|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-03-2007, 03:57 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
virus? (noob)
Hi.
I'm a 14-year-old and I am new at this. I've never posted or gone to forums in my entire life. And I think I might of placed this thread in the wrong category. Please tolerate my newbie-ness. I'm pretty much computer-challenged, though I have to say I'm the one who know most about computers in my family and household. I've had a virus on my old computer before and unfortunately it crashed. Pop-ups are saying I have viruses or spyware or adware. I never got pop-ups before on this computer until now. I friend introduced me to this and I was filled with a ray of hope. Because I was absolutely clueless and lost at trying to fix my computer. I am currently using Mozilla Firefox. I have a WinXP. I have Adware SE Personal, Mcafee Security Center, a-squared free, CCleaner, Spybot- Search and Destroy, SpywareBlaster, SuperAntiSpyware Free Edition, Spyware Guard, and Spyware Doctor. They are all free programs except for Mcafee. But I heard Mcafee isn't a very good antivirus system. I went to a site on accident from Google. I have manually deleted a few things from the SpySweeper scan which I no longer have on my computer. There was a virus that said I had, called ddayx.dll I couldn't find it on my computer. It was in the file C:\WINDOWS\system32. I had all hidden files and folders shown. And yet it was still not to be found. So I scanned with Spyware Doctor and the it shown the same file name. Then Spybot had a notification said ddayx was deleted and would i allow the change. I allowed it. Then a second later, Spybot popped up again saying ddayx was added and would I allow the change. I pressed deny and check the 'remember this decision' box. A second later a whole bunch of boxes on the right-hand side of the computer screen kept coming up saying that I was denying ddayx to add itself. It made my computer lag. Then while Spybot was constantly denying ddayx to be added to my computer. Spybot send another notification. I forgot the file name. I think it was wwayy or something like that. I denied it. And it did the same thing as ddayx. It kept trying to add itself. And the boxes where coming up faster than ddayx. I was installing something. I think it was SUPERAntiSpyware Free Edition. It requested that I restart my computer. And I did. After I did. The boxes saying I was denying the programs stopped popping up. But then my computer kept making this sound indicating that something was taking action on my computer. Usually it has this calm humming sound when I do my things. And it makes that sound when something is being installed or something was scanning. It kept making that sound for a long time. I forgot when it stopped. There were also several notifications from Spybot about allowing BHOs. I didn't know what was spyware and what was not. So I denied all of them except the one from SpyGuard for download protection. I'm pretty sure that I have other errors that I have not taken noticed of, have not seen, or simply can't remember right now. I couldn't install IE-Spyad. I did as I was told to. I saved, unzipped and opened it. But all I found was a folder named 'adult' and several .txt files. I've already killed two computers, and don't want to kill another and waste my parents' money which they took so much effort to find. I am scared out of my mind just thinking about this computer crashing which we bought about a year and a half ago. I'm looking forward to your guidance, and will be forever grateful for any advice that can help my computer. I really hope my problems can be solved with the help of experienced users. I don't know which log to put on here. So I will put a Activescan.txt from Panda ActiveScan, ComboScan.txt and Supplementary.txt from ComboScan. Activescan.txt from Panda ActiveScan: Incident Status Location Virus:Bck/Sdbot.JXD Disinfected Operating system Adware:adware/wupd Not disinfected Windows Registry Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cookies.txt[.tribalfusion.com/] Virus:Trj/Banker.FTI Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Raptisoft\HamsterBall\super_gerball.exe Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats1.reliablestats[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@winantivirus[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.winantivirus[1].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL Virus:Trj/ConHook.AZ Disinfected C:\WINDOWS\mssvb.exe Virus:Bck/Sdbot.JXD Disinfected C:\WINDOWS\system32\vpnsvc.exe ComboScan.txt from ComboScan: ComboScan v20070226.18 run by HP_Administrator on 2007-03-03 at 15:59:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as HP_Administrator.exe) ------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 4:01:56 PM, on 3/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\digivue\Digivue.exe C:\Program Files\digivue\shttps\http.exe C:\WINDOWS\system32\vpnsvc.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\HP_Administrator\Desktop\comboscan.exe C:\PROGRA~1\HIJACK~1\HP_Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\wvuvvvv.dll (file missing) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {4F390BA6-8D71-4312-978E-80C84B7BA88C} - C:\WINDOWS\system32\ddayx.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvuvvvv - wvuvvvv.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Smart Card (VPNSVC) - Unknown owner - C:\WINDOWS\system32\vpnsvc.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys 1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys 3R aracpi - C:\WINDOWS\system32\drivers\aracpi.sys 3S arhidfltr (MS Ar HID Filter Driver) - C:\WINDOWS\system32\drivers\arhidfltr.sys 3R arkbcfltr (Microsoft PS2 Keyboard Filter) - C:\WINDOWS\system32\drivers\arkbcfltr.sys 3R armoucfltr (Microsoft PS2 Mouse Filter) - C:\WINDOWS\system32\drivers\armoucfltr.sys 3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 3R ARPolicy - C:\WINDOWS\system32\drivers\arpolicy.sys 0R bb-run (Promise driver accelerator) - C:\WINDOWS\system32\drivers\bb-run.sys 1R cdrbsvsd - C:\WINDOWS\system32\drivers\cdrbsvsd.sys 0R ftsata2 - C:\WINDOWS\system32\drivers\ftsata2.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys 3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys 3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys 0R iaStor (Intel RAID Controller) - C:\WINDOWS\system32\drivers\iaStor.sys 1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys 1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys 1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\DRIVERS\intelppm.sys (not found) 3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys 3R NaiAvFilter1 - C:\WINDOWS\system32\drivers\naiavf5x.sys 3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 2R npkcrypt - C:\Program Files\Wizet\MapleStory\npkcrypt.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys 3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys 1R SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys 3R SASENUM - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 1R SASKUTIL - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS 3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys 3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 3R WinDriver6 - C:\WINDOWS\system32\drivers\windrvr6.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2R ARSVC - C:\WINDOWS\arservice.exe 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe 2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe 3S Fax - C:\WINDOWS\system32\fxssvc.exe 3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 2R McDetect.exe (McAfee WSC Integration) - c:\program files\mcafee.com\agent\mcdetect.exe 2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 2R McShield (McAfee.com McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe 2R McTskshd.exe (McAfee Task Scheduler) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe 3S mcupdmgr.exe (McAfee SecurityCenter Update Manager) - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe 3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 0S Pml Driver HPZ12 - \SystemRoot\C:\WINDOWS\system32\HPZipm12.exe 2R SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe 3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R VPNSVC (Virtual Smart Card) - "C:\WINDOWS\system32\vpnsvc.exe" 2S spupdsvc (Windows Service Pack Installer update service) - C:\WINDOWS\system32\spupdsvc.exe -- Files created between 2007-02-03 and 2007-03-03 ------------------------------ 2007-03-03 16:01:48 0 d-------- C:\Program Files\HijackThis<HIJACK~1> 2007-03-03 15:43:21 44177 --a------ C:\WINDOWS\system32\pymptdex.dll 2007-03-03 15:43:04 48660 --a------ C:\WINDOWS\system32\mlsaixxf.dll 2007-03-03 15:43:03 1195265 ---hs---- C:\WINDOWS\system32\xyadd.bak2<XYADD~2.BAK> 2007-03-03 15:30:26 0 d-------- C:\ie-spyad_zo<IE-SPY~1> 2007-03-03 03:24:56 69 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys<PFDNNT~1.SYS> 2007-03-03 03:24:55 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe 2007-03-03 03:18:38 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-03-03 03:18:36 0 d-------- C:\WINDOWS\LastGood 2007-03-03 02:27:07 1194486 ---hs---- C:\WINDOWS\system32\xyadd.ini2<XYADD~1.INI> 2007-03-03 01:58:33 0 --a------ C:\WINDOWS\ORUN32.EXE 2007-03-03 01:58:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-03-03 01:52:06 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3> 2007-03-03 01:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-03 01:51:41 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1> 2007-03-03 01:51:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-03 01:50:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-03-03 01:01:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-03-03 01:01:00 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-03-03 01:01:00 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-03-03 01:00:44 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~2> 2007-03-03 01:00:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools<PCTOOL~1> 2007-03-02 23:14:06 164 --a------ C:\install.dat 2007-03-02 23:07:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo! 2007-03-02 15:42:54 1186762 ---hs---- C:\WINDOWS\system32\xyadd.bak1<XYADD~1.BAK> 2007-03-02 15:42:28 282164 -----n--- C:\WINDOWS\system32\ddayx.dll 2007-02-28 22:26:46 66560 --a------ C:\WINDOWS\system32\rsbmsc.exe 2007-02-25 17:10:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore 2007-02-25 17:09:59 0 d-------- C:\Program Files\Common Files\Nullsoft 2007-02-25 17:09:37 0 d-------- C:\Program Files\AIM6 2007-02-24 23:05:57 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1> 2007-02-24 22  33 54272 -----n--- C:\WINDOWS\system32\vpnsvc.exe2007-02-15 18:49:23 0 d-------- C:\Program Files\Common Files\Adobe 2007-02-15 18:49:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-02-15 00 26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint<VIEWPO~1>2007-02-06 15:21:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat -- Find3M Report ---------------------------------------------------------------- 2007-03-03 15:59:10 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-03 15:17:00 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-03-03 03:45:33 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-03-03 03:36:50 0 d-------- C:\Program Files\digivue 2007-03-03 03:35:47 0 d-a------ C:\Program Files\Common Files\LightScribe<LIGHTS~1> 2007-02-26 16:44:56 0 d-------- C:\Program Files\Common Files\AOL 2007-02-25 17:10:11 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1> 2007-02-25 17:03:17 0 d-------- C:\Program Files\AIM 2007-02-18 17:37:59 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-02-15 18:48:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM 2007-02-13 18:42:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla 2007-02-02 16:15:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-16 22:34:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-01-16 22:34:18 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "SpybotSD TeaTimer"="\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\"" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "AlwaysReady Power Message APP"="ARPWRMSG.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "RTHDCPL"="RTHDCPL.EXE" "HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" "DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "PCDrProfiler"="" "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\"" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\"" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "KBD"="C:\\HP\\KBD\\KBD.EXE" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{1FFB1A32-1D58-46CF-BE8B-237586AF7F2F}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvvv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-03-03 at 16:02:43 ------------------------- Supplementary.txt from ComboScan: ComboScan v20070226.18 run by HP_Administrator on 2007-03-03 at 15:59:02 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 71% Physical Memory (total/avail): 958.48 MiB / 271.79 MiB Pagefile Memory (total/avail): 2312.46 MiB / 1511.94 MiB Virtual Memory (total/avail): 2047.88 MiB / 1983.89 MiB C: is Fixed (NTFS) - 224.38 GiB total, 201.9 GiB free. D: is Fixed (FAT32) - 8.49 GiB total, 0.42 GiB free. E: is CDROM (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. AV: McAfee VirusScan v (McAfee) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SKULD ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Administrator LOGONSERVER=\\SKULD NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2b01 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp USERDOMAIN=SKULD USERNAME=HP_Administrator USERPROFILE=C:\Documents and Settings\HP_Administrator windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- HP_Administrator (admin) account (new local, admin) Administrator (admin) -- Add/Remove Programs ---------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe" Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Agere Systems PCI-SV92PP Soft Modem --> agrsmdel AIM 6.0 --> C:\Program Files\AIM6\uninst.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Client --> C:\PROGRA~1\Client\UNWISE.EXE C:\PROGRA~1\Client\INSTALL.LOG Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033 Digivue --> C:\PROGRA~1\digivue\UNWISE.EXE C:\PROGRA~1\digivue\INSTALL.LOG DigiVue Client --> C:\PROGRA~1\DIGIVU~1\UNWISE.EXE C:\PROGRA~1\DIGIVU~1\INSTALL.LOG Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920} HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP DVD Play 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP Extended Capabilities 5.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll" J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966} Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612} McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm Microsoft Away Mode --> Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PS2 --> C:\WINDOWS\system32\ps2.exe uninstall QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe" Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 4.0 --> C:\Program Files\Spyware Doctor\unins000.exe SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Update Rollup 2 for Windows XP Media Center Edition 2005 --> Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of ComboScan: finished at 2007-03-03 at 16:02:43 ------------------------- Last edited by h0pefulchilD; 03-03-2007 at 04:00 PM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-03-2007, 04:05 PM
|
#2 (permalink) |
|
Moderator, Microsoft Support, Happy to support TSF!
Join Date: Feb 2005
Location: United Kingdom
Posts: 7,023
OS: XP Pro SP3, Windows 7 Ultimate, Ubuntu v8.04
|
Hi h0pefulchilD, welcome to TSF...
for a 'noob', i'm impressed with how well you documented everything and all the log files  Anyway, there are issues in the log which need addressing so I am going to move this across to the Hijack This forum. I advise you to subcribe to the thread so as soon as one of our analysts is able to review it and give you some instruction, you will receive an email. Try not to worry about things too much as i'm confident they will help you fix things. If you have any questions or problems, don't hesitate to ask.
__________________
  ASUS P5K-E WiFi | Intel Core 2 Duo E6600 Conroe 2.4GHz (OC 3.60GHz) | 4GB Corsair DDR2 XMS2-6400C4 RAM (4-4-4-12) | PowerColor ATI Radeon HD 3850 Pro Xtreme 512MB GDDR3 GPU | Maxtor DiamondMax 22 500GB, Maxtor DiamondMax 23 500GB & 2xMaxtor DiamondMax 21 250GB SATA HDDs | Thermaltake CL-P0114 Heatsink + 6 LED Case Fans | Corsair HX620W Modular PSU | Enermax Black Knight (CS-527) Case | Pioneer DVR-216 SATA 20x20 DVD±RW In a world without walls or fences - who needs Windows and Gates? |
|
|
|
|
03-04-2007, 08:34 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
Welcome to Tech Support Forum!  I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. Your system has a Vundo infection. So, let’s do this first. First of all, we will need to disable a few security applications as they may interfere with the fixes that we need to make. To disable Spybot’s TeaTimer function:
To deactivate Spyware Doctor's OnGuard Tools:
To disable SpywareGuard:
NEXT: Please download VundoFix.exe by Atribune and save it to your desktop.
NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. Run VundoFix and scan for Vundo as many times as necessary until VundoFix says "No infected files were found".
__________________
 Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
03-05-2007, 06:58 PM
|
#4 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
reply to above
Hi!
I don't think there's a need to apologize. I was expecting to bump my thread. I understand how busy life can get. And probably hundreds others are trying to get your help too. My computer's behavior seem to have changed a bit. I've uninstalled Mcafee since it was out of date. I've installed AVG 7.5, and ZoneAlarm. Both are free downloaded from download.com. My friend also suggest I unplug the ethernet cable when I'm not doing anything important. I did. My computer seems calmer now. And not lagging. The ddayx notifications have stopped. I don't know if it'll help but here's a little more information I got: The BHO's that have popped up: 5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB B56A7D7D-6927-48C8-A975-17DF180C71AC 106CF321-99A3-4E3A-9103-1BD027606A99 The BHO that have stopped popping up: 4604025E-43D8-4BDC-B868-E07538508A66 I don't know if it was a needed BHO or not so I denied them all access. There was a file on CCleaner that won't delete: C:\WINDOWS\Internet Logs\ZALog.txt I won't let me deleted it manually either. I don't know if its a bad file or not. The title seems to tell me its a ZoneAlarm text. My friend also told me two Antiviruses might cause problems and told me to uninstall SUPERAntiVirus and I did. I am really glad that you have found out the problem to my computer. You don't how how much ease that sentence has given me. Words cannot express. Well, now I am off to do what you told me. I'll reply the .txt file in my next reply. Oh, I also notice I was suppose to attach the Supplementary.txt Sorry about that! |
|
|
|
|
03-05-2007, 07:18 PM
|
#5 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
No worries about ZAlog.txt. That is the log of ZoneAlarm. I don't think you could delete it easily even if you wanted to because it would be a locked file. That would require special tools. But, you can leave it alone. Yes, two or more AVs are not recommended. You can have them on your system, but just ensure that only ONE is on auto-protect mode, while the others are used for ad-hoc scans only. By the way, SUPERAntiSpyware is not an AV, and if you have the free home version, there is no auto-protect mode installed. You may reinstall it because it is an excellent scanner for spyware and trojans. It is best used in Safe Mode, though. No worries about the Supplementary.txt from ComboScan, either. As long you can get it here, in whatever form, is fine. Let me know how things go. Cheers! ~ Semps
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 03-05-2007 at 07:19 PM. |
|
|
|
|
03-05-2007, 07:24 PM
|
#6 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
reply
I've done all that you've told me to.
Except for downloading ResetTeaTimer.bat I got a whole page full of text. Maybe it's because I don't have a program to open a .bat file What should I do? Additional Info: A tracking cookie from Internet Explorer Hp Administrator won't deleted from Spybot. -Waiting for your further guidance Last edited by h0pefulchilD; 03-05-2007 at 07:40 PM. |
|
|
|
|
03-05-2007, 10:15 PM
|
#7 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
No worries about that tracking cookie. These are low-level malware and pose no danger to your system. We'll get a crack at it later on (please remind me if I forget ).OK, let's make the batch file to replace the ResetTeaTimer.bat file that you couldn't download. Please do this next. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK), and copy and paste the text present inside the quote box below: Quote:
It should look like this:  Double-click ResetTeaTimer.bat on your desktop. In case you still are unsure on how to create a BAT file, please take a look HERE with screenshots. NEXT: Proceed with the rest of the directions, and let me know if you encounter any problems. Cheers! ~ Semps
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
03-06-2007, 07:34 PM
|
#9 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
It's good to hear that Vundo appears to be gone from your system.
Can I see a new ComboScan log, please?
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
03-06-2007, 08:32 PM
|
#10 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
Comboscan.txt
ComboScan v20070226.18 run by HP_Administrator on 2007-03-06 at 22:30:58
Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as HP_Administrator.exe) ------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:31:00 PM, on 3/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system\hpsysdrv.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\ZoneLabs\UpdClient.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\HPZipm12.exe C:\Documents and Settings\HP_Administrator\Desktop\comboscan.exe C:\PROGRA~1\HIJACK~1\HP_ADM~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\wvuvvvv.dll (file missing) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\200734233632_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvuvvvv - wvuvvvv.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Smart Card (VPNSVC) - Unknown owner - C:\WINDOWS\system32\vpnsvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- Files created between 2007-02-06 and 2007-03-06 ------------------------------ 2007-03-06 17:11:18 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-03-05 21:35:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-03-05 00:51:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-05 00:51:04 0 d-------- C:\WINDOWS\system32\ZoneLabs 2007-03-05 00:50:08 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1> 2007-03-04 23:20:34 0 dr-h----- C:\$VAULT$.AVG 2007-03-04 22:52:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7 2007-03-04 22:51:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-03-04 22:51:29 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-03-04 22:51:28 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-03-04 22:51:28 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-03-04 22:51:28 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-03-04 22:51:27 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-03-04 22:51:25 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-03-04 22:51:16 0 d-------- C:\Program Files\Grisoft 2007-03-04 22:51:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-03-04 22:51:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-03-04 15:25:13 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Aim 2007-03-04 04:01:42 1187106 ---hs---- C:\WINDOWS\system32\xyadd.ini2<XYADD~1.INI> 2007-03-03 16:01:48 0 d-------- C:\Program Files\HijackThis<HIJACK~1> 2007-03-03 15:43:03 1190044 ---hs---- C:\WINDOWS\system32\xyadd.bak2<XYADD~2.BAK> 2007-03-03 15:30:26 0 d-------- C:\ie-spyad_zo<IE-SPY~1> 2007-03-03 03:18:38 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-03-03 01:58:33 0 --a------ C:\WINDOWS\ORUN32.EXE 2007-03-03 01:58:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-03-03 01:52:06 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3> 2007-03-03 01:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-03 01:51:41 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1> 2007-03-03 01:51:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-03 01:01:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-03-03 01:01:00 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-03-03 01:01:00 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-03-03 01:00:44 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~2> 2007-03-03 01:00:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools<PCTOOL~1> 2007-03-02 23:14:06 164 --a------ C:\install.dat 2007-03-02 23:07:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo! 2007-03-02 15:42:54 1186762 ---hs---- C:\WINDOWS\system32\xyadd.bak1<XYADD~1.BAK> 2007-02-25 17:10:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore 2007-02-25 17:09:59 0 d-------- C:\Program Files\Common Files\Nullsoft 2007-02-25 17:09:37 0 d-------- C:\Program Files\AIM6 2007-02-24 23:05:57 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1> 2007-02-15 18:49:23 0 d-------- C:\Program Files\Common Files\Adobe 2007-02-15 18:49:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-02-15 00:06:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint<VIEWPO~1> 2007-02-06 15:21:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat -- Find3M Report ---------------------------------------------------------------- 2007-03-06 20:37:04 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-05 01:28:56 0 d-------- C:\Program Files\Java 2007-03-04 23:38:14 0 d-------- C:\Program Files\McAfee.com 2007-03-04 15:25:07 0 d-------- C:\Program Files\AIM 2007-03-04 15:24:48 0 d-------- C:\Program Files\AOD 2007-03-03 22:19:57 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft<MICROS~1> 2007-03-03 20:53:29 0 d-------- C:\Program Files\NEXON 2007-03-03 20:53:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-03 20:53:13 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-03-03 15:17:00 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-03-03 03:45:33 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-03-03 03:36:50 0 d-------- C:\Program Files\digivue 2007-03-03 03:35:47 0 d-a------ C:\Program Files\Common Files\LightScribe<LIGHTS~1> 2007-02-26 16:44:56 0 d-------- C:\Program Files\Common Files\AOL 2007-02-25 17:10:11 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1> 2007-02-18 17:37:59 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-02-15 18:48:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM 2007-02-13 18:42:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla 2007-02-02 16:15:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "AlwaysReady Power Message APP"="ARPWRMSG.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "RTHDCPL"="RTHDCPL.EXE" "HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" "DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "PCDrProfiler"="" "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "KBD"="C:\\HP\\KBD\\KBD.EXE" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "Cleanup"="C:\\DOCUME~1\\HP_ADM~1\\LOCALS~1\\Temp\\200734233632_mcappins.exe /v=3 /cleanup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{1FFB1A32-1D58-46CF-BE8B-237586AF7F2F}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvvv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASDIFSV *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASENUM *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASKUTIL -- End of ComboScan: finished at 2007-03-06 at 22:31:33 ------------------------- |
|
|
|
|
03-06-2007, 10:11 PM
|
#11 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
Let’s pick up some leftovers. Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present): O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\wvuvvvv.dll (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked". Then please exit HijackThis. NEXT: Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change from what we know in 2006, read this article: http://www.clickz.com/news/article.php/3561546 Additional info: http://vil.nai.com/vil/content/v_137262.htm I suggest you remove the program now. Go to Start -> Control Panel -> Add/Remove Programs and remove the following programs (if present): Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar NEXT: Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well): Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvvv] It should look like this:  Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful. In case you still are unsure on how to create a REG file, please take a look HERE with screenshots. NEXT: Please enable viewing of hidden files as follows:
CAUTION: You will see many folders and files which you may not recognize. Most of these folders and files are LEGITIMATE. Please do NOT delete anything you deem suspicious unless you are specifically instructed to do so. To do otherwise may irreparably damage your system. NEXT: Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FILES (if they exist): C:\WINDOWS\system32\xyadd.ini2 C:\WINDOWS\system32\xyadd.bak2 C:\WINDOWS\system32\xyadd.bak1 Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FOLDERS (if they exist): C:\Program Files\Viewpoint C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint Please let me know if you encountered any problems finding or deleting the files/folders. NEXT: Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind. Please do an online scan with Kaspersky Online Scanner:
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. NEXT: Please download ComboFix by sUBs: NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply:
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
03-07-2007, 01:05 AM
|
#12 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
Problem
I could not delete C:\Programs Files\Viewpoint
http://i59.photobucket.com/albums/g3...uvs/error1.jpg |
|
|
|
|
03-07-2007, 01:05 AM
|
#13 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
Hijackthis.log
Logfile of HijackThis v1.99.1
Scan saved at 12:55:18 AM, on 3/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ZoneLabs\UpdClient.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\wvuvvvv.dll (file missing) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\200734233632_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvuvvvv - wvuvvvv.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Smart Card (VPNSVC) - Unknown owner - C:\WINDOWS\system32\vpnsvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
03-07-2007, 01:06 AM
|
#14 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
kavscan.txt
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Wednesday, March 07, 2007 2:39:30 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 7/03/2007 Kaspersky Anti-Virus database records: 277352 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 79559 Number of viruses found: 4 Number of infected objects: 8 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:08:27 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14DE53A4.tmp Infected: Trojan.Java.ClassLoader.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\272913C1.tmp Infected: Trojan.Java.ClassLoader.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69927BD7.tmp Infected: Trojan.Java.ClassLoader.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BEB5CB4.tmp Infected: Trojan.Java.ClassLoader.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BEE06B0.tmp Infected: Trojan.Java.ClassLoader.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BF230AD.tmp Infected: Trojan.Java.ClassLoader.d skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cert8.db Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\history.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\key3.db Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\parent.lock Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\search.sqlite Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007030720070308\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_d74.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_hphtra07.log Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF53AA.tmp Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP240\A0045552.ocx Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP263\A0047848.dll Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP269\A0050015.exe Infected: Backdoor.Win32.HacDef.hg skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP269\A0050016.dll Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP269\A0050017.dll Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP269\A0050246.dll Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP270\A0050423.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP273\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\SKULD.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{787104A2-F043-4B3A-A8B2-0DDF52B9C61C}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A94B8336-E54E-4907-BE0A-49B37FF7B0BF}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT0481f.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT04822.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP273\change.log Object is locked skipped Scan process completed. |
|
|
|
|
03-07-2007, 01:07 AM
|
#15 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
ComboFix.txt
"HP_Administrator" - 07-03-07 2:41:01 Service Pack 2
ComboFix 07-03-07.2_PreRelease - Running from: "C:\Documents and Settings\HP_Administrator\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\DOWNLO~1.\Quarantine ((((((((((((((((((((((((((((((( Files Created from 2007-02-07 to 2007-03-07 )))))))))))))))))))))))))))))))))) 2007-03-07 01:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-03-07 01:13 <DIR> d-------- C:\WINDOWS\LastGood 2007-03-06 17:11 <DIR> d-------- C:\VundoFix Backups 2007-03-05 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-03-05 00:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-05 00:51 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-03-05 00:50 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-03-04 23:20 <DIR> dr-h----- C:\$VAULT$.AVG 2007-03-04 22:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AVG7 2007-03-04 22:51 775,680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-03-04 22:51 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-03-04 22:51 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-03-04 22:51 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-03-04 22:51 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-03-04 22:51 19,392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-03-04 22:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7 2007-03-04 22:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2007-03-04 22:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7 2007-03-04 15:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Aim 2007-03-03 15:30 <DIR> d-------- C:\ie-spyad_zo 2007-03-03 03:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-03-03 01:58 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-03-03 01:58 0 --a------ C:\WINDOWS\ORUN32.EXE 2007-03-03 01:52 <DIR> d-------- C:\Program Files\SpywareGuard 2007-03-03 01:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-03-03 01:51 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com 2007-03-03 01:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-03-03 01:01 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-03-03 01:01 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-03-03 01:01 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-03-03 01:00 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-03-03 01:00 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools 2007-03-02 23:14 164 --a------ C:\install.dat 2007-03-02 23:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Yahoo! 2007-02-25 17:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore 2007-02-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2007-02-25 17:09 <DIR> d-------- C:\Program Files\AIM6 2007-02-24 23:05 <DIR> d-------- C:\Program Files\a-squared Free 2007-02-15 18:49 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-02-15 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-05 01:28 -------- d-------- C:\Program Files\java 2007-03-04 23:38 -------- d-------- C:\Program Files\mcafee.com 2007-03-04 15:25 -------- d-------- C:\Program Files\aim 2007-03-04 15:24 -------- d-------- C:\Program Files\aod 2007-03-03 22:19 -------- d---s---- C:\DOCUME~1\HP_ADM~1\APPLIC~1\microsoft 2007-03-03 20:53 -------- d--h----- C:\Program Files\installshield installation information 2007-03-03 20:53 -------- d-------- C:\Program Files\nexon 2007-03-03 20:53 -------- d-------- C:\Program Files\Common Files\installshield 2007-03-03 15:17 -------- d-------- C:\Program Files\spywareblaster 2007-03-03 03:45 -------- d-------- C:\Program Files\quicktime 2007-03-03 03:36 -------- d-------- C:\Program Files\digivue 2007-03-03 03:35 -------- d-a------ C:\Program Files\Common Files\lightscribe 2007-02-26 16:44 -------- d-------- C:\Program Files\Common Files\aol 2007-02-25 17:10 -------- d-------- C:\Program Files\viewpoint 2007-02-18 17:37 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-02-15 18:48 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\adobeum 2007-02-13 18:42 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\mozilla 2007-02-06 15:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-02-02 16:15 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\hpq 2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "AlwaysReady Power Message APP"="ARPWRMSG.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "RTHDCPL"="RTHDCPL.EXE" "HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" "DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "PCDrProfiler"="" "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "KBD"="C:\\HP\\KBD\\KBD.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{1FFB1A32-1D58-46CF-BE8B-237586AF7F2F}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASDIFSV *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASENUM *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASKUTIL ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-07 2:43:38 |
|
|
|
|
03-07-2007, 01:27 AM
|
#16 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
Question
My dad has bought this program from a store called Digivue. It is a program for recording from the cameras set throughout our house.
Digivue has this program called MSWINSCK.OCX It cannot run without it But AVG has named it a Trojan I don't know if I should keep or remove it please help?  EDIT: I tried to install Digivue again. Because we need it. But now it won't even install. 
Last edited by h0pefulchilD; 03-07-2007 at 01:38 AM. |
|
|
|
|
03-07-2007, 02:13 AM
|
#17 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
That is a legit file. It seems that lately AVG has been flagging it as malware. Most likely a false positive.
Disable AVG, and you should be able to reinstall Digivue again. Disconnect from the Internet while you're doing this. Once Digivue has been reinstalled, see if there is a way to add MSWINSCK.OCX into an exceptions profile in AVG. I haven't used AVG in awhile, but most reputable AVs should have this function. If it doesn't, let me know and we'll find an alternative. Otherwise, your logs appear to be clean. NEXT: Let's a file quarantine utility to nuke that Viewpoint folder, shall we? Please download OTMoveIt by OldTimer:
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply:
How are things running now? Please let me know of any problems that still persist.
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 03-07-2007 at 02:18 AM. |
|
|
|
|
03-07-2007, 05:19 PM
|
#18 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
That doesn't seem right though. When I scanned with Kaspersky Online Scanner, it said I had 4 viruses and 8 infections. (if I remember correctly)
My computer also have been lagging alot. i did not try to install Digivue as of YET. I will now. OTMoveIt Results: C:\Program Files\Viewpoint\Viewpoint Toolbar moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully. C:\Program Files\Viewpoint moved successfully. File/Folder C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint not found. Created on 03/07/2007 19:13:39 Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 7:15:12 PM, on 3/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system\hpsysdrv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Smart Card (VPNSVC) - Unknown owner - C:\WINDOWS\system32\vpnsvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
03-07-2007, 10:27 PM
|
#19 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
What Kaspersky found were in your AV’s quarantine folder, and some infected system restore points. The restore points are not active and don’t pose any danger to your machine. We’ll clean those out once everything else is clear. Actually, as time goes by, your machine will create new restore points and automatically delete the old infected ones. NEXT: OK, let’s see if we can work out what else may be causing the slow behaviour on your system. First of all, please register (it's free, don't worry) with PC Pitstop and run the full tests here: http://www.pcpitstop.com/pcpitstop/default.asp When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me. NEXT: Please go to Start -> Run and type: devmgmt.msc Click OK. Your system’s Device Manager will now open:
NEXT: Please download Autoruns by Sysinternals and save it to your desktop. Unzip (extract) it to your desktop, open the Autoruns folder, and double-click autoruns.exe to run it. In the main Autoruns window, go to the Logon tab, and uncheck the following entries: HP Software Update TkBellExe QuickTime Task SunJavaUpdateSched MsnMsgr AIM SUPERAntiSpyware You may also check with these websites about any programs on your system that can be stopped from running at startup without compromising performance or usage: Reboot your computer to set the new startup settings. NEXT: Please go to these websites as they give good tips on how to speed up your system: You can also visit this Free Online Scanner for PC Health and Safety to help clean out the junk in your temp files and registry. It also scans for malware, and helps defragment your hard drives. You may also visit these websites and see if tweaking your running Windows XP services will help speed things up a bit:
NEXT: ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. If your system is still slow after following the tips on these websites, please come back here and we’ll see what else we can do speed things a bit.
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
03-22-2007, 07:10 PM
|
#20 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
Re: virus? (noob)
here's the URL you asked for:
http://www.pcpitstop.com/techexpress...LKFWX84VWSXSJJ I think that was all you asked for |
|
|
|
| Thread Tools | |
|
|
