Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Spyware remover fakes: Dr. Antivirus and Spylocked
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-30-2007, 11:40 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: Microsoft Windows XP

My System

Spyware remover fakes: Dr. Antivirus and Spylocked
Last night I was on my computer and something downloaded into my system without my permission. It poses as an anti-spyware program and from what I've read, has several "partners". It puts fake system alerts on my tool bar down at the bottom with pop up bubbles claiming I have viruses or trojans or my computer is unprotected and if I click on the bubble it brings up a web page to download their software (for a low price of 50 bucks) to remove the viruses and spyware on my computer.

I have tried using other spyware removers including SpyHunter and XoftSpySE, and nothing is working. I cannot get these fake spyware programs off my computer. When I open a new IE window it has hijacked my home page and always redirects me to their website. I tried to restore my computer to an earlier date and it would not restore.

How can I get rid of this?? Please help, I'm ready to pull out my hair!


Deckard's System Scanner v20070611.50
Run by Compaq_Administrator on 2007-06-30 at 13:24:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
89: 2007-06-30 18:24:46 UTC - RP374 - Deckard's System Scanner Restore Point
88: 2007-06-30 15:36:52 UTC - RP373 - Software Distribution Service 3.0
87: 2007-06-30 15:31:44 UTC - RP372 - Installed Windows Defender
86: 2007-06-30 15:15:38 UTC - RP371 - Restore Operation
85: 2007-06-30 06:14:57 UTC - RP370 - Removed FEAR


-- First Restore Point --
1: 2007-04-03 06:14:21 UTC - RP286 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:28:53 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.darkfantasychat.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.darkfantasychat.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.moove.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 npkcrypt - c:\program files\lineage ii\system\npkcrypt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-30 13:29:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-06-30 10:35:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-06-30 10:15:50 468 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-06-30 10:15:49 462 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-06-30 03:09:14 392 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-06-30 01:28:10 402 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-06-29 20:18:40 594 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Compaq_Administrator.job
2007-06-13 12:26:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-05-30 and 2007-06-30 -----------------------------

2007-06-30 13:17:21 21312 --a------ C:\WINDOWS\choice.exe
2007-06-30 13:16:11 0 d-------- C:\ie-spyad
2007-06-30 13:09:56 0 d-------- C:\Program Files\SpywareBlaster
2007-06-30 10:52:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-30 10:31:46 0 d-------- C:\Program Files\Windows Defender
2007-06-30 10:30:17 0 d-------- C:\WINDOWS\LastGood
2007-06-30 01:56:32 0 d-------- C:\Program Files\Enigma Software Group
2007-06-30 01:28:04 0 d-------- C:\Program Files\RegCure
2007-06-30 00:11:48 0 d-------- C:\Program Files\XoftSpySE
2007-06-29 23:38:30 0 d-------- C:\Program Files\Video ActiveX Access
2007-06-16 19:31:40 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\teamspeak2


-- Find3M Report ---------------------------------------------------------------

2007-06-30 13:26:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-30 12:38:55 0 d-------- C:\Program Files\Norton Internet Security
2007-06-30 12:38:24 0 d-------- C:\Program Files\MSN Messenger
2007-06-30 12:32:08 0 d-------- C:\Program Files\iTunes
2007-06-30 12:31:05 0 d-------- C:\Program Files\Google
2007-06-30 12:25:39 0 d-------- C:\Program Files\DISC
2007-06-30 12:22:39 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-06-30 10:15:25 15747 --a------ C:\WINDOWS\system32\wacom.dat
2007-06-30 01:17:27 0 d-------- C:\Program Files\GemMaster
2007-06-30 01:14:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 01:13:52 0 d-------- C:\Program Files\Easy SpyRemover
2007-06-29 18:01:56 8704 --a-s---- C:\WINDOWS\system32\pjgerka.dll
2007-06-28 17:11:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2007-06-16 19:31:40 0 d-------- C:\Program Files\Teamspeak2_RC2
2007-06-04 00:33:20 0 d-------- C:\Program Files\QuickTime
2007-05-30 11:54:50 0 d-------- C:\Program Files\Java
2007-05-18 22:54:50 1921 --a------ C:\WINDOWS\mozver.dat
2007-05-18 17:23:24 0 d-------- C:\Program Files\iPod
2007-05-18 17:19:19 0 d-------- C:\Program Files\Apple Software Update
2007-05-11 16:10:34 0 d-------- C:\Program Files\EQ2MAP Updater
2007-05-08 16:40:54 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-26 14:31:44 164 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{184746EC-9E9D-4C7D-B9E7-9039EBD801A9} C:\Program Files\Video ActiveX Access\iesplg.dll
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"="C:\\Program Files\\Video ActiveX Access\\iesmn.exe"
"rare"="C:\\Program Files\\Video ActiveX Access\\imsmain.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{596e4935-4d3b-4a3c-842d-2efd1b3de598}"="hundi"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WINDEFEND


-- End of Deckard's System Scanner: finished at 2007-06-30 at 13:29:46 ---------
Attached Files
File Type: txt extra.txt (18.5 KB, 0 views)
HollyW07 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 06-30-2007, 11:54 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,265
OS: N/A


Re: Spyware remover fakes: Dr. Antivirus and Spylocked
1. Download & save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-30-2007, 05:06 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: Microsoft Windows XP

My System

Re: Spyware remover fakes: Dr. Antivirus and Spylocked
Here's the combifix log.

"Compaq_Administrator" - 2007-06-30 18:28:03 - ComboFix 07-07-01 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\video activex access
C:\Program Files\video activex access\iesbpl.dll
C:\Program Files\video activex access\iesbunst.exe
C:\Program Files\video activex access\iesmin.exe
C:\Program Files\video activex access\iesmn.exe
C:\Program Files\video activex access\iesplg.dll
C:\Program Files\video activex access\iesunst.exe
C:\Program Files\video activex access\imsmain.exe
C:\Program Files\video activex access\imsmn.exe
C:\Program Files\video activex access\imsunst.exe
C:\Program Files\video activex access\ot.ico
C:\Program Files\video activex access\ts.ico
C:\Program Files\video activex access\uninst.exe


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-30 18:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 13:24 <DIR> d-------- C:\Deckard
2007-06-30 13:17 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-30 13:16 <DIR> d-------- C:\ie-spyad
2007-06-30 13:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-30 10:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-30 10:31 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-30 10:30 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-30 01:56 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-30 01:28 <DIR> d-------- C:\Program Files\RegCure
2007-06-30 00:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-06-16 19:31 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\teamspeak2
2007-05-18 17:23 <DIR> d-------- C:\Program Files\iTunes
2007-05-18 17:23 <DIR> d-------- C:\Program Files\iPod
2007-05-18 17:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-14 18:26 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-05-11 16:01 <DIR> d-------- C:\Program Files\EQ2MAP Updater
2007-05-08 16:40 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 15:23 <DIR> d-------- C:\Program Files\Easy SpyRemover


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 18:55:30 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-30 17:38:55 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-30 17:38:24 -------- d-----w C:\Program Files\MSN Messenger
2007-06-30 17:31:05 -------- d-----w C:\Program Files\Google
2007-06-30 17:25:39 -------- d-----w C:\Program Files\DISC
2007-06-30 17:22:39 -------- d---a-w C:\Program Files\Common Files\LightScribe
2007-06-30 15:15:25 15,747 ----a-w C:\WINDOWS\system32\wacom.dat
2007-06-30 06:17:27 -------- d-----w C:\Program Files\GemMaster
2007-06-30 06:14:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 23:01:56 8,704 --s-a-w C:\WINDOWS\system32\pjgerka.dll
2007-06-04 05:33:20 -------- d-----w C:\Program Files\QuickTime
2007-05-19 03:54:50 1,921 ----a-w C:\WINDOWS\mozver.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-06-04 23:23:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-09-07 16:28 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 11:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2006-09-06 00:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-07-31 15:32 185848 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-28 00:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-05-18 21:34]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
"@"="" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 09:11]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 16:16]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 00:03]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{596e4935-4d3b-4a3c-842d-2efd1b3de598}"="C:\WINDOWS\system32\pjgerka.dll" [2007-06-29 18:01]

*Newly Created Service* - COMHOST
*Newly Created Service* - WINDEFEND

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

Contents of the 'Scheduled Tasks' folder
2007-06-13 17:26:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-30 15:35:09 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-30 01:18:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Administrator.job
2007-06-30 22:00:05 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-30 06:28:10 C:\WINDOWS\tasks\RegCure.job
2007-06-30 23:29:00 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-30 22:00:18 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-06-30 08:09:14 C:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 18:32:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 18:33:32
C:\ComboFix-quarantined-files.txt ... 2007-06-30 18:33

--- E O F ---


And here's the HJT log. Did you mean the hijack this log or the decker scan log? I have both. I'm going to post the HJT log and if you need the other one I can post that too.

Logfile of HijackThis v1.99.1
Scan saved at 6:46:14 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.darkfantasychat.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.moove.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
HollyW07 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-30-2007, 05:29 PM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,265
OS: N/A


Re: Spyware remover fakes: Dr. Antivirus and Spylocked
Before fixing anything, open notepad and Copy/Paste the text in the box below into it:

Code:
@echo off
rem http://www.techsupportforum.com/security-center/hijackthis-log-help/164851-spyware-remover-fakes-dr-antivirus-spylocked.html
For %%g in (
C:\WINDOWS\system32\pjgerka.dll
) do catchme -l nul -k %%g >nul
nircmd execmd move /y "~$folder.desktop$\catchme.zip" "Submit [%date:/=-% %time::=.%].zip"
echo.Please submit the file - Submit [%date:/=-% %time::=.%].zip
nircmd wait 7000
del %0
Save this as Submit.bat Choose to "Save type as - All Files". It should look like this:
Double click on Submit.bat & allow it to generate a zipped file called Submit [Date Time].zip
Please submit this file to → http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


-----------


You have several programs that are rogueware and we highly recommend that you uninstall them. Rogue or Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. Please refer to this webpage --> http://www.spywarewarrior.com/rogue_anti-spyware.htm

Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:
  • ViewPoint
    RegCure
    Easy SpyRemover
    SpyHunter
Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O15 - Trusted Zone: *.moove.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\WINDOWS\system32\pjgerka.dll
Folder::
C:\Program Files\Enigma Software Group
C:\Program Files\RegCure
C:\Program Files\Easy SpyRemover
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=-
"PCDrProfiler"=-
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{596e4935-4d3b-4a3c-842d-2efd1b3de598}"=-
Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-30-2007, 10:45 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: Microsoft Windows XP

My System

Re: Spyware remover fakes: Dr. Antivirus and Spylocked
I did everything you told me to do and it has gone away! I'm so thrilled. :D I was starting to get really upset because I thought I might have to recover my entire computer in order to get rid of it.

I did not see EasySpyRemover on my computer anywhere but I did delete the other things you told me to. It all worked like a charm! My computer is running a little slow but it's been doing that for a while. I didn't have any problems, and it all worked like a charm. Thank you so much!

Here are the logs you told me to post.

1. HJT log done just before I replied:

Logfile of HijackThis v1.99.1
Scan saved at 12:39:05 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.darkfantasychat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.darkfantasychat.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

2. Online Scan log that took about 2 hours to scan my whole computer:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 01, 2007 12:38:02 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/07/2007
Kaspersky Anti-Virus database records: 356082
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 179796
Number of viruses found: 4
Number of infected objects: 10 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:18:05

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20070630184356\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06302007-103208.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E2D8C762.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdateMgr.exe.ca552b9d.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\dfsr.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\fsr.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\tmp.edb Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{59B9A84B-1E9A-4F24-8B32-EA17030FC85F} Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\asher_forsaken@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012007063020070701\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_a40.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_f00.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFBF6B.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFBF86.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\J437A6MW\BODY[1].htm Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Video ActiveX Access\imsunst.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP370\A0059350.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP370\A0059351.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059434.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059530.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059531.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059535.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059536.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F76AD6F3-4B97-433F-AF2B-DF4D244A083F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{30E46A0F-7BB2-486C-AC3F-9C239906635D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\change.log Object is locked skipped

Scan process completed.


3. ComboFix log:

"Compaq_Administrator" - 2007-06-30 21:56:39 - ComboFix 07-07-01 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Easy SpyRemover
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@about[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adlegend[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adtech[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adultfriendfinder[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@advertising[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@allposters[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@altavista[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@aol[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ask[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@atwola[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@azcentral[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@azjmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@belointeractive[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bfast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bluestreak[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bravenet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@cc-dt[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@clickbank[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@clicksor[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@cybermonitor[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@discovery[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@doubleclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@excite[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@expedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@fortunecity[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@gamespyid[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hollywood[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hotlog[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@howstuffworks[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ign[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@imdb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@infospace[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ivillage[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@kanoodle[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@linksynergy[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@list[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@live365[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@lycos[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mediaplex[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mysimon[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mytrix[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@nextag[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@nytimes[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@partner2profit[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@paycounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@pro-market[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@rambler[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@revenue[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@rootsweb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sageanalyst[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@serving-sys[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sexlist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@specificclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@spylog[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@statcounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@targetnet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ticketmaster[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@toplist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@tradedoubler[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@trafficmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@trb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@tv[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@unicast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@usatoday[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@valueclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@voila[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@washingtonpost[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webmd[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webshots[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webstat[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@wunderground[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@xiti[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@zedo[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@247realmedia[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@about[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@adtech[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@advertising[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@altavista[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@ask[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@atwola[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@bluestreak[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@fortunecity[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@ign[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@imdb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@linksynergy[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@lycos[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@nextag[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@nytimes[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@partner2profit[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@questionmarket[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@real[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@serving-sys[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@sexlist[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@sextracker[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@specificclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@terra.com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@trafficmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@wp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@xiti[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@zedo[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@advertising[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@bravenet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@cybermonitor[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@ign[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@live365[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@lycos[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@partner2profit[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@trafficmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@tribalfusion[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@unicast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@adrevolver[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@advertising[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@ign[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@lycos[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@questionmarket[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@serving-sys[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@sexlist[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@specificclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@trafficmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@webshots[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@adlegend[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@advertising[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@aol[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@atdmt[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@bluestreak[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@doubleclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@lycos[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@nextag[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@pro-market[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@serving-sys[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@sexlist[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@sextracker[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@space[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@specificclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@ticketmaster[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@toplist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@trafficmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@zedo[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_06-30-2007_00-21-04\RegBackup.reg
C:\Program Files\Easy SpyRemover\Easy SpyRemover.log
C:\Program Files\Easy SpyRemover\EasySpyRemover_setup.exe
C:\Program Files\Easy SpyRemover\settings.ini
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@advertising[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@atdmt[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@doubleclick[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@mediaplex[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@questionmarket[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\Microsoft_Windows_CurrentVersion_App Management_ARPCache_Video ActiveX Object.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\Microsoft_Windows_CurrentVersion_App Management_ARPCache_Windows Safety Alert.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\SOFTWARE_Microsoft_Windows_CurrentVersion_policies_explorer_run_rare.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\SOFTWARE_Microsoft_Windows_CurrentVersion_policies_explorer_run_user32_dll.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\VideoAXObject_Chl.dat
C:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\WINDOWS\system32\pjgerka.dll


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-06-30 18:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 13:24 <DIR> d-------- C:\Deckard
2007-06-30 13:17 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-30 13:16 <DIR> d-------- C:\ie-spyad
2007-06-30 13:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-30 10:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-30 10:31 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-30 00:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-06-16 19:31 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\teamspeak2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 02:44:01 15,747 ----a-w C:\WINDOWS\system32\wacom.dat
2007-07-01 02:22:46 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-30 17:38:55 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-30 17:38:24 -------- d-----w C:\Program Files\MSN Messenger
2007-06-30 17:32:08 -------- d-----w C:\Program Files\iTunes
2007-06-30 17:31:05 -------- d-----w C:\Program Files\Google
2007-06-30 17:25:39 -------- d-----w C:\Program Files\DISC
2007-06-30 17:22:39 -------- d---a-w C:\Program Files\Common Files\LightScribe
2007-06-30 06:17:27 -------- d-----w C:\Program Files\GemMaster
2007-06-30 06:14:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 00:31:40 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-06-04 05:33:20 -------- d-----w C:\Program Files\QuickTime
2007-05-19 03:54:50 1,921 ----a-w C:\WINDOWS\mozver.dat
2007-05-18 22:23:24 -------- d-----w C:\Program Files\iPod
2007-05-18 22:19:19 -------- d-----w C:\Program Files\Apple Software Update
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 21:10:34 -------- d-----w C:\Program Files\EQ2MAP Updater
2007-05-08 21:40:54 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-06-04 23:23:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-09-07 16:28 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 11:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2006-09-06 00:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-07-31 15:32 185848 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-28 00:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-05-18 21:34]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 09:11]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 16:16]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 00:03]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

*Newly Created Service* - COMHOST

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

Contents of the 'Scheduled Tasks' folder
2007-06-13 17:26:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-01 02:46:50 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-30 01:18:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Administrator.job
2007-07-01 02:59:00 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-07-01 02:45:21 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-06-30 08:09:14 C:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 22:00:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 22:01:29
C:\ComboFix-quarantined-files.txt ... 2007-06-30 22:01
C:\ComboFix2.txt ... 2007-06-30 18:33

--- E O F ---
HollyW07 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-01-2007, 01:31 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,265
OS: N/A


Re: Spyware remover fakes: Dr. Antivirus and Spylocked
Of the stuff Kaspersky found,

C:\QooBox\ is ComboFix's quarantine folder. You can safely delete it

C:\Deckard\ is DSS's working folder. That should also be deleted

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-01-2007, 08:22 AM   #7 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: Microsoft Windows XP

My System

Re: Spyware remover fakes: Dr. Antivirus and Spylocked
Thank you sooo much for your help! You guys are awesome and I'm really glad I found this site. Thank you again!
HollyW07 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:00 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84