Update for Windows XP (KB901017)

/ Windows XP / SP3: Security Update for Windows XP (KB901190)

/ Windows XP / SP3: Security Update for Windows XP (KB901214)

/ Windows XP / SP3: Security Update for Windows XP (KB902400)

/ Windows XP / SP3: Security Update for Windows XP (KB904706)

/ Windows XP / SP3: Update for Windows XP (KB904942)

/ Windows XP / SP3: Security Update for Windows XP (KB905414)

/ Windows XP / SP3: Security Update for Windows XP (KB905749)

/ Windows XP / SP3: Security Update for Windows XP (KB905915)

/ Windows XP / SP3: Security Update for Windows XP (KB908519)

/ Windows XP / SP3: Update for Windows XP (KB908531)

/ Windows XP / SP3: Update for Windows XP (KB910437)

/ Windows XP / SP3: Security Update for Windows XP (KB911280)

/ Windows XP / SP3: Security Update for Windows XP (KB911562)

/ Windows XP / SP3: Security Update for Windows XP (KB911567)

/ Windows XP / SP3: Security Update for Windows XP (KB911927)

/ Windows XP / SP3: Security Update for Windows XP (KB912919)

/ Windows XP / SP3: Security Update for Windows XP (KB913580)

/ Windows XP / SP3: Security Update for Windows XP (KB914388)

/ Windows XP / SP3: Security Update for Windows XP (KB914389)

/ Windows XP / SP3: Hotfix for Windows XP (KB914440)

/ Windows XP / SP3: Hotfix for Windows XP (KB915865)

/ Windows XP / SP3: Security Update for Windows XP (KB916281)

/ Windows XP / SP3: Update for Windows XP (KB916595)

/ Windows XP / SP3: Security Update for Windows XP (KB917159)

/ Windows XP / SP3: Security Update for Windows XP (KB917344)

/ Windows XP / SP3: Security Update for Windows XP (KB917422)

/ Windows XP / SP3: Security Update for Windows XP (KB917953)

/ Windows XP / SP3: Security Update for Windows XP (KB918118)

/ Windows XP / SP3: Security Update for Windows XP (KB918439)

/ Windows XP / SP3: Security Update for Windows XP (KB918899)

/ Windows XP / SP3: Security Update for Windows XP (KB919007)

/ Windows XP / SP3: Security Update for Windows XP (KB920213)

/ Windows XP / SP3: Security Update for Windows XP (KB920214)

/ Windows XP / SP3: Security Update for Windows XP (KB920670)

/ Windows XP / SP3: Security Update for Windows XP (KB920683)

/ Windows XP / SP3: Security Update for Windows XP (KB920685)

/ Windows XP / SP3: Update for Windows XP (KB920872)

/ Windows XP / SP3: Security Update for Windows XP (KB921398)

/ Windows XP / SP3: Security Update for Windows XP (KB921883)

/ Windows XP / SP3: Update for Windows XP (KB922582)

/ Windows XP / SP3: Security Update for Windows XP (KB922616)

/ Windows XP / SP3: Security Update for Windows XP (KB922760)

/ Windows XP / SP3: Security Update for Windows XP (KB922819)

/ Windows XP / SP3: Security Update for Windows XP (KB923191)

/ Windows XP / SP3: Security Update for Windows XP (KB923414)

/ Windows XP / SP3: Security Update for Windows XP (KB923694)

/ Windows XP / SP3: Security Update for Windows XP (KB923980)

/ Windows XP / SP3: Security Update for Windows XP (KB924191)

/ Windows XP / SP3: Security Update for Windows XP (KB924270)

/ Windows XP / SP3: Security Update for Windows XP (KB924496)

/ Windows XP / SP3: Security Update for Windows XP (KB924667)

/ Windows XP / SP3: Security Update for Windows XP (KB925454)

/ Windows XP / SP3: Security Update for Windows XP (KB925486)

/ Windows XP / SP3: Security Update for Windows XP (KB925902)

/ Windows XP / SP3: Security Update for Windows XP (KB926255)

/ Windows XP / SP3: Security Update for Windows XP (KB926436)

/ Windows XP / SP3: Security Update for Windows XP (KB927779)

/ Windows XP / SP3: Security Update for Windows XP (KB927802)

/ Windows XP / SP3: Update for Windows XP (KB927891)

/ Windows XP / SP3: Security Update for Windows XP (KB928090)

/ Windows XP / SP3: Security Update for Windows XP (KB928255)

/ Windows XP / SP3: Security Update for Windows XP (KB928843)

/ Windows XP / SP3: Security Update for Windows XP (KB929123)

/ Windows XP / SP3: Update for Windows XP (KB929338)

/ Windows XP / SP3: Security Update for Windows XP (KB929969)

/ Windows XP / SP3: Security Update for Windows XP (KB930178)

/ Windows XP / SP3: Update for Windows XP (KB930916)

/ Windows XP / SP3: Security Update for Windows XP (KB931261)

/ Windows XP / SP3: Security Update for Windows XP (KB931768)

/ Windows XP / SP3: Security Update for Windows XP (KB931784)

/ Windows XP / SP3: Update for Windows XP (KB931836)

/ Windows XP / SP3: Security Update for Windows XP (KB932168)

/ Windows XP / SP3: Security Update for Windows XP (KB935839)

/ Windows XP / SP3: Security Update for Windows XP (KB935840)

 

 

--- Startup entries list ---

Located: HK_LM:Run, !AVG Anti-Spyware

command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

size: 6731312

MD5: cc6bc45dd5a58158645e7fb2953604fe

 

Located: HK_LM:Run, Adobe Photo Downloader

command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

size: 57344

MD5: 617fa5be646b5e8d6670fd4710acd2d3

 

Located: HK_LM:Run, AGRSMMSG

command: AGRSMMSG.exe

file: C:\WINDOWS\AGRSMMSG.exe

size: 88209

MD5: 230ea041666125b6812fe3ff964b2df3

 

Located: HK_LM:Run, CaAvTray

command: "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

file: C:\Program Files\Yahoo!\Antivirus\CAVTray.exe

size: 230512

MD5: 08b9d05430a91a17595e4c80dd06311f

 

Located: HK_LM:Run, CAVRID

command: "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

file: C:\Program Files\Yahoo!\Antivirus\CAVRID.exe

size: 185456

MD5: a4d690288ffec74b6bd1522354b6aeec

 

Located: HK_LM:Run, Desksite CMA

command: C:\Program Files\desksite\bin\cma.exe

file: C:\Program Files\desksite\bin\cma.exe

size: 188416

MD5: c4792dbc06f02875c855a10be6532135

 

Located: HK_LM:Run, HotKeysCmds

command: C:\WINDOWS\system32\hkcmd.exe

file: C:\WINDOWS\system32\hkcmd.exe

size: 126976

MD5: d7acbc053673f37505b6e2b3c4444f74

 

Located: HK_LM:Run, HPDJ Taskbar Utility

command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

size: 188416

MD5: f498eb87ff75980f5c31827d72fb4d53

 

Located: HK_LM:Run, HPHmon05

command: C:\WINDOWS\System32\hphmon05.exe

file: C:\WINDOWS\System32\hphmon05.exe

size: 483328

MD5: ec273d5f06235f8f003316003f518ee3

 

Located: HK_LM:Run, HPHUPD05

command: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

file: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

size: 49152

MD5: 671f926abfabfb767d708bbee49df45d

 

Located: HK_LM:Run, hpsysdrv

command: c:\windows\system\hpsysdrv.exe

file: c:\windows\system\hpsysdrv.exe

size: 52736

MD5: 06a1ecb63df139ec639e084d4ab3c9d7

 

Located: HK_LM:Run, icq.com

command: rundll32.exe "C:\WINDOWS\system32\jvrncsyt.dll",forkonce

file: C:\WINDOWS\system32\rundll32.exe

size: 33280

MD5: da285490bbd8a1d0ce6623577d5ba1ff

 

Located: HK_LM:Run, icq.com

command: rundll32.exe "C:\WINDOWS\system32\jvrncsyt.dll",forkonce

file: C:\WINDOWS\system32\rundll32.exe

size: 33280

MD5: da285490bbd8a1d0ce6623577d5ba1ff

 

Located: HK_LM:Run, IgfxTray

command: C:\WINDOWS\system32\igfxtray.exe

file: C:\WINDOWS\system32\igfxtray.exe

size: 155648

MD5: 17e216c3b7f4ad39826c219d597bbf03

 

Located: HK_LM:Run, KBD

command: C:\HP\KBD\KBD.EXE

file: C:\HP\KBD\KBD.EXE

size: 61440

MD5: 4a95f15b706b8fd9ec8715b6401eab7b

 

Located: HK_LM:Run, PS2

command: C:\WINDOWS\system32\ps2.exe

file: C:\WINDOWS\system32\ps2.exe

size: 98304

MD5: 8b3d67651581347878cd7d8fbf016a64

 

Located: HK_LM:Run, QuickTime Task

command: "C:\Program Files\QuickTime\qttask.exe" -atboottime

file: C:\Program Files\QuickTime\qttask.exe

size: 282624

MD5: fa7eb9aff3d726a6bf0494bee7e378f6

 

Located: HK_LM:Run, SunJavaUpdateSched

command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

size: 83608

MD5: 9c1c80bbf8e6044980890e2d2d91091c

 

Located: HK_LM:Run, TkBellExe

command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

size: 180269

MD5: 1ac2c58b587c70de64582ad41ee79fba

 

Located: HK_LM:Run, Windows Defender

command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide

file: C:\Program Files\Windows Defender\MSASCui.exe

size: 866584

MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac

 

Located: HK_LM:Run, YBrowser

command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

size: 57344

MD5: 842c7b3e4bb7b7ebf0db9f60ab08ce3e

 

Located: HK_LM:Run, YOP

command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

file: C:\PROGRA~1\Yahoo!\YOP\yop.exe

size: 397312

MD5: 13ce2ad044884884295b1c2377dd5d25

 

Located: HK_LM:RunOnce, SpybotSnD

command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4393096

MD5: 09ca174a605b480318731e691dc98539

 

Located: HK_CU:Run, ctfmon.exe

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 24232996a38c0b0cf151c2140ae29fc8

 

Located: Startup (common), Adobe Reader Speed Launch.lnk

command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

size: 29696

MD5: 43362b96870ce8649f4f2ec893da93f0

 

Located: Startup (common), Compaq Connections.lnk

command: C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

file: C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

size: 16384

MD5: 708fc5318f6ab059104ffd415f146781

 

Located: Startup (common), HP Digital Imaging Monitor.lnk

command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

size: 288472

MD5: 4543367e50bd35e7d1269d42841b156e

 

Located: System.ini, awvvv

command:

file:

 

Located: System.ini, crypt32chain

command: crypt32.dll

file: crypt32.dll

 

Located: System.ini, cryptnet

command: cryptnet.dll

file: cryptnet.dll

 

Located: System.ini, cscdll

command: cscdll.dll

file: cscdll.dll

 

Located: System.ini, ddccd

command: C:\WINDOWS\system32\ddccd.dll

file: C:\WINDOWS\system32\ddccd.dll

 

Located: System.ini, igfxcui

command: igfxsrvc.dll

file: igfxsrvc.dll

 

Located: System.ini, iifgfcc

command: iifgfcc.dll

file: iifgfcc.dll

 

Located: System.ini, khfdbab

command: khfdbab.dll

file: khfdbab.dll

 

Located: System.ini, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

 

Located: System.ini, Schedule

command: wlnotify.dll

file: wlnotify.dll

 

Located: System.ini, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

 

Located: System.ini, SensLogn

command: WlNotify.dll

file: WlNotify.dll

 

Located: System.ini, termsrv

command: wlnotify.dll

file: wlnotify.dll

 

Located: System.ini, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

 

Located: System.ini, wlballoon

command: wlnotify.dll

file: wlnotify.dll

 

 

 

--- Browser helper object list ---

{4E346556-6674-464E-A188-A39F84B28B7E} ()

BHO name:

CLSID name:

Path: C:\WINDOWS\system32\

Long name: ddccd.dll

 

{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()

BHO name:

CLSID name:

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)

BHO name:

CLSID name: UberButton Class

Path: C:\Program Files\Yahoo!\Common\

Long name: yiesrvc.dll

Short name:

Date (created): 06/12/2006 9:36:14 PM

Date (last access): 07/08/2007 11:32:00 PM

Date (last write): 05/26/2005 3:39:14 AM

Filesize: 181352

Attributes: archive

MD5: 3105430A206291D7F8768F6CD6F3C3BD

CRC32: 28147C76

Version: 2005.5.26.1

 

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)

BHO name:

CLSID name: YahooTaggedBM Class

Path: C:\Program Files\Yahoo!\Common\

Long name: YIeTagBm.dll

Short name:

Date (created): 06/12/2006 9:35:48 PM

Date (last access): 07/09/2007 12:50:54 AM

Date (last write): 01/24/2005 1:55:32 AM

Filesize: 115832

Attributes: archive

MD5: A7DFD7463C4AC34309D2304546D7A96A

CRC32: E2DA49AB

Version: 2005.1.24.1

 

{868865EC-0295-4C7D-B25D-9F65314145E9} ()

BHO name:

CLSID name:

 

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)

BHO name:

CLSID name: Google Toolbar Helper

description: Google toolbar

classification: Open for discussion

known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll

info link: http://toolbar.google.com/

info source: TonyKlein

Path: c:\program files\google\

Long name: GoogleToolbar1.dll

Short name: GOOGLE~1.DLL

Date (created): 05/28/2007 7:36:34 PM

Date (last access): 07/08/2007 11:31:56 PM

Date (last write): 01/19/2007 11:55:32 PM

Filesize: 2403392

Attributes: readonly archive

MD5: 6319F2D4708DBCAE37CFA03DA10782C0

CRC32: D51D8296

Version: 4.0.1601.4978

 

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)

BHO name:

CLSID name: Google Toolbar Notifier BHO

Path: C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\

Long name: swg.dll

Short name:

Date (created): 05/30/2007 2:48:40 PM

Date (last access): 07/08/2007 11:32:00 PM

Date (last write): 05/30/2007 2:48:40 PM

Filesize: 325048

Attributes: archive

MD5: 1DC47CA76A0FFEAA25B45DE5706F2115

CRC32: E2052360

Version: 2.0.301.7164

 

{DC192567-65F9-4AB6-ADB7-E13575F81726} ()

BHO name:

CLSID name:

Path: C:\WINDOWS\system32\

Long name: khfdbab.dll

 

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)

BHO name:

CLSID name: SidebarAutoLaunch Class

Path: C:\Program Files\Yahoo!\browser\

Long name: YSidebarIEBHO.dll

Short name: YSIDEB~2.DLL

Date (created): 06/12/2006 9:18:26 PM

Date (last access): 07/08/2007 11:32:00 PM

Date (last write): 02/03/2005 9:07:08 AM

Filesize: 124032

Attributes: archive

MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291

CRC32: 75CB3FBB

Version: 2004.8.3.1

 

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()

BHO name:

CLSID name:

description: Microsoft Money

classification: Open for discussion

known filename: mnyviewer.dll

info link: http://www.microsoft.com/money/default.asp

info source: TonyKlein

 

 

 

--- ActiveX list ---

{36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class)

DPF name:

CLSID name: CDKey Class

Installer: C:\WINDOWS\Downloaded Program Files\ITCDKey.inf

Codebase: http://www.cdkeybonus.com/cdkey/ITCDKey.cab

description:

classification: Open for discussion

known filename: ITCDKEY.DLL

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\System32\

Long name: ITCDKey.dll

Short name:

Date (created): 07/11/2002 5:23:52 AM

Date (last access): 07/08/2007 11:49:52 PM

Date (last write): 07/11/2002 5:23:52 AM

Filesize: 102400

Attributes: archive

MD5: 60E3C62E221031E34FAA093A26AA63B1

CRC32: 05033F07

Version: 1.0.0.11

 

{7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class)

DPF name:

CLSID name: luna Class

Installer:

Codebase: http://

Edited by Amon-Ra

Share this post


Link to post
Share on other sites

HI my Norton Anti-Virus is saying i'm infected with

Win32/Abetear.A

and also in my intenet options no matter how many times i change it when i check it again its

back at accept all cookies.

Edited by Amon-Ra

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Next:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

I di what you said and ran the Dr.Wed Cureit it did the first scan and found no viruses

then i selected all drives and pressed the green arrow

and then it said an error has occured and the application shut down

i tryied it 2 times and it did the same thing

 

here is my CombFix log

 

"Owner" - 2007-07-13 13:13:54 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

/wow section - STAGE #3

/wow section not completed

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\nqcpvpfu.dll

C:\WINDOWS\system32\dccdd.bak1

C:\WINDOWS\system32\dccdd.bak2

C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.ini2

C:\WINDOWS\system32\dccdd.tmp

C:\WINDOWS\system32\hhhkj.bak1

C:\WINDOWS\system32\hhhkj.bak2

C:\WINDOWS\system32\hhhkj.ini

C:\WINDOWS\system32\hhhkj.ini2

C:\WINDOWS\system32\hhhkj.tmp

C:\WINDOWS\system32\dccdd.bak1

C:\WINDOWS\system32\dccdd.bak2

C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.ini2

C:\WINDOWS\system32\dccdd.tmp

C:\WINDOWS\system32\hhhkj.bak1

C:\WINDOWS\system32\hhhkj.bak2

C:\WINDOWS\system32\hhhkj.ini

C:\WINDOWS\system32\hhhkj.ini2

C:\WINDOWS\system32\hhhkj.tmp

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor

C:\Documents and Settings\Owner.\err.log

C:\temp\0b9

C:\temp\0b9\tmpTF.log

C:\temp\iee

C:\temp\iee\tmpZTF.log

C:\temp\tn3

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

C:\WINDOWS\system32\F2

C:\WINDOWS\system32\F3

C:\WINDOWS\system32\F4

C:\WINDOWS\system32\F9

C:\WINDOWS\system32\kdogd.exe

C:\WINDOWS\system32\o02PrEz

C:\WINDOWS\system32\o09PrEz

C:\WINDOWS\system32\pjzqwexy.dat

C:\WINDOWS\system32\pjzqwexy.exe

C:\WINDOWS\system32\pjzqwexy_nav.dat

C:\WINDOWS\system32\pjzqwexy_navps.dat

C:\WINDOWS\system32\win

C:\WINDOWS\wr.txt

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CORE

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_VSPF

-------\core

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))

 

 

2007-07-13 13:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-13 00:42 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb

2007-07-11 01:05 <DIR> d-------- C:\Program Files\IrfanView

2007-07-08 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-07-05 16:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-07-05 14:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-07-05 01:02 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Yahoo!

2007-07-03 01:10 <DIR> d-------- C:\Program Files\GraphicsGale FreeEdition

2007-07-03 00:01 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2007-07-02 04:48 <DIR> d-------- C:\Program Files\GraphicsGale

2007-07-02 04:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Humanbalance

2007-06-27 02:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX

2007-06-27 02:05 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-06-27 02:05 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-06-27 02:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-06-27 02:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-06-27 02:05 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-06-27 02:04 <DIR> d-------- C:\Program Files\DivX

2007-06-27 01:28 <DIR> d-------- C:\Program Files\WMV9_VCM

2007-06-24 17:49 <DIR> d-------- C:\Program Files\Windows Defender

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-05 20:14:36 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys

2007-07-05 20:14:36 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys

2007-06-23 22:41:55 -------- d-----w C:\Program Files\IntelliMover Data Transfer Demo

2007-06-08 12:51:13 -------- d-----w C:\Program Files\Easy Internet signup

2007-06-08 09:23:38 -------- d-----w C:\Program Files\MUGEN Editing Ensemble

2007-06-05 17:56:02 -------- d--h--w C:\Program Files\WindowsUpdate

2007-06-01 06:46:57 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-05-29 23:10:42 -------- d-----w C:\Program Files\WinAce

2007-05-29 23:04:22 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\WinRAR

2007-05-29 17:51:08 -------- d-----w C:\Program Files\Google

2007-05-29 09:38:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 04:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 04:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 04:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 04:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

2007-05-30 15:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E346556-6674-464E-A188-A39F84B28B7E}]

C:\WINDOWS\system32\ddccd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

2005-05-26 03:39 181352 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]

2005-01-24 01:55 115832 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-05-30 14:48 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]

2005-02-03 09:07 124032 --a------ C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 04:01 C:\WINDOWS\AGRSMMSG.exe]

"Desksite CMA"="C:\Program Files\desksite\bin\cma.exe" [2003-10-19 08:14]

"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 06:02]

"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-06-12 22:49]

"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-06-12 22:49]

"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-04-22 11:49]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-15 00:58]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-20 08:54]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 06:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccd]

C:\WINDOWS\system32\ddccd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfcc]

iifgfcc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdbab]

khfdbab.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

ALCXMNTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_Check]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_Check]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2006 Free]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-13 19:34:04 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-13 19:33:04 C:\WINDOWS\tasks\Symantec NetDetect.job

2007-07-13 01:03:02 C:\WINDOWS\tasks\User_Feed_Synchronization-{476C98B5-6996-4DD1-BDF8-616ACC784783}.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-13 13:31:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-13 13:38:02 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-13 13:37

 

--- E O F ---

 

thanks for your help what do i do next

 

hey i just noticed i stoped getting pop ups and my search results on google don't get redirected anymore

i don't know if i'm completly free of the viruses but my computer is working fast again

thanks alot i really appreciate the help you gave me.

Edited by Amon-Ra

Share this post


Link to post
Share on other sites

Hi again,

 

Yes, ComboFix removed the main infection.

 

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccd]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfcc]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdbab]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_Check]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_Check]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2006 Free]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]

 

 

 

 

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

Please also post a new HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

her is my Bit Defender Online Scan report

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Sat, Jul 14, 2007 - 15:10:13

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;F:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:25:16

 

Files

345862

 

Folders

6771

 

Boot Sectors

3

 

Archives

13335

 

Packed Files

18444

 

 

 

 

Results

 

Identified Viruses

22

 

Infected Files

37

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

37

 

 

 

 

Engines Info

 

Virus Definitions

672197

 

Engine build

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

6

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcpas.exe

Infected with: Trojan.Downloader.Winfixer.E

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcpas.exe

Disinfection failed

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcpas.exe

Deleted

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcsdr.exe

Infected with: Trojan.Downloader.Winfixer.E

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcsdr.exe

Disinfection failed

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp\udcsdr.exe

Deleted

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp\CComm.dll

Detected with: Adware.SyncroAD

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp\CComm.dll

Disinfection failed

 

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp\CComm.dll

Deleted

 

C:\QooBox\Quarantine\C\WINDOWS\system32\kdogd.exe.vir

Infected with: Trojan.Peed.Gen

 

C:\QooBox\Quarantine\C\WINDOWS\system32\kdogd.exe.vir

Disinfection failed

 

C:\QooBox\Quarantine\C\WINDOWS\system32\kdogd.exe.vir

Deleted

 

C:\QooBox\Quarantine\C\WINDOWS\system32\nqcpvpfu.dll.vir

Infected with: Trojan.JuanSearch.A

 

C:\QooBox\Quarantine\C\WINDOWS\system32\nqcpvpfu.dll.vir

Disinfection failed

 

C:\QooBox\Quarantine\C\WINDOWS\system32\nqcpvpfu.dll.vir

Deleted

 

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip=>core.sys

Infected with: Rootkit.Agent.EV

 

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip=>core.sys

Disinfection failed

 

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip=>core.sys

Deleted

 

C:\QooBox\Quarantine\catchme2007-07-13_133102.45.zip

Updated

 

C:\RECYCLER\S-1-5-21-2775007810-2956847180-3899977248-500\Dc5.vbs

Infected with: Trojan.Clicker.VBS.Krepper

 

C:\RECYCLER\S-1-5-21-2775007810-2956847180-3899977248-500\Dc5.vbs

Disinfection failed

 

C:\RECYCLER\S-1-5-21-2775007810-2956847180-3899977248-500\Dc5.vbs

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043965.exe

Infected with: Trojan.Downloader.Winfixer.E

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043965.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043965.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043966.exe

Infected with: Trojan.Downloader.Winfixer.E

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043966.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP276\A0043966.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050080.exe

Infected with: Trojan.Downloader.Winfixer.O

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050080.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050080.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050138.exe

Infected with: Trojan.Downloader.S.TR

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050138.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050138.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050202.exe

Infected with: Trojan.Fakealert.BX

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050202.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP304\A0050202.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050367.dll

Infected with: DeepScan:Generic.Dialer.949C67F6

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050367.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050367.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050368.dll

Infected with: DeepScan:Generic.Dialer.309F0008

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050368.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050368.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050369.dll

Infected with: DeepScan:Generic.Dialer.DA4CFC17

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050369.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050369.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050374.dll

Detected with: Dialer.BAX

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050374.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050374.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050375.dll

Infected with: DeepScan:Generic.Dialer.949C67F6

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050375.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP307\A0050375.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP308\A0050418.dll

Infected with: MemScan:Trojan.Virtumod.AMA

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP308\A0050418.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP308\A0050418.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP313\A0052565.exe

Infected with: Trojan.Downloader.Agent.YFI

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP313\A0052565.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP313\A0052565.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052626.exe

Infected with: Trojan.Downloader.Agent.YFI

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052626.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052626.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052627.exe

Infected with: Trojan.Downloader.Agent.YFI

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052627.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052627.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052632.dll

Infected with: Trojan.PurityScan.DL

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052632.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP315\A0052632.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054361.exe

Infected with: Trojan.Dropper.Agent.BFR

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054361.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054361.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054363.exe

Infected with: Trojan.Downloader.Vb.AWJ

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054363.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054363.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054364.exe

Infected with: Trojan.Downloader.VB.VDP

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054364.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054364.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054367.exe

Infected with: Dropped:Trojan.Downloader.Adload.NCJ

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054367.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP321\A0054367.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055472.exe

Infected with: Trojan.Downloader.VB.VDP

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055472.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055472.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055473.exe

Infected with: Trojan.Downloader.S.TR

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055473.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055473.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055475.exe

Infected with: Trojan.Downloader.Winfixer.O

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055475.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055475.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055476.exe

Infected with: Trojan.Fakealert.FB

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055476.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055476.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055479.dll

Infected with: Trojan.Downloader.Adload.NCJ

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055479.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP322\A0055479.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056845.dll

Infected with: Trojan.JuanSearch.A

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056845.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056845.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056857.exe

Infected with: Trojan.Peed.Gen

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056857.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP330\A0056857.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056985.exe

Infected with: Trojan.Downloader.Winfixer.E

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056985.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056985.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056986.exe

Infected with: Trojan.Downloader.Winfixer.E

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056986.exe

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056986.exe

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056987.dll

Detected with: Adware.SyncroAD

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056987.dll

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056987.dll

Deleted

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056988.vbs

Infected with: Trojan.Clicker.VBS.Krepper

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056988.vbs

Disinfection failed

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP331\A0056988.vbs

Deleted

 

and here is my hijack this log

 

Logfile of HijackThis v1.99.1

Scan saved at 3:16:02 PM, on 07/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\desksite\bin\cma.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Yahoo!\Antivirus\CAVTray.exe

C:\Program Files\Yahoo!\Antivirus\CAVRID.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Antivirus\ISafe.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Owner\My Documents\Z\pop block\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E346556-6674-464E-A188-A39F84B28B7E} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127144320409

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGD...ESS_1069_XP.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax3313.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {4E346556-6674-464E-A188-A39F84B28B7E} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab

O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGD...ESS_1069_XP.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

 

jedi

Share this post


Link to post
Share on other sites

sorry about the delay

i did what you said and here is the log

 

Logfile of HijackThis v1.99.1

Scan saved at 1:37:07 AM, on 08/03/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\desksite\bin\cma.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Yahoo!\Antivirus\CAVTray.exe

C:\Program Files\Yahoo!\Antivirus\CAVRID.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

C:\Program Files\Yahoo!\Antivirus\ISafe.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Owner\My Documents\Z\pop block\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127144320409

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax3313.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Your log looks clean, how is the PC running now?

 

jedi

Share this post


Link to post
Share on other sites
Hi again,

 

Your log looks clean, how is the PC running now?

 

jedi

 

My PC is running great the only thing is when i go to certain sites this thing pops up

windows installer peparing to install microsoft office 2000 professional

and i have to hit cancel to stop it.

i'm just wondering if its my computer of just the website.

 

Thanks for all your help with everything i never though i'd get my computer to run fast again

Share this post


Link to post
Share on other sites

Hi again,

 

Glad I could help. As for the installer problem, Office has a tendency to do this, it's very annoying. My work PC does it every time I open an E-Mail!

MS do an installer cleanup utility here:

http://support.microsoft.com/kb/290301

You can remove the Office installer if you follow the instructions on the page.

 

jedi

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0