Tech Support Forum banner
Cancel

My Log. .

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 23 Posts
F

· Registered
Joined
·
22 Posts
Discussion Starter · #1 ·
Well I used WinAntiVirus Pro because I had troubles with viruses.
And now when I start up all I see is the default hp blue and white background.
No start up menu. . No desktop icons.
I did a log.
If someone can help me. . . Then I thank you in advance.
-Angie-

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe"
O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SKS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Cvulpil] C:\Program Files\Common Files\?dobe\n?tepad.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#2 ·
Hi Angie,

I'm sorry but the HijackThis log you have posted is not complete. Please run another scan and be sure to copy/paste the entire log which begins with the Header information--it looks similar to this:

Logfile of HijackThis v1.99.1
Scan saved at 6:29:51 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Once the log pops up in Notepad, right click anywhere in the body of the log and click 'Select All'. Right click again and select 'Copy'.

Now right click in your reply box here at TSF and select 'Paste'.

Once we have the full log, we can get started. All is not lost, we can clean your system. :sayyes:
 
Save Share
F

· Registered
Joined
·
22 Posts
Discussion Starter · #3 ·
Ried said:
Hi Angie,

I'm sorry but the HijackThis log you have posted is not complete. Please run another scan and be sure to copy/paste the entire log which begins with the Header information--it looks similar to this:

Logfile of HijackThis v1.99.1
Scan saved at 6:29:51 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Once the log pops up in Notepad, right click anywhere in the body of the log and click 'Select All'. Right click again and select 'Copy'.

Now right click in your reply box here at TSF and select 'Paste'.

Once we have the full log, we can get started. All is not lost, we can clean your system. :sayyes:
Click to expand...
Thank You :)
My computer is restarting on its own and doing whatever it wants. . >.<
I burned all of my valuables onto discs last night.
I learned my lesson well after 2 or 3 times of losing everything.
Hope you can help me!!!
^_^
--------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:32:48 PM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\?dobe\n?tepad.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R3 - URLSearchHook: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wpnmc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hltqmue.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{385828D6-0B75-1033-0805-040203200001}\888.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe"
O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SKS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Cvulpil] C:\Program Files\Common Files\?dobe\n?tepad.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#4 ·
Hello Angie,

No worries, we can clean this up and get you back to 'normal'. :sayyes:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------


Go to <<Start>> then <<Run>> then copy/paste the following red text into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /v qfcbx

When finished, it shall produce a log for you which will ultimately be named ComboFix2.txt. I'll need that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

-----------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

WinAntiVirus Pro 2006
WinBudget

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: (if they still exist)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wpnmc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hltqmue.exe
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe"
O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SKS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Cvulpil] C:\Program Files\Common Files\?dobe\n?tepad.exe
O20 - AppInit_DLLs:


Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders if they still exist.

C:\WINDOWS\system32\wpnmc.exe
C:\WINDOWS\system32\hltqmue.exe
C:\Program Files\WinBudget
C:\Program Files\WinAntiVirus Pro 2006

------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Run combofix once again in the following manner:

Simply double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply in the following order:

ComboFix2.txt (located at C:\ComboFix2.txt)
AVG A-S results
Panda results
ComboFix.txt
New HijackThis log

**I appreciate your consideration, but there is no need to quote my replies into your replies. It will save you time, and save me extra scrolling through unnecessary text. :smile:
 
Save Share
F

· Registered
Joined
·
22 Posts
Discussion Starter · #5 ·
Alright there were a few problems . .
I did this on tuesday or wednesday but there were too many characters and I didn't have enough time to deal with it.

1. I can't go to add/remove programs because of what state my computer is in. (no start menu)

2. I can't go to my computer. I can't open folders. I have to open stuff by using ctrl+alt+delete and New Task. . .

3. I don't know which logs I have because I have a lot so I'll post them seperately in an indivual reply.

4. There was another problem but I can't remember because I typed it all up then I had to go somewhere . . I was gonna be later.
 
F

· Registered
Joined
·
22 Posts
Discussion Starter · #6 · (Edited by Moderator)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:08 06-12-19

+ Scan result:



C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008650.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008651.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008652.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP28\A0007820.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008656.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008601.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009731.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008620.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008621.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008626.exe -> Adware.Director : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WAPPChk.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008642.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_44.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008597.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008598.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008599.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008631.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008629.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008639.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP28\A0007857.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008591.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008627.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008640.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008643.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009729.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\ASupdater.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\database -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\database\enemies.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\vbpv.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Activate.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Activate.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Activate.xml -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Autoplay.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Bin.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\BkSites.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\gsapowhf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\gsapowhf\enemies1260.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\History.db-journal -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\IEFWBHo_Old -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\InstHelp.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\License.rtf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Manual.xml -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGBase -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGBase\vbpv.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGUpLink.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGupdater.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\RTasks.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Restart.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\RulSrv.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Support.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UBUpdater.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UnWiz.xml -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Updater.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\WAV6COM.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\WinAV.xml -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\asmngr.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\atl71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\bpdlink.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\bpupdater.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\chat.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fat.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fopn.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fopn.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fopnl.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\history.db -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\incmp.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\index.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\install.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\kb.url -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\lapv.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\manual.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\manual.pdf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\mfc71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.old -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.old -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\online.url -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\phigh.bin -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\BORLNDMM.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANADWR.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANBCDR.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANDLDR.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANDOS1.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANEMUL.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANFUNC.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANKRNL.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANMCR1.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANOTHR.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANSCR.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANTOOL.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANTROJ.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANWIN1.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNACPU.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNADBX.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNMIME.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPACK.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPACKS.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPACKS2.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPEPACK.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27401.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27402.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27403.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27404.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27405.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27406.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27407.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27408.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27409.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27410.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27411.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27412.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UADAILY.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\wininit.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\unamscan.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\vbpv.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\pmedium.bin -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\prc.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\prerules.xml -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\ps.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\pv.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\qf.pdf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\res -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\res\cross.gif -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\res\wa6p.gif -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\rpt.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\settings.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\sqlite3.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\sr.log -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\st.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\support.ico -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\unins000.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\unins000.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\uninstall.ico -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\unwizard.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\up.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\updater.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\winpgi.old -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\worldmap.swf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008485.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008486.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008487.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008489.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008490.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008493.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008494.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008495.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008496.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008497.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008531.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008532.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008533.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008534.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008538.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008539.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008540.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008546.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008547.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008548.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008549.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008550.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\FOPN.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\stera.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-2995289790-1830313580-1914290758-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-2995289790-1830313580-1914290758-1009\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-2995289790-1830313580-1914290758-1009\Software\WinAntiVirus Pro 2006\DefaultSettings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-2995289790-1830313580-1914290758-1009\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-2995289790-1830313580-1914290758-1009\Software\WinAntiVirus Pro 2006\Settings2 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\ExeDialer.exe -> Dialer.EGroup.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP17\A0005192.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP18\A0005240.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008590.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008611.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008612.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008613.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008616.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008618.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008619.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008623.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008636.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008637.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008644.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008645.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008646.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008647.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008653.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP6\A0001776.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008600.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008604.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008605.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008634.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\UTH9ZW4G\!update-4295[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yniji.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009723.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009724.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009725.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009749.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009750.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP6\snapshot\MFEX-1.DAT -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bak\ggvicp.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hltqmue.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lelln.dat.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008635.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008593.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008595.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008594.exe -> Downloader.VB.apu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008592.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008609.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\Messenger\pohohyh.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\mefefofyf.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Application Data\wa6pinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pinst.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008632.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected]t.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008608.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP30\A0008441.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008607.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008614.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008622.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008606.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008610.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\srvmnjnfcx.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\srvvqftfgv.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_e6h.exe -> Trojan.YourEnhancement : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008596.exe -> Worm.Sumom.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008630.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end
 
F

· Registered
Joined
·
22 Posts
Discussion Starter · #7 · (Edited by Moderator)
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
HOMEPATH=\Documents and Settings\HP_Owner
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERPROFILE=C:\Documents and Settings\HP_Owner
~NT2~
path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
~PreRun~
C:\sUBs\setpath.bat
C:\sUBs\findcomboB.vbs
C:\sUBs\dll_whitelist
C:\sUBs\region.reg
C:\sUBs\whitedirB
C:\sUBs\executables
C:\sUBs\def_safeboot
C:\sUBs\net_svc.txt
C:\sUBs\winlogondef.reg
C:\sUBs\whitedir
C:\sUBs\ComboFix.exe
C:\sUBs\TSF\ERDNT.E_E
C:\sUBs\TSF\handle.exe
C:\sUBs\TSF\Creg.reg
C:\sUBs\TSF\LIST-C.bat
C:\sUBs\TSF\moveex.exe
C:\sUBs\TSF\Look2Me.bat
C:\sUBs\TSF\nircmd.exe
C:\sUBs\TSF\ntp.exe
C:\sUBs\TSF\NTPb.EXE
C:\sUBs\TSF\Ntrights.exe
C:\sUBs\TSF\Purity.bat
C:\sUBs\TSF\Qoo.bat
C:\sUBs\TSF\RestartIt.exe
C:\sUBs\TSF\swreg.exe
C:\sUBs\TSF\swsc.exe
C:\sUBs\TSF\SSK.bat
C:\sUBs\TSF\swxcacls.exe
C:\sUBs\TSF\vfind.exe
~Sys~
activex=C:\WINDOWS\Downloaded Program Files
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\DOCUME~1\HP_Owner\Application Data
AppData default=C:\Documents and Settings\LocalService\Application Data
Cache=C:\DOCUME~1\HP_Owner\Local Settings\Temporary Internet Files
Cache default=C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
CHCP= 437
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Common AppData=C:\Documents and Settings\All Users\Application Data
Common Desktop=C:\Documents and Settings\All Users\Desktop
Common Documents=C:\Documents and Settings\All Users\Documents
Common Favorites=C:\Documents and Settings\All Users\Favorites
Common Programs=C:\Documents and Settings\All Users\Start Menu\Programs
Common Start Menu=C:\Documents and Settings\All Users\Start Menu
Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Common Templates=C:\Documents and Settings\All Users\Templates
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CASSIE
ComSpec=C:\WINDOWS\system32\cmd.exe
Cookies=C:\DOCUME~1\HP_Owner\Cookies
Cookies default=C:\Documents and Settings\NetworkService\Cookies
Desktop=C:\DOCUME~1\HP_Owner\Desktop
DocSet=C:\DOCUME~1
Favorites=C:\DOCUME~1\HP_Owner\Favorites
Fonts default=C:\WINDOWS\Fonts
FP_NO_HOST_CHECK=NO
History=C:\DOCUME~1\HP_Owner\Local Settings\History
History default=C:\Documents and Settings\NetworkService\Local Settings\History
home=C:\sUBs
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
instruct=/v qfcbx
Local AppData=C:\DOCUME~1\HP_Owner\Local Settings\Application Data
Local AppData default=C:\Documents and Settings\HP_Owner\Local Settings\Application Data
Local Settings=C:\DOCUME~1\HP_Owner\Local Settings
Local Settings default=C:\WINDOWS\system32\config\systemprofile\Local Settings
LOGONSERVER=\\CASSIE
My Music=C:\DOCUME~1\HP_Owner\My Documents\****\My Music
My Pictures=C:\DOCUME~1\HP_Owner\My Documents\****\My Pictures
NetHood=C:\DOCUME~1\HP_Owner\NetHood
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\sUBs\TSF;C:\WINDOWS\system32
path1="C:\Documents and Settings\HP_Owner\desktop"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Personal=C:\DOCUME~1\HP_Owner\My Documents
PrintHood=C:\DOCUME~1\HP_Owner\PrintHood
PrintHood default=C:\WINDOWS\system32\config\systemprofile\PrintHood
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
Programs=C:\DOCUME~1\HP_Owner\Start Menu\Programs
PROMPT=$
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Recent default=C:\WINDOWS\system32\config\systemprofile\Recent
SendTo=C:\DOCUME~1\HP_Owner\SendTo
SendTo default=C:\WINDOWS\system32\config\systemprofile\SendTo
SESSIONNAME=Console
Start Menu=C:\DOCUME~1\HP_Owner\Start Menu
Startup=C:\DOCUME~1\HP_Owner\Start Menu\Programs\Startup
System=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
Templates=C:\DOCUME~1\HP_Owner\Templates
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=CASSIE
USERNAME=HP_Owner
USERPROFILE=C:\DOCUME~1\HP_Owner
version=06-12-19.2W-BetaE2
windir=C:\WINDOWS
~DISCLAIM~
~Autoscan~
~L2mChk~
~SskChk~
~QooChk~
~Vundo~
~Vundo~
~MiscFix~
~List-C~
Starting /wow section .......17:05:19.45
"C:\WINDOWS\keyboard1.dat"
"C:\WINDOWS\newname.dat"
"d:\autorun.inf"
C:\Documents and Settings\LocalService\Application Data\NetMon
"C:\Program Files\Common Files\{085828D6-0B75-1033-0805-040203200001}"
"C:\Program Files\Common Files\{385828D6-0B75-1033-0805-040203200001}"
"C:\Program Files\Cowabanga"
"C:\Program Files\Deskbar"
"C:\Program Files\network monitor"
"C:\Program Files\outlook"
"C:\Program Files\TheSearchAccelerator"
"C:\Program Files\ToolBar888"
"C:\Program Files\Internet Optimizer"
End /wow section ....... 17:08:33.92
~SWTCH~
~NTP~
~PreRun~
C:\sUBs\setpath.bat
C:\sUBs\findcomboB.vbs
C:\sUBs\region.reg
C:\sUBs\dll_whitelist
C:\sUBs\whitedirB
C:\sUBs\executables
C:\sUBs\def_safeboot
C:\sUBs\net_svc.txt
C:\sUBs\winlogondef.reg
C:\sUBs\whitedir
C:\sUBs\ComboFix.exe
C:\sUBs\regedit.com
C:\sUBs\ComboFix.txt
C:\sUBs\as-l2m_names
C:\sUBs\as-l2m_notify
C:\sUBs\v-files
C:\sUBs\borlander_file.txt
C:\sUBs\borlander_folder.txt
C:\sUBs\LSPFIX.bat
C:\sUBs\zhSvc.txt
C:\sUBs\drev
C:\sUBs\ComboFix.bat
C:\sUBs\nircmd.exe
C:\sUBs\TSF\nircmd.exe
C:\sUBs\TSF\Purity.bat
C:\sUBs\TSF\handle.exe
C:\sUBs\TSF\ERDNT.E_E
C:\sUBs\TSF\Creg.reg
C:\sUBs\TSF\LIST-C.bat
C:\sUBs\TSF\ntp.exe
C:\sUBs\TSF\NTPb.EXE
C:\sUBs\TSF\moveex.exe
C:\sUBs\TSF\Look2Me.bat
C:\sUBs\TSF\Ntrights.exe
C:\sUBs\TSF\Qoo.bat
C:\sUBs\TSF\RestartIt.exe
C:\sUBs\TSF\SSK.bat
C:\sUBs\TSF\swreg.exe
C:\sUBs\TSF\swsc.exe
C:\sUBs\TSF\swxcacls.exe
C:\sUBs\TSF\vfind.exe
~Sys~
~PreFix~
activex=C:\WINDOWS\Downloaded Program Files
ALLUSERSPROFILE=C:\Documents and Settings\All Users
AppData=C:\Documents and Settings\LocalService\Application Data
AppData default=C:\Documents and Settings\LocalService\Application Data
Cache=C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
Cache default=C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Common AppData=C:\Documents and Settings\All Users\Application Data
Common Desktop=C:\Documents and Settings\All Users\Desktop
Common Documents=C:\Documents and Settings\All Users\Documents
Common Favorites=C:\Documents and Settings\All Users\Favorites
Common Programs=C:\Documents and Settings\All Users\Start Menu\Programs
Common Start Menu=C:\Documents and Settings\All Users\Start Menu
Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Common Templates=C:\Documents and Settings\All Users\Templates
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CASSIE
ComSpec=C:\WINDOWS\system32\cmd.exe
Cookies=C:\Documents and Settings\LocalService\Cookies
Cookies default=C:\Documents and Settings\NetworkService\Cookies
Desktop=C:\Documents and Settings\LocalService\Desktop
Favorites=C:\Documents and Settings\LocalService\Favorites
Fonts default=C:\WINDOWS\Fonts
FP_NO_HOST_CHECK=NO
History=C:\Documents and Settings\LocalService\Local Settings\History
History default=C:\Documents and Settings\NetworkService\Local Settings\History
home=C:\sUBs
instruct=/v qfcbx
Local AppData=C:\Documents and Settings\LocalService\Local Settings\Application Data
Local AppData default=C:\Documents and Settings\HP_Owner\Local Settings\Application Data
Local Settings=C:\Documents and Settings\LocalService\Local Settings
Local Settings default=C:\WINDOWS\system32\config\systemprofile\Local Settings
My Music=C:\Documents and Settings\LocalService\My Documents\****\My Music
My Pictures=C:\Documents and Settings\LocalService\My Documents\****\My Pictures
NetHood=C:\Documents and Settings\LocalService\NetHood
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\sUBs\TSF;C:\WINDOWS\system32
path1="C:\Documents and Settings\HP_Owner\desktop"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Personal=C:\Documents and Settings\LocalService\My Documents
PrintHood=C:\Documents and Settings\LocalService\PrintHood
PrintHood default=C:\WINDOWS\system32\config\systemprofile\PrintHood
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
Programs=C:\Documents and Settings\LocalService\Start Menu\Programs
PROMPT=$
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Recent default=C:\WINDOWS\system32\config\systemprofile\Recent
SendTo=C:\Documents and Settings\LocalService\SendTo
SendTo default=C:\WINDOWS\system32\config\systemprofile\SendTo
Start Menu=C:\Documents and Settings\LocalService\Start Menu
Startup=C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
System=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
Templates=C:\Documents and Settings\LocalService\Templates
TMP=C:\WINDOWS\TEMP
USERPROFILE=C:\Documents and Settings\LocalService
windir=C:\WINDOWS
~Wowcraft~
~Look2Me~
~Qoo~
~Ssk~
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
HOMEPATH=\Documents and Settings\HP_Owner
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERPROFILE=C:\Documents and Settings\HP_Owner
~NT2~
path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
~PreRun~
C:\sUBs\setpath.bat
C:\sUBs\region.reg
C:\sUBs\findcomboB.vbs
C:\sUBs\whitedirB
C:\sUBs\executables
C:\sUBs\dll_whitelist
C:\sUBs\def_safeboot
C:\sUBs\net_svc.txt
C:\sUBs\winlogondef.reg
C:\sUBs\whitedir
C:\sUBs\ComboFix.exe
C:\sUBs\TSF\ERDNT.E_E
C:\sUBs\TSF\handle.exe
C:\sUBs\TSF\LIST-C.bat
C:\sUBs\TSF\Creg.reg
C:\sUBs\TSF\Look2Me.bat
C:\sUBs\TSF\moveex.exe
C:\sUBs\TSF\nircmd.exe
C:\sUBs\TSF\ntp.exe
C:\sUBs\TSF\NTPb.EXE
C:\sUBs\TSF\Ntrights.exe
C:\sUBs\TSF\Purity.bat
C:\sUBs\TSF\Qoo.bat
C:\sUBs\TSF\RestartIt.exe
C:\sUBs\TSF\swreg.exe
C:\sUBs\TSF\swsc.exe
C:\sUBs\TSF\swxcacls.exe
C:\sUBs\TSF\vfind.exe
C:\sUBs\TSF\SSK.bat
~Sys~
activex=C:\WINDOWS\Downloaded Program Files
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\DOCUME~1\HP_Owner\Application Data
AppData default=C:\Documents and Settings\LocalService\Application Data
Cache=C:\DOCUME~1\HP_Owner\Local Settings\Temporary Internet Files
Cache default=C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
CHCP= 437
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
Common AppData=C:\Documents and Settings\All Users\Application Data
Common Desktop=C:\Documents and Settings\All Users\Desktop
Common Documents=C:\Documents and Settings\All Users\Documents
Common Favorites=C:\Documents and Settings\All Users\Favorites
Common Programs=C:\Documents and Settings\All Users\Start Menu\Programs
Common Start Menu=C:\Documents and Settings\All Users\Start Menu
Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Common Templates=C:\Documents and Settings\All Users\Templates
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CASSIE
ComSpec=C:\WINDOWS\system32\cmd.exe
Cookies=C:\DOCUME~1\HP_Owner\Cookies
Cookies default=C:\Documents and Settings\LocalService\Cookies
Desktop=C:\DOCUME~1\HP_Owner\Desktop
DocSet=C:\DOCUME~1
Favorites=C:\DOCUME~1\HP_Owner\Favorites
Fonts default=C:\WINDOWS\Fonts
FP_NO_HOST_CHECK=NO
History=C:\DOCUME~1\HP_Owner\Local Settings\History
History default=C:\Documents and Settings\LocalService\Local Settings\History
home=C:\sUBs
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
Local AppData=C:\DOCUME~1\HP_Owner\Local Settings\Application Data
Local AppData default=C:\Documents and Settings\HP_Owner\Local Settings\Application Data
Local Settings=C:\DOCUME~1\HP_Owner\Local Settings
Local Settings default=C:\WINDOWS\system32\config\systemprofile\Local Settings
LOGONSERVER=\\CASSIE
My Music=C:\DOCUME~1\HP_Owner\My Documents\****\My Music
My Pictures=C:\DOCUME~1\HP_Owner\My Documents\****\My Pictures
NetHood=C:\DOCUME~1\HP_Owner\NetHood
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\sUBs\TSF;C:\WINDOWS\system32
path1="C:\Documents and Settings\HP_Owner\Desktop"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Personal=C:\DOCUME~1\HP_Owner\My Documents
PrintHood=C:\DOCUME~1\HP_Owner\PrintHood
PrintHood default=C:\WINDOWS\system32\config\systemprofile\PrintHood
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
Programs=C:\DOCUME~1\HP_Owner\Start Menu\Programs
PROMPT=$
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Recent default=C:\WINDOWS\system32\config\systemprofile\Recent
SendTo=C:\DOCUME~1\HP_Owner\SendTo
SendTo default=C:\WINDOWS\system32\config\systemprofile\SendTo
SESSIONNAME=Console
Start Menu=C:\DOCUME~1\HP_Owner\Start Menu
Startup=C:\DOCUME~1\HP_Owner\Start Menu\Programs\Startup
System=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
Templates=C:\DOCUME~1\HP_Owner\Templates
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=CASSIE
USERNAME=HP_Owner
USERPROFILE=C:\DOCUME~1\HP_Owner
version=06-12-19.2W-BetaE2
windir=C:\WINDOWS
User settings already backed up
~DISCLAIM~
~Autoscan~
~L2mChk~
~SskChk~
~QooChk~
~MiscFix~
~List-C~
Starting /wow section ....... 7:12:15.66
End /wow section ....... 7:14:35.52
~SWTCH~
~NTP~
~PreRun~
C:\sUBs\setpath.bat
C:\sUBs\region.reg
C:\sUBs\findcomboB.vbs
C:\sUBs\whitedirB
C:\sUBs\executables
C:\sUBs\dll_whitelist
C:\sUBs\net_svc.txt
C:\sUBs\def_safeboot
C:\sUBs\winlogondef.reg
C:\sUBs\whitedir
C:\sUBs\ComboFix.exe
C:\sUBs\regedit.com
C:\sUBs\ComboFix.txt
C:\sUBs\as-l2m_names
C:\sUBs\as-l2m_notify
C:\sUBs\borlander_file.txt
C:\sUBs\borlander_folder.txt
C:\sUBs\LSPFIX.bat
C:\sUBs\zhSvc.txt
C:\sUBs\ComboFix.bat
C:\sUBs\nircmd.exe
C:\sUBs\TSF\nircmd.exe
C:\sUBs\TSF\Creg.reg
C:\sUBs\TSF\LIST-C.bat
C:\sUBs\TSF\Look2Me.bat
C:\sUBs\TSF\handle.exe
C:\sUBs\TSF\ERDNT.E_E
C:\sUBs\TSF\moveex.exe
C:\sUBs\TSF\NTPb.EXE
C:\sUBs\TSF\ntp.exe
C:\sUBs\TSF\Ntrights.exe
C:\sUBs\TSF\Purity.bat
C:\sUBs\TSF\Qoo.bat
C:\sUBs\TSF\RestartIt.exe
C:\sUBs\TSF\swreg.exe
C:\sUBs\TSF\swsc.exe
C:\sUBs\TSF\SSK.bat
C:\sUBs\TSF\swxcacls.exe
C:\sUBs\TSF\vfind.exe
~Sys~
~PreFix~
activex=C:\WINDOWS\Downloaded Program Files
ALLUSERSPROFILE=C:\Documents and Settings\All Users
AppData=C:\Documents and Settings\LocalService\Application Data
AppData default=C:\Documents and Settings\LocalService\Application Data
Cache=C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
Cache default=C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Common AppData=C:\Documents and Settings\All Users\Application Data
Common Desktop=C:\Documents and Settings\All Users\Desktop
Common Documents=C:\Documents and Settings\All Users\Documents
Common Favorites=C:\Documents and Settings\All Users\Favorites
Common Programs=C:\Documents and Settings\All Users\Start Menu\Programs
Common Start Menu=C:\Documents and Settings\All Users\Start Menu
Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Common Templates=C:\Documents and Settings\All Users\Templates
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CASSIE
ComSpec=C:\WINDOWS\system32\cmd.exe
Cookies=C:\Documents and Settings\LocalService\Cookies
Cookies default=C:\Documents and Settings\LocalService\Cookies
Desktop=C:\Documents and Settings\LocalService\Desktop
Favorites=C:\Documents and Settings\LocalService\Favorites
Fonts default=C:\WINDOWS\Fonts
FP_NO_HOST_CHECK=NO
History=C:\Documents and Settings\LocalService\Local Settings\History
History default=C:\Documents and Settings\LocalService\Local Settings\History
home=C:\sUBs
Local AppData=C:\Documents and Settings\LocalService\Local Settings\Application Data
Local AppData default=C:\Documents and Settings\HP_Owner\Local Settings\Application Data
Local Settings=C:\Documents and Settings\LocalService\Local Settings
Local Settings default=C:\WINDOWS\system32\config\systemprofile\Local Settings
My Music=C:\Documents and Settings\LocalService\My Documents\****\My Music
My Pictures=C:\Documents and Settings\LocalService\My Documents\****\My Pictures
NetHood=C:\Documents and Settings\LocalService\NetHood
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\sUBs\TSF;C:\WINDOWS\system32
path1="C:\Documents and Settings\HP_Owner\Desktop"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Personal=C:\Documents and Settings\LocalService\My Documents
PrintHood=C:\Documents and Settings\LocalService\PrintHood
PrintHood default=C:\WINDOWS\system32\config\systemprofile\PrintHood
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
Programs=C:\Documents and Settings\LocalService\Start Menu\Programs
PROMPT=$
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
Recent default=C:\WINDOWS\system32\config\systemprofile\Recent
SendTo=C:\Documents and Settings\LocalService\SendTo
SendTo default=C:\WINDOWS\system32\config\systemprofile\SendTo
Start Menu=C:\Documents and Settings\LocalService\Start Menu
Startup=C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
System=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
Templates=C:\Documents and Settings\LocalService\Templates
TMP=C:\WINDOWS\TEMP
USERPROFILE=C:\Documents and Settings\LocalService
windir=C:\WINDOWS
~Wowcraft~
~Look2Me~
~Qoo~
 
F

· Registered
Joined
·
22 Posts
Discussion Starter · #8 ·
Logfile of HijackThis v1.99.1
Scan saved at 11:23, on 06-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R3 - URLSearchHook: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [fxaacn] C:\WINDOWS\system32\ggvicp.exe reg_run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ComboFix] C:\sUBs\ComboFix.bat
O4 - HKLM\..\RunOnce: [ComboFix] C:\sUBs\ComboFix.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cuhbd] C:\WINDOWS\system32\ggvicp.exe reg_run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
F

· Registered
Joined
·
22 Posts
Discussion Starter · #9 · (Edited by Moderator)
Potentially unwanted tool:application/funweb - c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/winantivirus2006 - c:\documents and settings\all users\desktop\WinAntiVirus Pro 2006.lnk
Adware:adware/ncase - - c:\program files\180Solutions
Adware:Adware/Lop - - C:\Documents and Settings\All Users\Application Data\ONLINE MPEG HOPE ATOM\Ante Log.exe
Adware:Adware/Lop - - C:\Documents and Settings\All Users\Application Data\ONLINE MPEG HOPE ATOM\Kindcast.exe
Adware:Adware/Lop - - C:\Documents and Settings\All Users\Application Data\ONLINE MPEG HOPE ATOM\two frag.exe
Potentially unwanted tool:Application/KillApp.B - C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/DriveCleaner - C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe
Spyware:Spyware/7r7t - - C:\Program Files\PSDream\Uninstall.exe
Adware:Adware/PurityScan - C:\QooBox\Purity\Program Files\Common Files\DOBE~1\n?tepad.exe
Adware:Adware/PurityScan - C:\QooBox\Purity\Program Files\SKS~1\svchost.exe
Adware:Adware/PurityScan - C:\sUBs\6FtUnder\qfcbx.dll.vir
Spyware:Cookie/Zedo - - C:\USERDATA\Application Data\Flock\Browser\Profiles\l9v48nq3.default\cookies.txt[.zedo.com/]
Virus:Trj/Gaodrop.A - - Disinfected - C:\USERDATA\Complete\
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#10 · (Edited)
Hi Angie,

Please copy this page to Notepad and save to your desktop, or print out these instructions for reference.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download the attached fix.zip file to your desktop. Do not run it yet.

-----------------------------

See if you can get explorer.exe to run via Task Manager's + Run Task and type in explorer.exe Any luck? Do you have the Start button and desktop icons?

If not, please do the following:

--------------------------------------------

Boot into Safe Mode

--------------------------------------------

Open HijackThis. Click on Open the Misc Tools Section.

Select ‘Open Uninstall Manager’

In the right pane, click on ‘Open Add/Remove Software List'

Now uninstall the following programs:

WinAntiVirus Pro 2006
WinBudget

---------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R3 - URLSearchHook: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll (file missing)
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll (file missing)
O4 - HKLM\..\Run: [fxaacn] C:\WINDOWS\system32\ggvicp.exe reg_run
O4 - HKCU\..\Run: [cuhbd] C:\WINDOWS\system32\ggvicp.exe reg_run

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Open the fix.zip that you downloaded earlier. Navigate to the location used saved it via the Task Manager if necessary.

Double click the fix.zip, then double click on the .bat file within. It will run very quickly--this is normal.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Please run another online scan at Panda and save the report.

-----------------------------------

Download fl.zip
  • Extract the contents of the fl.zip to a new folder on Desktop.
  • Within the folder, locate & double-click fl.bat.
  • It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply
-----------------------------------

Run combofix.exe--again, navigate to it via the Task Manager if needed:

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply:

Panda results
ComboFix.txt
findlop.txt
New HijackThis log

How is the system behaving--do you have the desktop back?
 
Save Share
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#12 ·
Yes, please continue. :smile:
 
Save Share
F

· Registered
Joined
·
22 Posts
Discussion Starter · #13 · (Edited by Moderator)
It won't let me attach my new hijack this log.
Nope. My desktop is still gone.
Running the same.
Slow at times. . Faster in others.

"HP_Owner" - 06-12-26 2:21:44.59 Service Pack 2
ComboFix 06-12-19.2W-BetaE2 - Running from: "C:\Documents and Settings\HP_Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 ))))))))))))))))))))))))))))))))))


2006-12-19 19:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-19 17:08 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-19 16:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-19 16:54 <DIR> d-------- C:\Program Files\Grisoft
2006-12-15 22:56 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Sonic
2006-12-15 22:55 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Leadertech
2006-12-13 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinSoftware
2006-12-12 20:24 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2006-12-12 19:56 <DIR> d--hs---- C:\WA6P
2006-12-12 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
2006-12-12 19:54 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2006
2006-12-12 18:49 <DIR> d-------- C:\WINDOWS\system32\àdobe
2006-12-10 16:19 137 --a-s---- C:\WINDOWS\test.bat
2006-12-09 14:16 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Help
2006-12-03 21:00 <DIR> d-------- C:\Program Files\Memturbo 4


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-25 22:27 -------- d-------- C:\Program Files\windows live mail desktop
2006-12-25 22:22 -------- d-------- C:\Program Files\norton personal firewall
2006-12-25 22:22 -------- d-------- C:\Program Files\norton antivirus
2006-12-25 22:21 -------- d-------- C:\Program Files\msn messenger
2006-12-25 22:12 -------- d-------- C:\Program Files\itunes
2006-12-25 22:04 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-25 22:01 -------- d-------- C:\Program Files\aim
2006-12-25 14:31 -------- d-a------ C:\Program Files\pc-doctor for windows
2006-12-25 14:31 -------- d-------- C:\Program Files\windows live toolbar
2006-12-25 14:31 -------- d-------- C:\Program Files\msn encarta standard
2006-12-25 14:31 -------- d-------- C:\Program Files\microsoft works
2006-12-25 14:31 -------- d-------- C:\Program Files\messenger
2006-12-25 14:31 -------- d-------- C:\Program Files\intellimover data transfer demo
2006-12-25 14:31 -------- d-------- C:\Program Files\free offers from freeze.com
2006-12-25 14:31 -------- d-------- C:\Program Files\easy internet signup
2006-12-15 22:56 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\sonic
2006-12-15 22:55 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\leadertech
2006-12-14 01:57 -------- d-------- C:\Program Files\microsoft
2006-12-14 01:57 -------- d-------- C:\Program Files\180sol
2006-12-14 01:57 -------- d-------- C:\Program Files\180sa
2006-12-13 21:45 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\winantivirus pro 2006
2006-12-12 20:24 704 --a------ C:\DOCUME~1\HP_Owner\Application Data\update.log
2006-12-09 14:16 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\help
2006-12-09 14:11 -------- d---s---- C:\DOCUME~1\HP_Owner\Application Data\microsoft
2006-12-07 20:34 -------- d-------- C:\Program Files\quicktime
2006-11-24 00:08 -------- d-------- C:\Program Files\apple software update
2006-11-21 23:50 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\macromedia
2006-11-21 23:49 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\intervideo
2006-11-10 15:38 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\real
2006-11-09 17:30 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\adobe
2006-11-09 16:25 -------- d-------- C:\Program Files\Common Files\adobe
2006-11-08 21:58 -------- d-------- C:\Program Files\Common Files\aol
2006-11-08 21:58 -------- d-------- C:\Program Files\aol
2006-11-08 21:58 -------- d-------- C:\Program Files\aod
2006-11-08 14:34 -------- d--h----- C:\Program Files\installshield installation information
2006-11-08 14:34 -------- d-------- C:\Program Files\hewlett-packard
2006-11-07 17:20 -------- d-------- C:\Program Files\java
2006-11-07 16:51 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\template
2006-11-06 21:03 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\aim
2006-11-06 20:27 -------- d-------- C:\Program Files\windows nt
2006-11-06 20:27 -------- d-------- C:\Program Files\movie maker
2006-11-05 11:56 -------- d-------- C:\Program Files\microsoft money
2006-11-04 13:49 -------- d-------- C:\Program Files\filesubmit
2006-10-01 16:01 160493 --a------ C:\WINDOWS\sqirlz morph uninstaller.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="c:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe /GUID NAV /CMDLINE \"REBOOT\""
"IS CfgWiz"="c:\\Program Files\\Common Files\\Symantec Shared\\cfgwiz.exe /GUID NIS /CMDLINE \"REBOOT\""
"SSC_UserPrompt"="c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"rtasks"="C:\\Program Files\\WinAntiVirus Pro 2006\\rtasks.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ComboFix"="C:\\sUBs\\ComboFix.bat"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"ComboFix"="C:\\sUBs\\ComboFix.bat"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,d0,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\FWSvc

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-26 2:26:06.84


Volume in drive C is HP_PAVILION
Volume Serial Number is 0858-28D6

Directory of C:\Documents and Settings\All Users\Application Data

06-11-08 21:10 <DIR> Adobe
06-08-24 22:30 <DIR> Adobe Systems
06-04-23 21:39 <DIR> AOL Downloads
04-08-11 21:07 <DIR> Apple Computer
06-09-22 18:24 <DIR> Google
04-08-11 20:32 <DIR> Hewlett-Packard
04-08-11 20:42 1,410 hpzinstall.log
05-12-25 00:26 <DIR> Lionhead Studios
04-12-04 17:18 <DIR> Macrovision
04-08-11 21:22 <DIR> Motive
06-11-05 10:29 1,350 QTSBandwidthCache
04-08-11 21:07 <DIR> QuickTime
04-08-11 18:18 <DIR> SBSI
04-08-11 23:16 <DIR> Symantec
06-05-23 14:48 <DIR> Viewpoint
06-12-12 19:55 <DIR> WinAntiVirus Pro 2006
06-08-09 18:30 <DIR> Windows Genuine Advantage
06-10-07 18:29 <DIR> Windows Live Toolbar
06-12-13 21:35 <DIR> WinSoftware
05-11-01 22:26 <DIR> yahoo!
2 File(s) 2,760 bytes
18 Dir(s) 9,915,138,048 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 0858-28D6

Directory of C:\Documents and Settings\HP_Owner\Application Data

06-11-09 17:30 <DIR> Adobe
06-11-06 21:03 <DIR> Aim
04-08-11 21:08 <DIR> Apple Computer
06-12-09 14:16 <DIR> Help
04-08-11 18:13 <DIR> Identities
06-11-21 23:49 <DIR> InterVideo
06-12-15 22:55 <DIR> Leadertech
06-11-21 23:50 <DIR> Macromedia
06-11-10 15:38 <DIR> Real
04-08-11 21:50 <DIR> SampleView
06-12-15 22:56 <DIR> Sonic
04-08-11 19:36 <DIR> Sun
04-08-11 23:12 <DIR> Symantec
06-11-07 16:51 <DIR> Template
06-12-12 20:24 704 update.log
06-12-13 21:45 <DIR> WinAntiVirus Pro 2006
1 File(s) 704 bytes
15 Dir(s) 9,915,138,048 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 0858-28D6

Directory of C:\Documents and Settings\Default User\Application Data

06-11-06 20:22 <DIR> .
06-11-06 20:22 <DIR> ..
04-08-11 11:06 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 9,915,138,048 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 0858-28D6

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is HP_PAVILION
Volume Serial Number is 0858-28D6

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/29/2006 7:11:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 09/25/2006
EndDate: 00/00/0000
StartTime: 07:11
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Check Updates for Windows Live Toolbar.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE'
Parameters: ''
WorkingDirectory: ''
Comment: 'This task was created by the MSN Toolbar Installer'
Creator: 'HP_Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/06/2006 19:27:00
NextRun: 12/26/2006 2:27:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/07/2006
EndDate: 00/00/0000
StartTime: 06:27
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Disk Cleanup.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\cleanmgr.exe'
Parameters: ''
WorkingDirectory: 'C:\WINDOWS\system32'
Comment: ''
Creator: 'HP_Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/01/2005 21:30:00
NextRun: 01/01/2007 21:30:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 1
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 1
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/01/2005
EndDate: 00/00/0000
StartTime: 21:30
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer - HP_Owner.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\Navw32.exe'
Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'HP_Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/29/2006 20:00:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 05/14/2005
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_DISABLED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 1
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/11/2004
EndDate: 00/00/0000
StartTime: 16:18
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 08/11/2004
EndDate: 00/00/0000
StartTime: 16:18
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


Panda report **Mod's Note** Cookie entries edited to save space

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8-2.inf
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\start menu\programs\WinAntiVirus Pro 2006
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt

Spyware:Cookie/Zedo Not disinfected C:\USERDATA\Application Data\Flock\Browser\Profiles\l9v48nq3.default\cookies.txt[.zedo.com/]

Spyware:Cookie/2o7 Not disinfected C:\USERDATA\Cookies\[email protected][2].txt

Spyware:Cookie/Advertising Not disinfected C:\WA6P\Quar\HPkxrwqo
Dialer:Dialer.B Not disinfected C:\WINDOWS\Temp\IAUninstall\uninstall.exe


Logfile of HijackThis v1.99.1
Scan saved at 2:33:54 AM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live Mail desktop\wlmail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ComboFix] C:\sUBs\ComboFix.bat
O4 - HKLM\..\RunOnce: [ComboFix] C:\sUBs\ComboFix.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

Attachments

Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#14 · (Edited)
Hi Angie,

We'll go after some of what I see, but not all--I'll need an uninstall list from you--instructions will follow.

When you run combofix.exe, are you running it from Safe Mode or Normal Mode? Also, please describe exactly how you are launching it.

-------------------------------

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download the attached angie.zip Do not run it yet.

---------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {CCA9C1C0-7C5A-3ED4-2DF5-0245750A7095} - C:\WINDOWS\system32\qfcbx.dll (file missing)
O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Double click the angie.zip you downloaded earlier. Now double click on the angie.bat & allow it to run.

-----------------------------------

Clear Internet Explorer Cookies: (you do not need to be connected to the internet to perform this)
  • Launch Internet Explorer>Tools>Internet Options>Delete Cookies
---------------

Clear Flock Cookies:
  • Launch your Flock browser: (you do not need to be connected to the Internet to carry out these instructions)
  • Open the Tools menu and choose Options.
  • Click Privacy.
  • Then click the Cookies tab.
  • Clear Cookies Now
-----------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Run another online scan at Panda.

-----------------------------------

Run combofix.exe once again.

-----------------------------------

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply:

AVG A-S results
Panda results
ComboFix.txt
uninstall_list.txt
New HijackThis log
Description of how you've been launching combofix.exe and whether or not you've been running it in Safe Mode or Normal Mode.
 
Save Share
F

· Registered
Joined
·
22 Posts
Discussion Starter · #15 ·
Sorry for the wait-
I've been extremely busy and today I finally have enough time to do this.
Just wondering. ..
Do have any idea how I can get my desktop and my start menu back?
I heard if you have disks that came with the computer you can do that but the only disks that came with this is the microsoft works trial and AOL.
I just want my computer wiped clean and new on the inside.
I have everything backed up.
I'll try your steps you suggested above, though.
Thank you for your time and patience.
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#16 ·
Hi Angie,

Please let me know what you're going to do here. If you're going to carry out my instructions, I'll need all those logs.

If you want to reformat, HP computers usually have a recovery partition on the D:\ drive. Activating the Recovery Partition will reformat the computer and bring it back to the state it was in at the time of purchase.
 
Save Share
F

· Registered
Joined
·
22 Posts
Discussion Starter · #17 ·
Yes I will be carrying out your instructions . . Because I just realized that I did quite a few of system recoveries and they were kind of like they were when I bought it. . But everything wasn't deleted really. And. . It was good for a month then I got viruses. . Then I got WAP. . Then. . I'm here. . And my computer is getting worse and worse.

I feel horrible because I'm doing the steps with a couple days intervals.

I've been wayyyy busy.

But I'm getting to almost being done.
 
F

· Registered
Joined
·
22 Posts
Discussion Starter · #18 · (Edited by Moderator)
I launch it with no windows besides the task manager. I don't click anything. I just let it run. I don't move my mouse. . . And this time I ran it in normal because you instructed me to.
My computer is getting worse. . .
Sorry for the delay. .
Like I said I am extremely busy.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:39:22 PM 1/16/2007

+ Scan result:



C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009841.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009842.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP30\A0008472.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009751.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009762.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009763.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009764.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009768.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009769.old -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009783.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009784.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009785.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009787.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009837.old -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009839.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009840.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009760.exe -> Dialer.EGroup.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009757.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP38\A0009976.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP38\A0009977.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP31\A0008602.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\WHA3K92V\ld_fuz[1].exe -> Downloader.Small.dys : Cleaned with backup (quarantined).
C:\system.exe -> Downloader.Small.dys : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP28\A0007856.exe -> Dropper.VB.nn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009843.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009844.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009845.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WA6P\Quar\HPkxrwqo -> TrackingCookie.Advertising : Cleaned.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP38\A0009978.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009730.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msasvc.exe -> Trojan.Sinowal.bh : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0ZPN2UJH\vw[1].dat -> Trojan.Sinowal.bv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009758.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009759.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP34\A0009761.exe -> Trojan.YourEnhancement : Cleaned with backup (quarantined).


::Report end



Incident Status Location

Virus:trj/torpig.a Disinfected Operating system
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8-2.inf
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_classes_root\WAP6.PCheck
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
"HP_Owner" - 07-01-19 18:34:40.09 Service Pack 2
ComboFix 06-12-19.2W-BetaE2 - Running from: "C:\Documents and Settings\HP_Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-18 16:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-18 16:41 <DIR> d-------- C:\61caadfd6cecbb8acea6
2007-01-16 15:29 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-15 18:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-15 18:33 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-14 20:16 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-01-14 20:16 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-14 18:01 18,392 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-14 18:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-13 18:56 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-13 17:31 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-13 17:31 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-13 17:31 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-13 17:30 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-13 17:30 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-13 17:30 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-13 17:30 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-13 17:30 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-08 19:22 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-01-02 18:48 <DIR> dr-h----- C:\DOCUME~1\HP_Owner\APPLIC~1\yahoo!
2006-12-30 14:47 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-19 19:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-19 17:08 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-19 16:54 <DIR> d-------- C:\Program Files\Grisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-18 23:19 -------- d-------- C:\Program Files\norton personal firewall
2007-01-18 23:19 -------- d-------- C:\Program Files\norton antivirus
2007-01-18 22:39 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-18 16:51 -------- d-------- C:\Program Files\microsoft works
2007-01-18 16:47 -------- d-------- C:\Program Files\messenger
2007-01-14 18:01 -------- d-------- C:\Program Files\windows live mail desktop
2007-01-14 16:28 -------- d---s---- C:\DOCUME~1\HP_Owner\Application Data\microsoft
2007-01-13 20:25 -------- d-------- C:\Program Files\msn messenger
2007-01-08 19:22 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\adobeum
2007-01-08 19:22 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\adobe
2007-01-02 18:48 -------- dr-h----- C:\DOCUME~1\HP_Owner\Application Data\yahoo!
2006-12-25 22:12 -------- d-------- C:\Program Files\itunes
2006-12-25 22:01 -------- d-------- C:\Program Files\aim
2006-12-25 14:31 -------- d-a------ C:\Program Files\pc-doctor for windows
2006-12-25 14:31 -------- d-------- C:\Program Files\windows live toolbar
2006-12-25 14:31 -------- d-------- C:\Program Files\msn encarta standard
2006-12-25 14:31 -------- d-------- C:\Program Files\intellimover data transfer demo
2006-12-25 14:31 -------- d-------- C:\Program Files\free offers from freeze.com
2006-12-25 14:31 -------- d-------- C:\Program Files\easy internet signup
2006-12-19 19:06 -------- d-------- C:\Program Files\Common Files\companion wizard
2006-12-15 22:56 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\sonic
2006-12-15 22:55 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\leadertech
2006-12-14 01:57 -------- d-------- C:\Program Files\microsoft
2006-12-14 01:57 -------- d-------- C:\Program Files\180sol
2006-12-14 01:57 -------- d-------- C:\Program Files\180sa
2006-12-12 20:24 704 --a------ C:\DOCUME~1\HP_Owner\Application Data\update.log
2006-12-10 16:20 137 --a-s---- C:\WINDOWS\test.bat
2006-12-09 14:16 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\help
2006-12-07 20:34 -------- d-------- C:\Program Files\quicktime
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 21:00 -------- d-------- C:\Program Files\memturbo 4
2006-11-24 00:08 -------- d-------- C:\Program Files\apple software update
2006-11-21 23:50 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\macromedia
2006-11-21 23:49 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\intervideo
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-29 19:28 75736 --a------ C:\WINDOWS\system32\cdm.dll
2006-10-29 19:28 465368 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-29 19:28 41432 --a------ C:\WINDOWS\system32\wups.dll
2006-10-29 19:28 198616 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-29 19:28 194520 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-29 19:28 174040 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-29 19:28 172504 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-29 19:28 1353688 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-29 19:28 127448 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-29 19:28 124376 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-19 06:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="c:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe /GUID NAV /CMDLINE \"REBOOT\""
"IS CfgWiz"="c:\\Program Files\\Common Files\\Symantec Shared\\cfgwiz.exe /GUID NIS /CMDLINE \"REBOOT\""
"SSC_UserPrompt"="c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ComboFix"="C:\\sUBs\\ComboFix.bat"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"ComboFix"="C:\\sUBs\\ComboFix.bat"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,d0,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\FWSvc

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-19 19:20:32.67
C:\ComboFix2.txt ... 06-12-26 02:26


Logfile of HijackThis v1.99.1
Scan saved at 7:34:56 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ComboFix] C:\sUBs\ComboFix.bat
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\RunOnce: [ComboFix] C:\sUBs\ComboFix.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

Attachments

Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#19 ·
I also needed an Uninstall List.

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

---------------------------------------------------------

Before we proceed, I need a bit more information.

Can you launch Explorer.exe from the Task Manager?

Does the desktop load in Safe Mode?
 
Save Share
F

· Registered
Joined
·
22 Posts
Discussion Starter · #20 ·
1. My computer was dying and I had to do something. . So I did a system recovery. . And this time it actually worked. ^_^ My desktop is back!
2. I downloaded and used SpyBot Search & Destroy
3. Do you think it's possible for you to see if my computer is okay now?
{{it seems like it's alright but I'm not sure}}
Here's the unistall list. .
And. . In safe mode I didnt' see my desktop *shrugs*
And I tried that before. . I couldn't find it.
Thank You :)
 

Attachments

1 - 20 of 23 Posts
Status
Not open for further replies.
About this Discussion
22 Replies
2 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top