Sponsored By

ericagm

Random Sound Clips, Malware. Help![RESOLVED]

Recommended Posts

Hi,

I've recently been hearing sound clips that pop up at random times. I hear anything from music bits, to movie previews, etc. Spyware Doctor detects Trojan.Dowloader but cannot remove it. I don't know how to clean my computer of this malware. Someone, please help!

Share this post


Link to post
Share on other sites

Thank you for replying to me!!

Please let me know what the next steps are. I really appreciate your help in this.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:24:59 PM, on 8/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\afinding.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\routing.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wserving.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

--

End of file - 12080 bytes

Share this post


Link to post
Share on other sites

1.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

2.

Click HERE and run an online scan with Kaspersky WebScanner

  • Click on Kaspersky Online Scanner
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information into your next post.

3.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).

Click Scan.

When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad.

Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.

Click the Logs tab.

Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.

Share this post


Link to post
Share on other sites

Thank you for the detailed steps. :thumbsup: Easy to follow.

Here are both logs,

Kaspersky first:

Thursday, August 7, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, August 07, 2008 18:37:50

Records in database: 1067337

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

C:\

D:\

E:\

Scan statistics

Files scanned 90765

Threat name 52

Infected objects 91

Suspicious objects 0

Duration of the scan 02:48:53

File name Threat name Threats count

C:\WINDOWS\system32\afinding.exe/C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1

C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1

C:\WINDOWS\system32\routing.exe/C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1

C:\WINDOWS\system32\wserving.exe/C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1

C:\WINDOWS\system32\otaxyzd.sys/C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1

C:\WINDOWS\system32\sobicyt.exe/C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087153.exe Infected: Trojan.Win32.Agent.rtf 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087539.exe Infected: Trojan.Win32.Agent.rwl 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087762.exe Infected: Trojan.Win32.Agent.vwd 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090156.exe Infected: Trojan.Win32.Agent.suv 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090218.exe Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090775.exe Infected: Trojan.Win32.Agent.uvf 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090928.exe Infected: Trojan.Win32.Agent.thb 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091076.exe Infected: Trojan.Win32.Agent.vtw 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091149.exe Infected: Trojan.Win32.Agent.vne 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091313.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091540.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091782.exe Infected: Trojan.Win32.Agent.wgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe Infected: Trojan.Win32.Agent.vne 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe.vir Infected: Trojan.Win32.Agent.thb 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing0.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing1.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_162080289190.bk Infected: Trojan.Win32.Agent.vvx 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_177826118969.bk Infected: Trojan.Win32.Agent.ush 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_185308604937.bk Infected: Trojan.Win32.Agent.vly 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_323673469076.bk Infected: Trojan.Win32.Agent.vsv 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_32884366636.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_368766403046.bk Infected: Trojan.Win32.Agent.scr 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_485723151761.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_548726853151.bk Infected: Trojan.Win32.Agent.scr 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_616401712926.bk Infected: Trojan.Win32.Agent.vjk 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_666809771912.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_6697375516.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_673823582822.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_684588680440.bk Infected: Trojan.Win32.Agent.swk 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_705336224.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_716600111440.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_748426144549.bk Infected: Trojan.Win32.Agent.vly 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_762229506482.bk Infected: Trojan.Win32.Agent.scr 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_810606324587.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_824540124483.bk Infected: Trojan.Win32.Agent.vsv 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_83711657254.bk Infected: Trojan.Win32.Agent.whl 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_881388776618.bk Infected: Trojan.Win32.Agent.rxi 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_882246224734.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_89503817837.bk Infected: Trojan.Win32.Agent.swk 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_91309707072.bk Infected: Trojan.Win32.Agent.whl 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\4.tmp Infected: Email-Worm.Win32.Brontok.q 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\6.tmp Infected: Email-Worm.Win32.Brontok.q 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B6.tmp Infected: Trojan.BAT.Regger.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B8.tmp Infected: Trojan.BAT.Regger.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB0 Infected: Virus.Win32.Parite.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB1 Infected: Virus.Win32.Parite.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\BB.tmp Infected: Trojan.BAT.Regger.b 1

C:\RECYCLER\S-1-5-21-3368643098-3026558534-63294331-1006\Dc170.9+Crack-HeartBug_May08\spyhunterS.exe Infected: Trojan-Downloader.Win32.Zlob.odg 1

C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1

C:\WINDOWS\system32\atsxyzd.sys Infected: Trojan.Win32.DNSChanger.gtg 1

C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bka 1

C:\WINDOWS\system32\cexwxfst.sys Infected: Trojan-Clicker.Win32.VB.bgz 1

C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.blp 1

C:\WINDOWS\system32\nftscpd.sys Infected: Trojan.Win32.Delf.dbc 1

C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1

C:\WINDOWS\system32\ntscpd.sys Infected: Trojan.Win32.Delf.daj 1

C:\WINDOWS\system32\nxtscpd.sys Infected: Trojan.Win32.Delf.dbc 1

C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1

C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1

C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1

C:\WINDOWS\system32\stsycod.sys Infected: Trojan.Win32.Delf.dsw 1

C:\WINDOWS\system32\swand.sys Infected: Trojan.Win32.DNSChanger.ewt 1

C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu 1

C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.fgv 1

C:\WINDOWS\system32\tcexfst.sys Infected: Trojan-Clicker.Win32.VB.blo 1

C:\WINDOWS\system32\tmp0_838768684858.bk Infected: Trojan.Win32.DNSChanger.gtg 1

C:\WINDOWS\system32\tmpxr_135723629943.bk Infected: Trojan.Win32.Agent.xja 1

C:\WINDOWS\system32\tmpxr_146316840469.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_365256454975.bk Infected: Trojan.Win32.Agent.wra 1

C:\WINDOWS\system32\tmpxr_461242361512.bk Infected: Trojan.Win32.Agent.xaq 1

C:\WINDOWS\system32\tmpxr_47710669729.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_490105611594.bk Infected: Trojan.Win32.Agent.xji 1

C:\WINDOWS\system32\tmpxr_508099311156.bk Infected: Trojan.Win32.Agent.xfr 1

C:\WINDOWS\system32\tmpxr_541910523306.bk Infected: Trojan.Win32.Agent.xdd 1

C:\WINDOWS\system32\tmpxr_57936884060.bk Infected: Trojan.Win32.Agent.wra 1

C:\WINDOWS\system32\tmpxr_58739352092.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_774865809987.bk Infected: Trojan.Win32.Agent.xji 1

C:\WINDOWS\system32\tmpxr_791517120265.bk Infected: Trojan.Win32.Agent.xja 1

C:\WINDOWS\system32\tmpxr_795747295548.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_93281561791.bk Infected: Trojan.Win32.Agent.xja 1

C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1

C:\WINDOWS\system32\xwxfst.sys Infected: Trojan-Clicker.Win32.VB.bbn 1

C:\WINDOWS\system32\yaxcnxd.sys Infected: Trojan.Win32.DNSChanger.fwj 1

The selected area was scanned.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.24

Database version: 1031

Windows 5.1.2600 Service Pack 2

6:09:32 PM 8/7/2008

mbam-log-8-7-2008 (18-09-32).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 131269

Time elapsed: 1 hour(s), 23 minute(s), 4 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 10

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

1.

Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip
    C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip
    C:\WINDOWS\system32\afinding.exe
    C:\WINDOWS\system32\atsxyzd.sys
    C:\WINDOWS\system32\ceswxfst.sys
    C:\WINDOWS\system32\cexwxfst.sys
    C:\WINDOWS\system32\cfexfst.sys
    C:\WINDOWS\system32\nftscpd.sys
    C:\WINDOWS\system32\Nobicyt.exe
    C:\WINDOWS\system32\ntscpd.sys
    C:\WINDOWS\system32\nxtscpd.sys
    C:\WINDOWS\system32\otaxyzd.sys
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\system32\sobicyt.exe
    C:\WINDOWS\system32\stsycod.sys
    C:\WINDOWS\system32\swand.sys
    C:\WINDOWS\system32\sxtsyctd.sys
    C:\WINDOWS\system32\sxwand.sys
    C:\WINDOWS\system32\tcexfst.sys
    C:\WINDOWS\system32\tmp0_838768684858.bk
    C:\WINDOWS\system32\tmpxr_135723629943.bk
    C:\WINDOWS\system32\tmpxr_146316840469.bk
    C:\WINDOWS\system32\tmpxr_365256454975.bk
    C:\WINDOWS\system32\tmpxr_461242361512.bk
    C:\WINDOWS\system32\tmpxr_47710669729.bk
    C:\WINDOWS\system32\tmpxr_490105611594.bk
    C:\WINDOWS\system32\tmpxr_508099311156.bk
    C:\WINDOWS\system32\tmpxr_541910523306.bk
    C:\WINDOWS\system32\tmpxr_57936884060.bk
    C:\WINDOWS\system32\tmpxr_58739352092.bk
    C:\WINDOWS\system32\tmpxr_774865809987.bk
    C:\WINDOWS\system32\tmpxr_791517120265.bk
    C:\WINDOWS\system32\tmpxr_795747295548.bk
    C:\WINDOWS\system32\tmpxr_93281561791.bk
    C:\WINDOWS\system32\wserving.exe
    C:\WINDOWS\system32\xwxfst.sys
    C:\WINDOWS\system32\yaxcnxd.sys


  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Share this post


Link to post
Share on other sites

OTMoveIt2

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip moved successfully.

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip moved successfully.

File/Folder C:\WINDOWS\system32\afinding.exe not found.

C:\WINDOWS\system32\atsxyzd.sys moved successfully.

C:\WINDOWS\system32\ceswxfst.sys moved successfully.

C:\WINDOWS\system32\cexwxfst.sys moved successfully.

C:\WINDOWS\system32\cfexfst.sys moved successfully.

C:\WINDOWS\system32\nftscpd.sys moved successfully.

C:\WINDOWS\system32\Nobicyt.exe moved successfully.

C:\WINDOWS\system32\ntscpd.sys moved successfully.

C:\WINDOWS\system32\nxtscpd.sys moved successfully.

C:\WINDOWS\system32\otaxyzd.sys moved successfully.

File/Folder C:\WINDOWS\system32\routing.exe not found.

C:\WINDOWS\system32\sobicyt.exe moved successfully.

C:\WINDOWS\system32\stsycod.sys moved successfully.

C:\WINDOWS\system32\swand.sys moved successfully.

C:\WINDOWS\system32\sxtsyctd.sys moved successfully.

C:\WINDOWS\system32\sxwand.sys moved successfully.

C:\WINDOWS\system32\tcexfst.sys moved successfully.

C:\WINDOWS\system32\tmp0_838768684858.bk moved successfully.

C:\WINDOWS\system32\tmpxr_135723629943.bk moved successfully.

C:\WINDOWS\system32\tmpxr_146316840469.bk moved successfully.

C:\WINDOWS\system32\tmpxr_365256454975.bk moved successfully.

C:\WINDOWS\system32\tmpxr_461242361512.bk moved successfully.

C:\WINDOWS\system32\tmpxr_47710669729.bk moved successfully.

C:\WINDOWS\system32\tmpxr_490105611594.bk moved successfully.

C:\WINDOWS\system32\tmpxr_508099311156.bk moved successfully.

C:\WINDOWS\system32\tmpxr_541910523306.bk moved successfully.

C:\WINDOWS\system32\tmpxr_57936884060.bk moved successfully.

C:\WINDOWS\system32\tmpxr_58739352092.bk moved successfully.

C:\WINDOWS\system32\tmpxr_774865809987.bk moved successfully.

C:\WINDOWS\system32\tmpxr_791517120265.bk moved successfully.

C:\WINDOWS\system32\tmpxr_795747295548.bk moved successfully.

C:\WINDOWS\system32\tmpxr_93281561791.bk moved successfully.

File/Folder C:\WINDOWS\system32\wserving.exe not found.

C:\WINDOWS\system32\xwxfst.sys moved successfully.

C:\WINDOWS\system32\yaxcnxd.sys moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_183844

Deckard's Log:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz

CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz

Percentage of Memory in Use: 53%

Physical Memory (total/avail): 1013.98 MiB / 467.48 MiB

Pagefile Memory (total/avail): 2439.68 MiB / 2036.46 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1928.03 MiB

C: is Fixed (NTFS) - 65.69 GiB total, 2.15 GiB free.

D: is Fixed (FAT32) - 7.82 GiB total, 0.63 GiB free.

E: is CDROM (No Media)

F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 3 partitions

\PARTITION0 (bootable) - Installable File System - 65.69 GiB - C:

\PARTITION1 - Unknown - 7.84 GiB - D:

\PARTITION2 - Unknown - 1027.6 MiB

\\.\PHYSICALDRIVE1 - - 7.84 MiB - partitions

\PARTITION0 - MS-DOS V4 Huge - 483.76 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Security 2006 v2006 (Symantec Corporation)

AV: Norton Internet Security 2006 v2006 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\kav\\kis\\setup.exe"="C:\\kav\\kis\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java Platform SE binary"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\EricaGM\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=YOUR-4105E587B6

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\EricaGM

LOGONSERVER=\\YOUR-4105E587B6

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;.

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PCTYPE=PAVILION

PLATFORM=MCD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e08

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp

TMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp

USERDOMAIN=YOUR-4105E587B6

USERNAME=EricaGM

USERPROFILE=C:\Documents and Settings\EricaGM

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

EricaGM (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}

Adobe Acrobat 8.1.2 Security Update 1 (KB403742) -->

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Reader 8.1.2 Security Update 1 (KB403742) -->

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iqta30a0a.INF

Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove

Creative WebCam Live! Ultra Driver (1.01.03.0127) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog

Creative WebCam Live! Ultra User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu"

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}

Gre Bible --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Gre Bible\ST6UNST.LOG"

HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_qta30a0k\HXFSETUP.EXE -U -IQTA30A0K.INF

Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly

HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall

HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly

HP User Guides 0009 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58C62A8E-E628-4822-A0F2-BBE10329D53F}\Setup.exe" -l0x9 -removeonly

HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst

I/OMagic DataBank --> C:\PROGRA~1\IOMagic\DataBank\UNWISE.EXE C:\PROGRA~1\IOMagic\DataBank\INSTALL.LOG

Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

Intel® PRO Network Connections Drivers --> Prounstl.exe

iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}

Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}

Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst

QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}

River Past Video Cleaner Pro --> C:\WINDOWS\Video Cleaner Pro Uninstaller.exe

Samsung USB Driver (MCCI 4.24 WHQL) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Security Update for Step By Step Interactive Training (KB898458) -->

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly

Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log

Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}

TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"

Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"

Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly

-- Application Event Log -------------------------------------------------------

Event Record #/Type7975 / Error

Event Submitted/Written: 08/04/2008 06:53:41 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type7931 / Error

Event Submitted/Written: 08/04/2008 00:10:45 AM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced.

Processing media-specific event for [sxtsyctd.sys!ws!]

Event Record #/Type7929 / Error

Event Submitted/Written: 08/04/2008 00:06:10 AM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x000022b2.

Processing media-specific event for [sxtsyctd.sys!ws!]

Event Record #/Type7918 / Error

Event Submitted/Written: 08/03/2008 00:33:43 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced.

Processing media-specific event for [sxtsyctd.sys!ws!]

Event Record #/Type7861 / Success

Event Submitted/Written: 08/01/2008 04:36:19 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type79469 / Error

Event Submitted/Written: 08/07/2008 06:12:27 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79467 / Error

Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79466 / Error

Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79465 / Error

Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79464 / Error

Event Submitted/Written: 08/07/2008 06:12:05 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

-- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------

Share this post


Link to post
Share on other sites

I found it:

Deckard's System Scanner v20071014.68

Run by EricaGM on 2008-08-07 18:40:09

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

87: 2008-08-07 22:40:27 UTC - RP468 - Deckard's System Scanner Restore Point

86: 2008-08-06 21:21:38 UTC - RP467 - Spyware Doctor: Cleaning Threats

85: 2008-08-06 21:20:53 UTC - RP466 - Spyware Doctor: Cleaning Threats

84: 2008-08-06 03:33:10 UTC - RP465 - System Checkpoint

83: 2008-08-04 16:02:38 UTC - RP464 - Spyware Doctor: Cleaning Threats

-- First Restore Point --

1: 2008-05-10 16:43:43 UTC - RP382 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 2.15 GiB (less than 15%) free.

-- HijackThis (run as EricaGM.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:42:17 PM, on 8/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\macidwe.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\system32\sobicyt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\tdxdowkc.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\EricaGM\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\EricaGM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--

End of file - 11127 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.reg - regfile - shell\open\command - regedit.exe "%1" %*

.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>

R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; Quick Launch Buttons>

R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>

R3 pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; Quick Launch Buttons>

S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)

S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)

S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 macidwe (macidwe Service) - c:\windows\system32\macidwe.exe

R2 NOBICYT (NOBICYT Service) - c:\windows\system32\nobicyt.exe (file missing)

R2 sobicyt - c:\windows\system32\sobicyt.exe (file missing)

R2 tdxdowkc (tdxdowkc Service) - c:\windows\system32\tdxdowkc.exe

R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>

S2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: SCSI/RAID Host Controller

Device ID: ACPI\PNPA000\4&44447945&0

Manufacturer: (Standard mass storage controllers)

Name: SCSI/RAID Host Controller

PNP Device ID: ACPI\PNPA000\4&44447945&0

Service: adgcdzyz

-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 23:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2008-04-14 09:00:01 868 --a------ C:\WINDOWS\Tasks\wrSpySweeper20060612064852.job

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 16:44:00 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Malwarebytes

2008-08-07 16:43:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-07 16:43:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-07 12:34:54 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Elluminate

2008-08-06 23:32:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia

2008-08-04 20:44:39 0 d-------- C:\Documents and Settings\EricaGM\Application Data\TrojanHunter

2008-08-04 18:12:21 0 d-------- C:\Program Files\TrojanHunter 5.0

2008-07-31 17:00:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-31 12:18:41 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Sunbelt Software

2008-07-31 11:32:04 0 d-------- C:\Program Files\uTorrent

2008-07-29 01:18:09 0 d-------- C:\Program Files\Gre Bible

2008-07-29 01:17:54 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>

2008-07-29 01:17:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

2008-07-21 20:25:48 0 d-------- C:\Documents and Settings\EricaGM\DoctorWeb

2008-07-20 03:28:08 68096 --a------ C:\WINDOWS\zip.exe

2008-07-20 03:28:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-07-20 03:28:08 98816 --a------ C:\WINDOWS\sed.exe

2008-07-20 03:28:08 80412 --a------ C:\WINDOWS\grep.exe

2008-07-20 03:28:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-07-20 03:28:07 49152 --a------ C:\WINDOWS\VFind.exe

2008-07-20 03:28:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-07-20 02:17:39 0 dr------- C:\Documents and Settings\LocalService\Favorites

-- Find3M Report ---------------------------------------------------------------

2008-08-07 18:10:29 30008 --a------ C:\Documents and Settings\EricaGM\Application Data\.googlewebacchosts

2008-08-07 13:12:09 0 d-------- C:\Program Files\Spyware Doctor

2008-08-06 23:33:18 0 d-------- C:\Program Files\Google

2008-08-04 19:06:46 0 d-------- C:\Documents and Settings\EricaGM\Application Data\uTorrent

2008-08-04 18:32:08 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Skype

2008-08-04 16:03:19 0 d-------- C:\Documents and Settings\EricaGM\Application Data\skypePM

2008-08-04 11:55:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-01 14:48:36 0 d-------- C:\Documents and Settings\EricaGM\Application Data\LimeWire

2008-07-30 02:22:58 0 d-------- C:\Program Files\Common Files\Real

2008-07-30 02:22:52 0 d-------- C:\Program Files\Common Files

2008-07-30 02:22:46 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Real

2008-07-22 18:53:32 0 d-------- C:\Program Files\music_now

2008-07-22 15:16:01 0 d-------- C:\Documents and Settings\EricaGM\Application Data\MSNInstaller

2008-07-20 03:16:56 0 d-------- C:\Program Files\Trend Micro

2008-07-01 19:57:03 31915564 --a------ C:\Program Files\kis7.0.1.325en.exe <Not Verified; Kaspersky Lab; Kaspersky Internet Security>

2008-06-24 02:10:33 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Printer Info Cache

2008-06-24 02:04:10 0 d-------- C:\Documents and Settings\EricaGM\Application Data\Costco Photo Organizer

2008-06-24 02:02:31 5998080 --a------ C:\Program Files\Costco_1.5.0.102.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2008-06-08 23:46:28 0 d-------- C:\Documents and Settings\EricaGM\Application Data\U3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM]

"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [01/25/2006 02:21 PM]

"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 06:51 PM]

"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 06:51 PM]

"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 06:50 PM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 05:27 PM]

"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [08/04/2008 06:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -cexwxfst.sys2.0

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/2/2008 10:27:45 PM]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 4:01:04 AM]

Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/10/2007 1:24:38 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"Registration"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 05:39 PM 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

"C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

C:\Windows\CREATOR\Remind_XP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc2a388-0366-11dc-abf0-00163607b1d7}]

AutoRun\command- H:\qwc.exe

explore\Command- H:\qwc.exe

open\Command- H:\qwc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118bc8-7bfc-11db-aae8-00163607b1d7}]

AutoRun\command- uqhqx1.cmd

explore\Command- uqhqx1.cmd

open\Command- uqhqx1.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38610133-0e34-11db-a9ee-00163607b1d7}]

Auto\command- H:\MSOCache\doWTP_RESTORE.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c60959f-8c80-11dc-acc6-00163607b1d7}]

AutoRun\command- .exe

explore\Command- .exe

open\Command- .exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488107b4-5c04-11dc-ac4e-00163607b1d7}]

AutoRun\command- J:\qwc.exe

explore\Command- J:\qwc.exe

open\Command- J:\qwc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58278598-435a-11dc-ac22-00163607b1d7}]

Auto\command- G:\MSOCache\doWTP_RESTORE.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586284de-9e1b-11db-ab21-00163607b1d7}]

AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586284df-9e1b-11db-ab21-00163607b1d7}]

Auto\command- MSOCache\doWTP_RESTORE.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ac8710-544e-11dc-ac3b-00163607b1d7}]

Auto\command- G:\MSOCache\doWTP_RESTORE.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7de040aa-2ef1-11db-aa3f-00163607b1d7}]

AutoRun\command- rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5e834d6-4acf-11dc-ac2c-00163607b1d7}]

Auto\command- G:\MSOCache\doWTP_RESTORE.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

-- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------

Share this post


Link to post
Share on other sites

Your out of spqace of your C drive. You should buy another hard drive. You may find that some programs do not work properly.

1.

Updating Java and Clearing Cache

  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp

[*]After the reboot, go back into the Control Panel and double-click the Java Icon.

[*]Under Temporary Internet Files, click the Delete Files button.

[*]There are three options in the window to clear the cache - Leave ALL 3 Checked

  • Downloaded Applets
    Downloaded Applications
    Other Files

[*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

[*]Click OK to leave the Java Control Panel.

2.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

3.

Please go to UploadMalware to upload a suspicious file for analysis.

  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for these filenames:
    • C:\WINDOWS\system32\macidwe.exe
      C:\WINDOWS\system32\Nobicyt.exe
      C:\WINDOWS\system32\sobicyt.exe
      C:\WINDOWS\system32\tdxdowkc.exe

    [*]In the comments, please mention that I asked you to upload this file.

    [*]Click on Send File

    [*]I will receive the files once you have uploaded them.

Post a fresh Hijack This log in a reply.

Share this post


Link to post
Share on other sites

Thanks for the steps. Here is my recent log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:28:34 AM, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AFinding.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\macidwe.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\system32\perfs.exe

C:\WINDOWS\system32\routing.exe

C:\WINDOWS\system32\sobicyt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\WINDOWS\system32\tdxdowkc.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WServing.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Picasa2\Picasa2.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe

O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe

O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe

--

End of file - 12245 bytes

Share this post


Link to post
Share on other sites
@echo off

sc stop afinding

sc stop macidwe

sc stop NOBICYT

sc stop perfs

sc stop routing

sc stop sobicyt

sc stop tdxdowkc

sc stop wserving

sc delete afinding

sc delete macidwe

sc delete NOBICYT

sc delete perfs

sc delete routing

sc delete sobicyt

sc delete tdxdowkc

sc delete wserving

exit

First you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.

Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

Then in the FILE NAME box type fix.bat

This will create a batch file batmp6.jpg

Then run fix.bat by double clicking you may see a black box appear this is normal

Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    [kill explorer]
    afinding <delete service>
    macidwe <delete service>
    NOBICYT <delete service>
    perfs <delete service>
    routing <delete service>
    sobicyt <delete service>
    tdxdowkc <delete service>
    wserving <delete service>
    C:\WINDOWS\system32\AFinding.exe
    C:\WINDOWS\system32\macidwe.exe
    C:\WINDOWS\system32\Nobicyt.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\system32\sobicyt.exe
    C:\WINDOWS\system32\tdxdowkc.exe
    C:\WINDOWS\system32\WServing.exe
    [start explorer]


  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post a fresh Hijack This log in a reply.

Edited by sarahw

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:50:07 AM, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AFinding.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\macidwe.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\system32\perfs.exe

C:\WINDOWS\system32\routing.exe

C:\WINDOWS\system32\sobicyt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\WINDOWS\system32\tdxdowkc.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WServing.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe

O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe

O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe

--

End of file - 12207 bytes

Share this post


Link to post
Share on other sites

OTMoveIT2 Log:

Explorer killed successfully

Service not present: afinding.

Service not present: macidwe.

Service not present: NOBICYT.

Service not present: perfs.

Service not present: routing.

Service not present: sobicyt.

Service not present: tdxdowkc.

Service not present: wserving.

C:\WINDOWS\system32\AFinding.exe moved successfully.

C:\WINDOWS\system32\macidwe.exe moved successfully.

C:\WINDOWS\system32\Nobicyt.exe moved successfully.

C:\WINDOWS\system32\perfs.exe moved successfully.

C:\WINDOWS\system32\routing.exe moved successfully.

C:\WINDOWS\system32\sobicyt.exe moved successfully.

C:\WINDOWS\system32\tdxdowkc.exe moved successfully.

C:\WINDOWS\system32\WServing.exe moved successfully.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_045554

Updated Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:57:43 AM, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AFinding.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\macidwe.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\system32\perfs.exe

C:\WINDOWS\system32\routing.exe

C:\WINDOWS\system32\sobicyt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\WINDOWS\system32\tdxdowkc.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WServing.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\EricaGM\Desktop\OTMoveIt2.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)

O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)

--

End of file - 12384 bytes

Share this post


Link to post
Share on other sites

Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)

O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)

O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot and post a fresh Hijack This log

Edited by sarahw

Share this post


Link to post
Share on other sites

When I reran Hijack This, these did not show up:

O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)

O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)

O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)

Last night I didn't restart my computer, so I'm thinking that I needed to reboot my computer in order for the cleaning to take effect. ?

Here is my new log (all clean?):

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:13:42 PM, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--

End of file - 11210 bytes

Share this post


Link to post
Share on other sites

I was wondering why they were still there. I should have told you to reboot.

How is the computer running?

Share this post


Link to post
Share on other sites

I haven't heard the random sound clips yet!!! phew! I re-ran Spy Doctor and it said I had A LOT of infected files with Application.TrackingCookies, Adware.Advertising, and Spyware.Known_Bad_Sites. Is this the same issue? or something completely different? I click to Clean the files, but every time I re-scan, files continue to be infected. I'm not sure if this is related to my previous problem??

Share this post


Link to post
Share on other sites

I couldn't figure out how to view the log. Here is what I got:

8/11/2008 3:21:30 AM:437

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 9:24:05 AM:0

Immunizer Results

ActiveX section has been immunized, Processed 2 items.

8/11/2008 1:41:41 PM:750

Service Stopped

Spyware Doctor Service Application Stopped

8/11/2008 1:43:26 PM:140

Service Started

Spyware Doctor Service Application started

8/11/2008 1:43:26 PM:156

OnGuards status

All OnGuards were Enabled

8/11/2008 1:43:26 PM:906

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 1:43:34 PM:843

Scan Started

Scan Type - Full Scan

8/11/2008 1:43:34 PM:843

Startup Scan

Initialising Startup Scan:Full scan of this computer

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_872265 .statcounter.com

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VID .yadro.ru

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2410742 .statcounter.com

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2704265 .statcounter.com

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_1228341 .statcounter.com

8/11/2008 1:44:48 PM:15

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fobbcox7Ceglcmac .2o7.net

8/11/2008 1:44:48 PM:15

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijrkx7C .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijupe .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fx60ejdhj .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fhkpwjv .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net

8/11/2008 1:44:48 PM:125

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .kango.112.2o7.net

8/11/2008 1:44:48 PM:437

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ACOOKIE statse.webtrendslive.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentviewslr .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - k .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - visitorId .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - rvd .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - prf .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - _jsen1 .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentview .nextag.com

8/11/2008 1:44:48 PM:703

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickACTIVE server.iad.liveperson.net

8/11/2008 1:44:48 PM:703

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickID server.iad.liveperson.net

8/11/2008 1:44:48 PM:843

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - XCLGFbrowser .com.com

8/11/2008 1:44:48 PM:843

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .ice.112.2o7.net

8/11/2008 1:44:49 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VISID counter.hitslink.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSCD www.bluemountain.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrOSSID www.bluemountain.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - mc_p .bluemountain.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSSID www.bluemountain.com

8/11/2008 1:44:49 PM:890

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - buzz466 www.buzztone.com

8/11/2008 1:44:50 PM:312

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - id .doubleclick.net

8/11/2008 1:44:50 PM:734

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_statp .linksynergy.com

8/11/2008 1:44:50 PM:734

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_track .linksynergy.com

8/11/2008 1:44:51 PM:375

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - HumanClickID sales.liveperson.net

8/11/2008 1:44:51 PM:921

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .mohg.112.2o7.net

8/11/2008 1:44:51 PM:937

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .viamtvcom.112.2o7.net

8/11/2008 1:44:52 PM:140

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - NC1U www3.addfreestats.com

8/11/2008 1:44:52 PM:203

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .avgtechnologies.112.2o7.net

8/11/2008 1:44:52 PM:281

Infection was detected on this computer

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - HISTORY .adultfriendfinder.com

8/11/2008 1:44:52 PM:281

Infection was detected on this computer

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - ffadult_tr .adultfriendfinder.com

8/11/2008 1:44:52 PM:625

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .webxites.122.2o7.net

8/11/2008 1:44:52 PM:765

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .warnerbros.112.2o7.net

8/11/2008 1:44:53 PM:0

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .saksfifthavenue.122.2o7.net

8/11/2008 2:11:58 PM:875

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 2:32:54 PM:250

Scan Finished

Scan Type - Full Scan

Items Processed - 288187

Threats Detected - 3

Infections Detected - 46

Infections Ignored - 0

8/11/2008 2:36:31 PM:937

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - NC1U www3.addfreestats.com

8/11/2008 2:36:31 PM:968

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_track .linksynergy.com

8/11/2008 2:36:31 PM:984

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_statp .linksynergy.com

8/11/2008 2:36:32 PM:31

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - XCLGFbrowser .com.com

8/11/2008 2:36:32 PM:31

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickID server.iad.liveperson.net

8/11/2008 2:36:32 PM:46

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickACTIVE server.iad.liveperson.net

8/11/2008 2:36:32 PM:78

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentview .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - _jsen1 .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - prf .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - rvd .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - visitorId .nextag.com

8/11/2008 2:36:32 PM:109

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - k .nextag.com

8/11/2008 2:36:32 PM:109

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentviewslr .nextag.com

8/11/2008 2:36:32 PM:125

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_1228341 .statcounter.com

8/11/2008 2:36:32 PM:140

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2704265 .statcounter.com

8/11/2008 2:36:32 PM:140

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2410742 .statcounter.com

8/11/2008 2:36:32 PM:140

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_872265 .statcounter.com

8/11/2008 2:36:32 PM:375

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .saksfifthavenue.122.2o7.net

8/11/2008 2:36:32 PM:375

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .warnerbros.112.2o7.net

8/11/2008 2:36:32 PM:421

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .webxites.122.2o7.net

8/11/2008 2:36:32 PM:421

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .avgtechnologies.112.2o7.net

8/11/2008 2:36:32 PM:421

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .viamtvcom.112.2o7.net

8/11/2008 2:36:32 PM:484

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .mohg.112.2o7.net

8/11/2008 2:36:32 PM:484

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - HumanClickID sales.liveperson.net

8/11/2008 2:36:32 PM:484

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - id .doubleclick.net

8/11/2008 2:36:32 PM:515

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - buzz466 www.buzztone.com

8/11/2008 2:36:32 PM:515

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSSID www.bluemountain.com

8/11/2008 2:36:32 PM:578

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - mc_p .bluemountain.com

8/11/2008 2:36:32 PM:578

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrOSSID www.bluemountain.com

8/11/2008 2:36:32 PM:578

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSCD www.bluemountain.com

8/11/2008 2:36:32 PM:593

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VISID counter.hitslink.com

8/11/2008 2:36:32 PM:671

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .ice.112.2o7.net

8/11/2008 2:36:32 PM:687

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ACOOKIE statse.webtrendslive.com

8/11/2008 2:36:32 PM:687

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .kango.112.2o7.net

8/11/2008 2:36:32 PM:718

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net

8/11/2008 2:36:32 PM:718

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net

8/11/2008 2:36:32 PM:734

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net

8/11/2008 2:36:32 PM:781

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fhkpwjv .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fx60ejdhj .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijupe .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijrkx7C .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net

8/11/2008 2:36:32 PM:875

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fobbcox7Ceglcmac .2o7.net

8/11/2008 2:36:32 PM:937

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VID .yadro.ru

8/11/2008 2:36:33 PM:593

Infection cleaned

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - ffadult_tr .adultfriendfinder.com

8/11/2008 2:36:33 PM:593

Infection cleaned

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - HISTORY .adultfriendfinder.com

8/11/2008 2:36:39 PM:62

Infections Quarantined/Removed Summary

Quarantined - 0

Quarantine Failed - 0

Removed - 46

Remove Failed - 0

8/11/2008 3:02:41 PM:671

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 6:00:20 PM:625

Scan Started

Scan Type - Intelli-Scan

8/11/2008 6:00:20 PM:687

Scheduled task started

Initializing Scheduled task: Intelli-Scan of this computer

8/11/2008 6:00:41 PM:218

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_872265 .statcounter.com

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VID .yadro.ru

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2410742 .statcounter.com

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2704265 .statcounter.com

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_1228341 .statcounter.com

8/11/2008 6:00:41 PM:828

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fobbcox7Ceglcmac .2o7.net

8/11/2008 6:00:41 PM:828

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net

Share this post


Link to post
Share on other sites

Hi,

All those items found by your scanner are cookies. They are esentially harmless. Cookies are stored on your computer by sites to recognise who you are. For example, you log on to this site and select the option to remember you next time you visit besttechie. This happens because the site recognises your computer by looking for a specific cookie.

Cookies are also subject to a number of misconceptions, mostly based on the erroneous notion that they are computer programs. In fact, cookies are simple pieces of data unable to perform any operation by themselves. In particular, they are neither spyware nor viruses, despite the detection of cookies from certain sites by many anti-spyware products.

There is a program you can use below to delete your cookies and other files/folders where Malware likes to hide.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download OTCleanIt from HERE to your desktop.

Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.

Congratulations, your log is now clean. :thumbsup:

A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.

Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.

Free Online Scans:

Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.

Free Temp Cleaners:

Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.

Free Firewall Downloads:

You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.

Free Anti Spyware Downloads:

An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.

Free Anti Virus Downloads:

A must have for all computers. Avast! recommended.

Other Free Tools:

  • SpywareGuard
    Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd
    This tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • Memtest86
    Great memory testing software.
  • CPU-Z
    This application gives detailed information about your system in a nice layout
  • Speedfan
    Returns and monitors system temperatures.
  • Windows Updates
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You can now Rehide your system files by using the reversal of these instructions HERE

Useful Reading:

Slow Computer? HERE are some tips to speed it up.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read THIS article by Tony Klein.

If you have any other problems or questions be sure to ask. :)

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.