Sponsored By

ericagm

Members
  • Content Count

    14
  • Joined

  • Last visited

About ericagm

  • Rank
    Member
  1. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    Thanks SO much for ALL your help!!
  2. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    I couldn't figure out how to view the log. Here is what I got: 8/11/2008 3:21:30 AM:437 Immunizer Results ActiveX section has been immunized. No items were processed. 8/11/2008 9:24:05 AM:0 Immunizer Results ActiveX section has been immunized, Processed 2 items. 8/11/2008 1:41:41 PM:750 Service Stopped Spyware Doctor Service Application Stopped 8/11/2008 1:43:26 PM:140 Service Started Spyware Doctor Service Application started 8/11/2008 1:43:26 PM:156 OnGuards status All OnGuards were Enabled 8/11/2008 1:43:26 PM:906 Immunizer Results ActiveX section has been immunized. No items were processed. 8/11/2008 1:43:34 PM:843 Scan Started Scan Type - Full Scan 8/11/2008 1:43:34 PM:843 Startup Scan Initialising Startup Scan:Full scan of this computer 8/11/2008 1:44:47 PM:515 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_872265 .statcounter.com 8/11/2008 1:44:47 PM:515 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - VID .yadro.ru 8/11/2008 1:44:47 PM:515 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_2410742 .statcounter.com 8/11/2008 1:44:47 PM:515 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_2704265 .statcounter.com 8/11/2008 1:44:47 PM:515 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_1228341 .statcounter.com 8/11/2008 1:44:48 PM:15 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fobbcox7Ceglcmac .2o7.net 8/11/2008 1:44:48 PM:15 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_gijrkx7C .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_gijupe .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fx60ejdhj .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fhkpwjv .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net 8/11/2008 1:44:48 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net 8/11/2008 1:44:48 PM:125 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .kango.112.2o7.net 8/11/2008 1:44:48 PM:437 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ACOOKIE statse.webtrendslive.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - recentviewslr .nextag.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - k .nextag.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - visitorId .nextag.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - rvd .nextag.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - prf .nextag.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - _jsen1 .nextag.com 8/11/2008 1:44:48 PM:500 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - recentview .nextag.com 8/11/2008 1:44:48 PM:703 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - HumanClickACTIVE server.iad.liveperson.net 8/11/2008 1:44:48 PM:703 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - HumanClickID server.iad.liveperson.net 8/11/2008 1:44:48 PM:843 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - XCLGFbrowser .com.com 8/11/2008 1:44:48 PM:843 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .ice.112.2o7.net 8/11/2008 1:44:49 PM:31 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - VISID counter.hitslink.com 8/11/2008 1:44:49 PM:687 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ClrSCD www.bluemountain.com 8/11/2008 1:44:49 PM:687 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ClrOSSID www.bluemountain.com 8/11/2008 1:44:49 PM:687 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - mc_p .bluemountain.com 8/11/2008 1:44:49 PM:687 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ClrSSID www.bluemountain.com 8/11/2008 1:44:49 PM:890 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - buzz466 www.buzztone.com 8/11/2008 1:44:50 PM:312 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - id .doubleclick.net 8/11/2008 1:44:50 PM:734 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - lsn_statp .linksynergy.com 8/11/2008 1:44:50 PM:734 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - lsn_track .linksynergy.com 8/11/2008 1:44:51 PM:375 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - HumanClickID sales.liveperson.net 8/11/2008 1:44:51 PM:921 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .mohg.112.2o7.net 8/11/2008 1:44:51 PM:937 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .viamtvcom.112.2o7.net 8/11/2008 1:44:52 PM:140 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - NC1U www3.addfreestats.com 8/11/2008 1:44:52 PM:203 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .avgtechnologies.112.2o7.net 8/11/2008 1:44:52 PM:281 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - HISTORY .adultfriendfinder.com 8/11/2008 1:44:52 PM:281 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - ffadult_tr .adultfriendfinder.com 8/11/2008 1:44:52 PM:625 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .webxites.122.2o7.net 8/11/2008 1:44:52 PM:765 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .warnerbros.112.2o7.net 8/11/2008 1:44:53 PM:0 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .saksfifthavenue.122.2o7.net 8/11/2008 2:11:58 PM:875 Immunizer Results ActiveX section has been immunized. No items were processed. 8/11/2008 2:32:54 PM:250 Scan Finished Scan Type - Full Scan Items Processed - 288187 Threats Detected - 3 Infections Detected - 46 Infections Ignored - 0 8/11/2008 2:36:31 PM:937 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - NC1U www3.addfreestats.com 8/11/2008 2:36:31 PM:968 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - lsn_track .linksynergy.com 8/11/2008 2:36:31 PM:984 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - lsn_statp .linksynergy.com 8/11/2008 2:36:32 PM:31 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - XCLGFbrowser .com.com 8/11/2008 2:36:32 PM:31 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - HumanClickID server.iad.liveperson.net 8/11/2008 2:36:32 PM:46 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - HumanClickACTIVE server.iad.liveperson.net 8/11/2008 2:36:32 PM:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - recentview .nextag.com 8/11/2008 2:36:32 PM:93 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - _jsen1 .nextag.com 8/11/2008 2:36:32 PM:93 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - prf .nextag.com 8/11/2008 2:36:32 PM:93 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - rvd .nextag.com 8/11/2008 2:36:32 PM:93 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - visitorId .nextag.com 8/11/2008 2:36:32 PM:109 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - k .nextag.com 8/11/2008 2:36:32 PM:109 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - recentviewslr .nextag.com 8/11/2008 2:36:32 PM:125 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_1228341 .statcounter.com 8/11/2008 2:36:32 PM:140 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_2704265 .statcounter.com 8/11/2008 2:36:32 PM:140 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_2410742 .statcounter.com 8/11/2008 2:36:32 PM:140 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_872265 .statcounter.com 8/11/2008 2:36:32 PM:375 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .saksfifthavenue.122.2o7.net 8/11/2008 2:36:32 PM:375 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .warnerbros.112.2o7.net 8/11/2008 2:36:32 PM:421 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .webxites.122.2o7.net 8/11/2008 2:36:32 PM:421 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .avgtechnologies.112.2o7.net 8/11/2008 2:36:32 PM:421 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .viamtvcom.112.2o7.net 8/11/2008 2:36:32 PM:484 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .mohg.112.2o7.net 8/11/2008 2:36:32 PM:484 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - HumanClickID sales.liveperson.net 8/11/2008 2:36:32 PM:484 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - id .doubleclick.net 8/11/2008 2:36:32 PM:515 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - buzz466 www.buzztone.com 8/11/2008 2:36:32 PM:515 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ClrSSID www.bluemountain.com 8/11/2008 2:36:32 PM:578 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - mc_p .bluemountain.com 8/11/2008 2:36:32 PM:578 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ClrOSSID www.bluemountain.com 8/11/2008 2:36:32 PM:578 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ClrSCD www.bluemountain.com 8/11/2008 2:36:32 PM:593 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - VISID counter.hitslink.com 8/11/2008 2:36:32 PM:671 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .ice.112.2o7.net 8/11/2008 2:36:32 PM:687 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ACOOKIE statse.webtrendslive.com 8/11/2008 2:36:32 PM:687 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi .kango.112.2o7.net 8/11/2008 2:36:32 PM:718 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net 8/11/2008 2:36:32 PM:718 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net 8/11/2008 2:36:32 PM:734 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net 8/11/2008 2:36:32 PM:781 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fhkpwjv .2o7.net 8/11/2008 2:36:32 PM:796 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fx60ejdhj .2o7.net 8/11/2008 2:36:32 PM:796 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_gijupe .2o7.net 8/11/2008 2:36:32 PM:796 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_gijrkx7C .2o7.net 8/11/2008 2:36:32 PM:796 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net 8/11/2008 2:36:32 PM:875 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fobbcox7Ceglcmac .2o7.net 8/11/2008 2:36:32 PM:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - VID .yadro.ru 8/11/2008 2:36:33 PM:593 Infection cleaned Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - ffadult_tr .adultfriendfinder.com 8/11/2008 2:36:33 PM:593 Infection cleaned Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - HISTORY .adultfriendfinder.com 8/11/2008 2:36:39 PM:62 Infections Quarantined/Removed Summary Quarantined - 0 Quarantine Failed - 0 Removed - 46 Remove Failed - 0 8/11/2008 3:02:41 PM:671 Immunizer Results ActiveX section has been immunized. No items were processed. 8/11/2008 6:00:20 PM:625 Scan Started Scan Type - Intelli-Scan 8/11/2008 6:00:20 PM:687 Scheduled task started Initializing Scheduled task: Intelli-Scan of this computer 8/11/2008 6:00:41 PM:218 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_872265 .statcounter.com 8/11/2008 6:00:41 PM:281 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - VID .yadro.ru 8/11/2008 6:00:41 PM:281 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_2410742 .statcounter.com 8/11/2008 6:00:41 PM:281 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_2704265 .statcounter.com 8/11/2008 6:00:41 PM:281 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - session_1228341 .statcounter.com 8/11/2008 6:00:41 PM:828 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_fobbcox7Ceglcmac .2o7.net 8/11/2008 6:00:41 PM:828 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net
  3. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    I haven't heard the random sound clips yet!!! phew! I re-ran Spy Doctor and it said I had A LOT of infected files with Application.TrackingCookies, Adware.Advertising, and Spyware.Known_Bad_Sites. Is this the same issue? or something completely different? I click to Clean the files, but every time I re-scan, files continue to be infected. I'm not sure if this is related to my previous problem??
  4. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    When I reran Hijack This, these did not show up: O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing) O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing) O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing) O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing) O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing) O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing) Last night I didn't restart my computer, so I'm thinking that I needed to reboot my computer in order for the cleaning to take effect. ? Here is my new log (all clean?): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:42 PM, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Antivirus\pccguide.exe C:\Program Files\Trend Micro\Antivirus\PCClient.exe C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe -- End of file - 11210 bytes
  5. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    OTMoveIT2 Log: Explorer killed successfully Service not present: afinding. Service not present: macidwe. Service not present: NOBICYT. Service not present: perfs. Service not present: routing. Service not present: sobicyt. Service not present: tdxdowkc. Service not present: wserving. C:\WINDOWS\system32\AFinding.exe moved successfully. C:\WINDOWS\system32\macidwe.exe moved successfully. C:\WINDOWS\system32\Nobicyt.exe moved successfully. C:\WINDOWS\system32\perfs.exe moved successfully. C:\WINDOWS\system32\routing.exe moved successfully. C:\WINDOWS\system32\sobicyt.exe moved successfully. C:\WINDOWS\system32\tdxdowkc.exe moved successfully. C:\WINDOWS\system32\WServing.exe moved successfully. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_045554 Updated Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:57:43 AM, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\AFinding.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Antivirus\pccguide.exe C:\Program Files\Trend Micro\Antivirus\PCClient.exe C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\WINDOWS\system32\tdxdowkc.exe C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\WServing.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\EricaGM\Desktop\OTMoveIt2.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing) O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing) O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing) O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing) -- End of file - 12384 bytes
  6. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    OOOOPs i didn't do the second part. I just saw that! let me do it now and post the new log. Sorry about that.
  7. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:50:07 AM, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\AFinding.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Antivirus\pccguide.exe C:\Program Files\Trend Micro\Antivirus\PCClient.exe C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\WINDOWS\system32\tdxdowkc.exe C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\WServing.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe -- End of file - 12207 bytes
  8. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    Thanks for the steps. Here is my recent log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:28:34 AM, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\AFinding.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Antivirus\pccguide.exe C:\Program Files\Trend Micro\Antivirus\PCClient.exe C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\WINDOWS\system32\tdxdowkc.exe C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\WServing.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Picasa2\Picasa2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe -- End of file - 12245 bytes
  9. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    I found it: Deckard's System Scanner v20071014.68 Run by EricaGM on 2008-08-07 18:40:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 87: 2008-08-07 22:40:27 UTC - RP468 - Deckard's System Scanner Restore Point 86: 2008-08-06 21:21:38 UTC - RP467 - Spyware Doctor: Cleaning Threats 85: 2008-08-06 21:20:53 UTC - RP466 - Spyware Doctor: Cleaning Threats 84: 2008-08-06 03:33:10 UTC - RP465 - System Checkpoint 83: 2008-08-04 16:02:38 UTC - RP464 - Spyware Doctor: Cleaning Threats -- First Restore Point -- 1: 2008-05-10 16:43:43 UTC - RP382 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 2.15 GiB (less than 15%) free. -- HijackThis (run as EricaGM.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:42:17 PM, on 8/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Trend Micro\Antivirus\PCClient.exe C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\tdxdowkc.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\EricaGM\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\EricaGM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe -- End of file - 11127 bytes -- File Associations ----------------------------------------------------------- .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .reg - regfile - shell\open\command - regedit.exe "%1" %* .txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper> R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; Quick Launch Buttons> R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver> R3 pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; Quick Launch Buttons> S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing) S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing) S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 macidwe (macidwe Service) - c:\windows\system32\macidwe.exe R2 NOBICYT (NOBICYT Service) - c:\windows\system32\nobicyt.exe (file missing) R2 sobicyt - c:\windows\system32\sobicyt.exe (file missing) R2 tdxdowkc (tdxdowkc Service) - c:\windows\system32\tdxdowkc.exe R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11> S2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: SCSI/RAID Host Controller Device ID: ACPI\PNPA000\4&44447945&0 Manufacturer: (Standard mass storage controllers) Name: SCSI/RAID Host Controller PNP Device ID: ACPI\PNPA000\4&44447945&0 Service: adgcdzyz -- Scheduled Tasks ------------------------------------------------------------- 2008-07-24 23:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-04-14 09:00:01 868 --a------ C:\WINDOWS\Tasks\wrSpySweeper20060612064852.job -- Files created between 2008-07-07 and 2008-08-07 ----------------------------- 2008-08-07 16:44:00 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Malwarebytes 2008-08-07 16:43:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 16:43:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-07 12:34:54 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Elluminate 2008-08-06 23:32:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia 2008-08-04 20:44:39 0 d-------- C:\Documents and Settings\EricaGM\Application Data\TrojanHunter 2008-08-04 18:12:21 0 d-------- C:\Program Files\TrojanHunter 5.0 2008-07-31 17:00:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 12:18:41 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Sunbelt Software 2008-07-31 11:32:04 0 d-------- C:\Program Files\uTorrent 2008-07-29 01:18:09 0 d-------- C:\Program Files\Gre Bible 2008-07-29 01:17:54 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2008-07-29 01:17:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-07-21 20:25:48 0 d-------- C:\Documents and Settings\EricaGM\DoctorWeb 2008-07-20 03:28:08 68096 --a------ C:\WINDOWS\zip.exe 2008-07-20 03:28:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-20 03:28:08 98816 --a------ C:\WINDOWS\sed.exe 2008-07-20 03:28:08 80412 --a------ C:\WINDOWS\grep.exe 2008-07-20 03:28:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-20 03:28:07 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-20 03:28:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-20 02:17:39 0 dr------- C:\Documents and Settings\LocalService\Favorites -- Find3M Report --------------------------------------------------------------- 2008-08-07 18:10:29 30008 --a------ C:\Documents and Settings\EricaGM\Application Data\.googlewebacchosts 2008-08-07 13:12:09 0 d-------- C:\Program Files\Spyware Doctor 2008-08-06 23:33:18 0 d-------- C:\Program Files\Google 2008-08-04 19:06:46 0 d-------- C:\Documents and Settings\EricaGM\Application Data\uTorrent 2008-08-04 18:32:08 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Skype 2008-08-04 16:03:19 0 d-------- C:\Documents and Settings\EricaGM\Application Data\skypePM 2008-08-04 11:55:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-01 14:48:36 0 d-------- C:\Documents and Settings\EricaGM\Application Data\LimeWire 2008-07-30 02:22:58 0 d-------- C:\Program Files\Common Files\Real 2008-07-30 02:22:52 0 d-------- C:\Program Files\Common Files 2008-07-30 02:22:46 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Real 2008-07-22 18:53:32 0 d-------- C:\Program Files\music_now 2008-07-22 15:16:01 0 d-------- C:\Documents and Settings\EricaGM\Application Data\MSNInstaller 2008-07-20 03:16:56 0 d-------- C:\Program Files\Trend Micro 2008-07-01 19:57:03 31915564 --a------ C:\Program Files\kis7.0.1.325en.exe <Not Verified; Kaspersky Lab; Kaspersky Internet Security> 2008-06-24 02:10:33 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Printer Info Cache 2008-06-24 02:04:10 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Costco Photo Organizer 2008-06-24 02:02:31 5998080 --a------ C:\Program Files\Costco_1.5.0.102.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-06-08 23:46:28 0 d-------- C:\Documents and Settings\EricaGM\Application Data\U3 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [01/25/2006 02:21 PM] "pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 06:51 PM] "PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 06:51 PM] "TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 06:50 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 05:27 PM] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [08/04/2008 06:18 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p "Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -cexwxfst.sys2.0 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/2/2008 10:27:45 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 4:01:04 AM] Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/10/2007 1:24:38 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "Registration"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 05:39 PM 294400] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] C:\Windows\SMINST\RecGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] C:\Windows\CREATOR\Remind_XP.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc2a388-0366-11dc-abf0-00163607b1d7}] AutoRun\command- H:\qwc.exe explore\Command- H:\qwc.exe open\Command- H:\qwc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118bc8-7bfc-11db-aae8-00163607b1d7}] AutoRun\command- uqhqx1.cmd explore\Command- uqhqx1.cmd open\Command- uqhqx1.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38610133-0e34-11db-a9ee-00163607b1d7}] Auto\command- H:\MSOCache\doWTP_RESTORE.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c60959f-8c80-11dc-acc6-00163607b1d7}] AutoRun\command- .exe explore\Command- .exe open\Command- .exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488107b4-5c04-11dc-ac4e-00163607b1d7}] AutoRun\command- J:\qwc.exe explore\Command- J:\qwc.exe open\Command- J:\qwc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58278598-435a-11dc-ac22-00163607b1d7}] Auto\command- G:\MSOCache\doWTP_RESTORE.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586284de-9e1b-11db-ab21-00163607b1d7}] AutoRun\command- G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586284df-9e1b-11db-ab21-00163607b1d7}] Auto\command- MSOCache\doWTP_RESTORE.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ac8710-544e-11dc-ac3b-00163607b1d7}] Auto\command- G:\MSOCache\doWTP_RESTORE.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7de040aa-2ef1-11db-aa3f-00163607b1d7}] AutoRun\command- rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5e834d6-4acf-11dc-ac2c-00163607b1d7}] Auto\command- G:\MSOCache\doWTP_RESTORE.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------
  10. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    I posted the only log that came up on a notepad. Where can I find this missing log on my computer? Thanks
  11. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    OTMoveIt2 C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip moved successfully. C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip moved successfully. File/Folder C:\WINDOWS\system32\afinding.exe not found. C:\WINDOWS\system32\atsxyzd.sys moved successfully. C:\WINDOWS\system32\ceswxfst.sys moved successfully. C:\WINDOWS\system32\cexwxfst.sys moved successfully. C:\WINDOWS\system32\cfexfst.sys moved successfully. C:\WINDOWS\system32\nftscpd.sys moved successfully. C:\WINDOWS\system32\Nobicyt.exe moved successfully. C:\WINDOWS\system32\ntscpd.sys moved successfully. C:\WINDOWS\system32\nxtscpd.sys moved successfully. C:\WINDOWS\system32\otaxyzd.sys moved successfully. File/Folder C:\WINDOWS\system32\routing.exe not found. C:\WINDOWS\system32\sobicyt.exe moved successfully. C:\WINDOWS\system32\stsycod.sys moved successfully. C:\WINDOWS\system32\swand.sys moved successfully. C:\WINDOWS\system32\sxtsyctd.sys moved successfully. C:\WINDOWS\system32\sxwand.sys moved successfully. C:\WINDOWS\system32\tcexfst.sys moved successfully. C:\WINDOWS\system32\tmp0_838768684858.bk moved successfully. C:\WINDOWS\system32\tmpxr_135723629943.bk moved successfully. C:\WINDOWS\system32\tmpxr_146316840469.bk moved successfully. C:\WINDOWS\system32\tmpxr_365256454975.bk moved successfully. C:\WINDOWS\system32\tmpxr_461242361512.bk moved successfully. C:\WINDOWS\system32\tmpxr_47710669729.bk moved successfully. C:\WINDOWS\system32\tmpxr_490105611594.bk moved successfully. C:\WINDOWS\system32\tmpxr_508099311156.bk moved successfully. C:\WINDOWS\system32\tmpxr_541910523306.bk moved successfully. C:\WINDOWS\system32\tmpxr_57936884060.bk moved successfully. C:\WINDOWS\system32\tmpxr_58739352092.bk moved successfully. C:\WINDOWS\system32\tmpxr_774865809987.bk moved successfully. C:\WINDOWS\system32\tmpxr_791517120265.bk moved successfully. C:\WINDOWS\system32\tmpxr_795747295548.bk moved successfully. C:\WINDOWS\system32\tmpxr_93281561791.bk moved successfully. File/Folder C:\WINDOWS\system32\wserving.exe not found. C:\WINDOWS\system32\xwxfst.sys moved successfully. C:\WINDOWS\system32\yaxcnxd.sys moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_183844 Deckard's Log: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 1013.98 MiB / 467.48 MiB Pagefile Memory (total/avail): 2439.68 MiB / 2036.46 MiB Virtual Memory (total/avail): 2047.88 MiB / 1928.03 MiB C: is Fixed (NTFS) - 65.69 GiB total, 2.15 GiB free. D: is Fixed (FAT32) - 7.82 GiB total, 0.63 GiB free. E: is CDROM (No Media) F: is Removable (FAT) \\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 3 partitions \PARTITION0 (bootable) - Installable File System - 65.69 GiB - C: \PARTITION1 - Unknown - 7.84 GiB - D: \PARTITION2 - Unknown - 1027.6 MiB \\.\PHYSICALDRIVE1 - - 7.84 MiB - partitions \PARTITION0 - MS-DOS V4 Huge - 483.76 MiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: Norton Internet Security 2006 v2006 (Symantec Corporation) AV: Norton Internet Security 2006 v2006 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\kav\\kis\\setup.exe"="C:\\kav\\kis\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java Platform SE binary" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\EricaGM\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-4105E587B6 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\EricaGM LOGONSERVER=\\YOUR-4105E587B6 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;. PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PCTYPE=PAVILION PLATFORM=MCD PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp TMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp USERDOMAIN=YOUR-4105E587B6 USERNAME=EricaGM USERPROFILE=C:\Documents and Settings\EricaGM windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- EricaGM (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003} Adobe Acrobat 8.1.2 Security Update 1 (KB403742) --> Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iqta30a0a.INF Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove Creative WebCam Live! Ultra Driver (1.01.03.0127) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog Creative WebCam Live! Ultra User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F} Gre Bible --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Gre Bible\ST6UNST.LOG" HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_qta30a0k\HXFSETUP.EXE -U -IQTA30A0K.INF Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly HP User Guides 0009 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58C62A8E-E628-4822-A0F2-BBE10329D53F}\Setup.exe" -l0x9 -removeonly HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst I/OMagic DataBank --> C:\PROGRA~1\IOMagic\DataBank\UNWISE.EXE C:\PROGRA~1\IOMagic\DataBank\INSTALL.LOG Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Intel® PRO Network Connections Drivers --> Prounstl.exe iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE} Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE} Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE} Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE} Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} River Past Video Cleaner Pro --> C:\WINDOWS\Video Cleaner Pro Uninstaller.exe Samsung USB Driver (MCCI 4.24 WHQL) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Step By Step Interactive Training (KB898458) --> Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C} TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe" Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E} VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409 Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly -- Application Event Log ------------------------------------------------------- Event Record #/Type7975 / Error Event Submitted/Written: 08/04/2008 06:53:41 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Processing media-specific event for [drwtsn32.exe!ws!] Event Record #/Type7931 / Error Event Submitted/Written: 08/04/2008 00:10:45 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced. Processing media-specific event for [sxtsyctd.sys!ws!] Event Record #/Type7929 / Error Event Submitted/Written: 08/04/2008 00:06:10 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x000022b2. Processing media-specific event for [sxtsyctd.sys!ws!] Event Record #/Type7918 / Error Event Submitted/Written: 08/03/2008 00:33:43 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced. Processing media-specific event for [sxtsyctd.sys!ws!] Event Record #/Type7861 / Success Event Submitted/Written: 08/01/2008 04:36:19 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type79469 / Error Event Submitted/Written: 08/07/2008 06:12:27 PM / 08/07/2008 06:12:51 PM Event ID/Source: 4 / sptd Event Description: Driver detected an internal error in its data structures for . Event Record #/Type79467 / Error Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM Event ID/Source: 4 / sptd Event Description: Driver detected an internal error in its data structures for . Event Record #/Type79466 / Error Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM Event ID/Source: 4 / sptd Event Description: Driver detected an internal error in its data structures for . Event Record #/Type79465 / Error Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM Event ID/Source: 4 / sptd Event Description: Driver detected an internal error in its data structures for . Event Record #/Type79464 / Error Event Submitted/Written: 08/07/2008 06:12:05 PM / 08/07/2008 06:12:51 PM Event ID/Source: 4 / sptd Event Description: Driver detected an internal error in its data structures for . -- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------
  12. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    Thank you for the detailed steps. Easy to follow. Here are both logs, Kaspersky first: Thursday, August 7, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, August 07, 2008 18:37:50 Records in database: 1067337 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Files scanned 90765 Threat name 52 Infected objects 91 Suspicious objects 0 Duration of the scan 02:48:53 File name Threat name Threats count C:\WINDOWS\system32\afinding.exe/C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1 C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1 C:\WINDOWS\system32\routing.exe/C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1 C:\WINDOWS\system32\wserving.exe/C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1 C:\WINDOWS\system32\otaxyzd.sys/C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1 C:\WINDOWS\system32\sobicyt.exe/C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1 C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip Infected: Exploit.Java.Gimsh.b 1 C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip Infected: Exploit.Java.Gimsh.b 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087153.exe Infected: Trojan.Win32.Agent.rtf 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087539.exe Infected: Trojan.Win32.Agent.rwl 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087762.exe Infected: Trojan.Win32.Agent.vwd 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090156.exe Infected: Trojan.Win32.Agent.suv 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090218.exe Infected: Trojan.Win32.Agent.tgz 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090775.exe Infected: Trojan.Win32.Agent.uvf 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090928.exe Infected: Trojan.Win32.Agent.thb 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091076.exe Infected: Trojan.Win32.Agent.vtw 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091149.exe Infected: Trojan.Win32.Agent.vne 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091313.exe Infected: Trojan.Win32.Agent.vum 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091540.exe Infected: Trojan.Win32.Agent.vum 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091782.exe Infected: Trojan.Win32.Agent.wgz 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe Infected: Trojan.Win32.Agent.vne 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe.vir Infected: Trojan.Win32.Agent.thb 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing0.exe Infected: Trojan.Win32.Agent.vum 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing1.exe Infected: Trojan.Win32.Agent.vum 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_162080289190.bk Infected: Trojan.Win32.Agent.vvx 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_177826118969.bk Infected: Trojan.Win32.Agent.ush 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_185308604937.bk Infected: Trojan.Win32.Agent.vly 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_323673469076.bk Infected: Trojan.Win32.Agent.vsv 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_32884366636.bk Infected: Trojan.Win32.Agent.tgz 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_368766403046.bk Infected: Trojan.Win32.Agent.scr 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_485723151761.bk Infected: Trojan.Win32.Agent.tgz 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_548726853151.bk Infected: Trojan.Win32.Agent.scr 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_616401712926.bk Infected: Trojan.Win32.Agent.vjk 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_666809771912.bk Infected: Trojan.Win32.Agent.tsn 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_6697375516.bk Infected: Trojan.Win32.Agent.tsn 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_673823582822.bk Infected: Trojan.Win32.Agent.tsn 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_684588680440.bk Infected: Trojan.Win32.Agent.swk 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_705336224.bk Infected: Trojan.Win32.Agent.tsn 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_716600111440.bk Infected: Trojan.Win32.Agent.tgz 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_748426144549.bk Infected: Trojan.Win32.Agent.vly 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_762229506482.bk Infected: Trojan.Win32.Agent.scr 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_810606324587.bk Infected: Trojan.Win32.Agent.tgz 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_824540124483.bk Infected: Trojan.Win32.Agent.vsv 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_83711657254.bk Infected: Trojan.Win32.Agent.whl 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_881388776618.bk Infected: Trojan.Win32.Agent.rxi 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_882246224734.bk Infected: Trojan.Win32.Agent.tsn 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_89503817837.bk Infected: Trojan.Win32.Agent.swk 1 C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_91309707072.bk Infected: Trojan.Win32.Agent.whl 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\4.tmp Infected: Email-Worm.Win32.Brontok.q 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\6.tmp Infected: Email-Worm.Win32.Brontok.q 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B6.tmp Infected: Trojan.BAT.Regger.b 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B8.tmp Infected: Trojan.BAT.Regger.b 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB0 Infected: Virus.Win32.Parite.b 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB1 Infected: Virus.Win32.Parite.b 1 C:\Program Files\Trend Micro\Antivirus\QUARANTINE\BB.tmp Infected: Trojan.BAT.Regger.b 1 C:\RECYCLER\S-1-5-21-3368643098-3026558534-63294331-1006\Dc170.9+Crack-HeartBug_May08\spyhunterS.exe Infected: Trojan-Downloader.Win32.Zlob.odg 1 C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1 C:\WINDOWS\system32\atsxyzd.sys Infected: Trojan.Win32.DNSChanger.gtg 1 C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bka 1 C:\WINDOWS\system32\cexwxfst.sys Infected: Trojan-Clicker.Win32.VB.bgz 1 C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.blp 1 C:\WINDOWS\system32\nftscpd.sys Infected: Trojan.Win32.Delf.dbc 1 C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1 C:\WINDOWS\system32\ntscpd.sys Infected: Trojan.Win32.Delf.daj 1 C:\WINDOWS\system32\nxtscpd.sys Infected: Trojan.Win32.Delf.dbc 1 C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1 C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1 C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1 C:\WINDOWS\system32\stsycod.sys Infected: Trojan.Win32.Delf.dsw 1 C:\WINDOWS\system32\swand.sys Infected: Trojan.Win32.DNSChanger.ewt 1 C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu 1 C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.fgv 1 C:\WINDOWS\system32\tcexfst.sys Infected: Trojan-Clicker.Win32.VB.blo 1 C:\WINDOWS\system32\tmp0_838768684858.bk Infected: Trojan.Win32.DNSChanger.gtg 1 C:\WINDOWS\system32\tmpxr_135723629943.bk Infected: Trojan.Win32.Agent.xja 1 C:\WINDOWS\system32\tmpxr_146316840469.bk Infected: Trojan.Win32.Agent.xmg 1 C:\WINDOWS\system32\tmpxr_365256454975.bk Infected: Trojan.Win32.Agent.wra 1 C:\WINDOWS\system32\tmpxr_461242361512.bk Infected: Trojan.Win32.Agent.xaq 1 C:\WINDOWS\system32\tmpxr_47710669729.bk Infected: Trojan.Win32.Agent.xmg 1 C:\WINDOWS\system32\tmpxr_490105611594.bk Infected: Trojan.Win32.Agent.xji 1 C:\WINDOWS\system32\tmpxr_508099311156.bk Infected: Trojan.Win32.Agent.xfr 1 C:\WINDOWS\system32\tmpxr_541910523306.bk Infected: Trojan.Win32.Agent.xdd 1 C:\WINDOWS\system32\tmpxr_57936884060.bk Infected: Trojan.Win32.Agent.wra 1 C:\WINDOWS\system32\tmpxr_58739352092.bk Infected: Trojan.Win32.Agent.xmg 1 C:\WINDOWS\system32\tmpxr_774865809987.bk Infected: Trojan.Win32.Agent.xji 1 C:\WINDOWS\system32\tmpxr_791517120265.bk Infected: Trojan.Win32.Agent.xja 1 C:\WINDOWS\system32\tmpxr_795747295548.bk Infected: Trojan.Win32.Agent.xmg 1 C:\WINDOWS\system32\tmpxr_93281561791.bk Infected: Trojan.Win32.Agent.xja 1 C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1 C:\WINDOWS\system32\xwxfst.sys Infected: Trojan-Clicker.Win32.VB.bbn 1 C:\WINDOWS\system32\yaxcnxd.sys Infected: Trojan.Win32.DNSChanger.fwj 1 The selected area was scanned. Malwarebytes log: Malwarebytes' Anti-Malware 1.24 Database version: 1031 Windows 5.1.2600 Service Pack 2 6:09:32 PM 8/7/2008 mbam-log-8-7-2008 (18-09-32).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 131269 Time elapsed: 1 hour(s), 23 minute(s), 4 second(s) Memory Processes Infected: 3 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  13. ericagm

    Random Sound Clips, Malware. Help![RESOLVED]

    Thank you for replying to me!! Please let me know what the next steps are. I really appreciate your help in this. Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:24:59 PM, on 8/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\afinding.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\routing.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Antivirus\pccguide.exe C:\Program Files\Trend Micro\Antivirus\PCClient.exe C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe C:\Program Files\Trend Micro\Antivirus\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wserving.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe -- End of file - 12080 bytes
  14. Hi, I've recently been hearing sound clips that pop up at random times. I hear anything from music bits, to movie previews, etc. Spyware Doctor detects Trojan.Dowloader but cannot remove it. I don't know how to clean my computer of this malware. Someone, please help!