Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware On Cp/ Can't Remove


  • This topic is locked This topic is locked
16 replies to this topic

#1 Julianna W

Julianna W

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 28 February 2008 - 09:41 PM

Five days ago I started having problems with Internet Explorer and getting a lot of pop-ups. I tried running Spybot, but the pop-ups got worse and every time I went to rescan the problems kept reappearing. At one time I opened I.E. and got 58 consecutive pop-ups. So I tried using Firefox only, but I still get I.E. pop-ups, just not as frequent.

Some of the pop-ups are:
deuscleaneronline.com
conferencingonweb.com
esmarttax.com
firstpremierbankgold.com
fubar.com
lynxtrack.com
setthetrend.com
wallst.net

I have used Spybot, SuperAntiSpyware, Dr. Web Cure It, ESET Online Scanner, Panda Active Scan, and McAfee Stinger. But the problem still persists and most of the scanners cannot get rid of all of the problems. I could not use Ad-Aware because my computer would not load it for some strange reason, no matter what I tried. Spybot reported that my computer was infected with Adware, Malware, Trojan(?), and Rootkit. But, I am having problems using Spybot as it keeps freezing in mid-scan.

I had problems after running SuperAntiSpyware and restarting my computer. When I turned on my computer to restart it gave me several options as to how I could run my computer:
safe mode
safe mode with networking
last known previous configurations
run Windows normally

When I tried to run Windows normally it continuously kept restarting, so I decided to run it with safe mode and networking. I still cannot run Windows normally and at this point I'm concerned if I will ever be able to again!

In the original post I made on this website, the person helping me thought my problem might be all malware related.

I have also been getting three different error messages since yesterday.

First error message:
Your system could become unstable
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer. **** WXYZ. SYS - Address F73120AE base at C00000, DateStamp 36b07 2a3 Kernel Debugger Using: Com2 Cport 0X28F, Baud rate 192000)


Second error message:
SysFader: IEXPLORE.EXE Potential Application Error
The instruction at "0x01d62739" referenced memory at "0x02354e50". The memory could not be "read. Click ok to terminate.

That's exactly what it said, even with the missed quote around read.


Third error message:
A Critical error could occur
*** STOP: 0X000007B (OXF2184, 0X00000, 0XCC0034) ***
Inacessible handler or device
Click this balloon to fix the problem.

This third error message seems to be linked to a website called Storageprotector.com. There are also two icons on my desktop, one that says "Windows update" and the second says, "help and support," but by clicking on the properties you can see that they are fictitious.


I apologize if this if too much information, but I just wanted to be thorough. I don't know very much about computers so I just wanted to say thank you in advance for any help given.



Here is my Hijack Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:43 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [b4fe43bd] rundll32.exe "C:\WINDOWS\system32\pxegjhoo.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BMb7cd7021] Rundll32.exe "C:\WINDOWS\system32\xhewpwbj.dll",s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gzfiicm] "C:\Documents and Settings\HP_Owner\Application Data\?asks\r?gedit.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Turbo Pizza\Images\stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Turbo Pizza\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8724 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 29 February 2008 - 04:23 PM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 29 February 2008 - 11:07 PM

Thank you for responding!

After running Malwarebytes and restarting my computer I got this new error message:

Important - Potential Errors found in the system
During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql:1f SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED


Here is my Malwarebytes LOG:

Malwarebytes' Anti-Malware 1.05
Database version: 435

Scan type: Quick Scan
Objects scanned: 35261
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 74

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\clhtgotj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\djvioluq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmkjg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ydchtadk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\__c0026A51.dat (Trojan.Zlob) -> Unloaded module successfully.
C:\WINDOWS\system32\__c0034E01.dat (Trojan.Zlob) -> Unloaded module successfully.
C:\WINDOWS\system32\__c0088CF1.dat (Trojan.Zlob) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51e5a049-f713-4243-a8f8-9ced7bd024a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{51e5a049-f713-4243-a8f8-9ced7bd024a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed120d76-bf31-412c-a99b-783c6676e128} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydchtadk (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0034e01 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0088cf1 (Trojan.Zlob) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkjg.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ax3 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hc4 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jk8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\aqtlqjcp.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccqfydpy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypdyfqcc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clhtgotj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jtogthlc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djvioluq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\quloivjd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzrjwugx.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iltdciwy.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmkjg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gjkmp.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gjkmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxegjhoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oohjgexp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ydchtadk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ydchtadk.dllbox (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\drivers\nwlnknbb.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hc4\pon89104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\RABCO\ExecutionDll.dll (Adware.RABCO) -> Quarantined and deleted successfully.
C:\Program Files\RABCO\RABCOse.original (Adware.RABCO) -> Quarantined and deleted successfully.
C:\Program Files\RABCO\Setup.log (Adware.RABCO) -> Quarantined and deleted successfully.
C:\Program Files\RABCO\un_RABCOSetup_16230.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\Program Files\RABCO\un_RABCOSetup_16230.txt (Adware.RABCO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\home.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp5054718 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp59314640 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp59465531 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp64119343 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp74702062 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp7792093 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp83561000 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c001FB8D.dat (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0026A51.dat (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\system32\__c0034E01.dat (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\system32\__c003A240.dat (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00578E4.dat (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0072D72.dat (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0088CF1.dat (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\Help and Support Center.lnk (Rogue.Link) -> Delete on reboot.



Here is my new Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:17 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {02BC62D8-FE8E-4220-872B-8F93CD38E6AF} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4717CEE9-5176-2AFE-061A-2E00CABB8191} - (no file)
O2 - BHO: (no name) - {51E5A049-F713-4243-A8F8-9CED7BD024A9} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ydchtadk.dll
O2 - BHO: (no name) - {B8AAF3F3-80C8-419D-88C2-0397928CC5B8} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: 0 - {D0293C46-DD5A-4729-A4B1-44B3D2EE93F1} - C:\Program Files\ComPlus Applications\lavuhaw689.dll (file missing)
O2 - BHO: (no name) - {DA112CB4-77BF-4A21-95FB-5BC8DE79DA6A} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BMb7cd7021] Rundll32.exe "C:\WINDOWS\system32\urrnuagm.dll",s
O4 - HKLM\..\Run: [b4fe43bd] rundll32.exe "C:\WINDOWS\system32\djvioluq.dll",b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gzfiicm] "C:\Documents and Settings\HP_Owner\Application Data\?asks\r?gedit.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Turbo Pizza\Images\stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Turbo Pizza\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dzrjwugx - dzrjwugx.dll (file missing)
O20 - Winlogon Notify: gpxtlrjp - C:\WINDOWS\SYSTEM32\gpxtlrjp.dll
O20 - Winlogon Notify: ilfjiujp - C:\WINDOWS\SYSTEM32\ilfjiujp.dll
O20 - Winlogon Notify: iltdciwy - iltdciwy.dll (file missing)
O20 - Winlogon Notify: mdmsxvqi - C:\WINDOWS\SYSTEM32\mdmsxvqi.dll
O20 - Winlogon Notify: mgraujca - C:\WINDOWS\SYSTEM32\mgraujca.dll
O20 - Winlogon Notify: xxywurq - C:\WINDOWS\
O20 - Winlogon Notify: ydchtadk - C:\WINDOWS\SYSTEM32\ydchtadk.dll
O20 - Winlogon Notify: __c0088CF1 - __c0088CF1.dat (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10416 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 01 March 2008 - 01:06 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then,

Please make sure that your computer can boot into normal mode, so turn the safe mode option off, because malwarebytes antimalwarescanner needs to remove some files after reboot and this won't work in Windows safe mode.

So reboot back to normal mode to let MBAM delete the rest.

Then,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {02BC62D8-FE8E-4220-872B-8F93CD38E6AF} - (no file)
O2 - BHO: (no name) - {4717CEE9-5176-2AFE-061A-2E00CABB8191} - (no file)
O2 - BHO: (no name) - {51E5A049-F713-4243-A8F8-9CED7BD024A9} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ydchtadk.dll
O2 - BHO: (no name) - {B8AAF3F3-80C8-419D-88C2-0397928CC5B8} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: 0 - {D0293C46-DD5A-4729-A4B1-44B3D2EE93F1} - C:\Program Files\ComPlus Applications\lavuhaw689.dll (file missing)
O2 - BHO: (no name) - {DA112CB4-77BF-4A21-95FB-5BC8DE79DA6A} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BMb7cd7021] Rundll32.exe "C:\WINDOWS\system32\urrnuagm.dll",s
O4 - HKLM\..\Run: [b4fe43bd] rundll32.exe "C:\WINDOWS\system32\djvioluq.dll",b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Gzfiicm] "C:\Documents and Settings\HP_Owner\Application Data\?asks\r?gedit.exe"
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Turbo Pizza\Images\stg_drm.ocx
O20 - Winlogon Notify: dzrjwugx - dzrjwugx.dll (file missing)
O20 - Winlogon Notify: gpxtlrjp - C:\WINDOWS\SYSTEM32\gpxtlrjp.dll
O20 - Winlogon Notify: ilfjiujp - C:\WINDOWS\SYSTEM32\ilfjiujp.dll
O20 - Winlogon Notify: iltdciwy - iltdciwy.dll (file missing)
O20 - Winlogon Notify: mdmsxvqi - C:\WINDOWS\SYSTEM32\mdmsxvqi.dll
O20 - Winlogon Notify: mgraujca - C:\WINDOWS\SYSTEM32\mgraujca.dll
O20 - Winlogon Notify: xxywurq - C:\WINDOWS\
O20 - Winlogon Notify: ydchtadk - C:\WINDOWS\SYSTEM32\ydchtadk.dll
O20 - Winlogon Notify: __c0088CF1 - __c0088CF1.dat (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 01 March 2008 - 10:11 AM

Thank you for reponding again and giving me the next steps!

I was able to restart my computer again in normal mode. I haven't been able to do this in days. Was this because Teatimer was diabled?

After I restarted my computer I got this new error message:

RUNDLL
Error loading C:\WINDOWS\system32\prhcbxpi.dll
The specified module could not be found.


When I went to fix the Hijack files, two of them were missing:

O4 - HKLM\..\Run: [b4fe43bd] rundll32.exe "C:\WINDOWS\system32\djvioluq.dll",b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript


And I'm sorry, but I could not download Windows XP Recovery Console because I do not have my Windows XP CD right now (it's at my mother's house). I have downloaded, but not run ComboFix. Do you want me to go ahead and run ComboFix and post a copy of the log from that?


Here is my new Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:04 AM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ydchtadk.dll
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Turbo Pizza\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gpxtlrjp - C:\WINDOWS\SYSTEM32\gpxtlrjp.dll
O20 - Winlogon Notify: ydchtadk - C:\WINDOWS\SYSTEM32\ydchtadk.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8112 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 01 March 2008 - 10:14 AM

And I'm sorry, but I could not download Windows XP Recovery Console because I do not have my Windows XP CD right now (it's at my mother's house). I have downloaded, but not run ComboFix. Do you want me to go ahead and run ComboFix and post a copy of the log from that?

Yes, because that's what I asked in my post. Also, I guess you didn't really read the instructions related with Combofix, because it is also explained there how to install the Recovery Console with Combofix. So please read the instructions again and perform them.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 01 March 2008 - 12:54 PM

I'm sorry, I misread the instructions and thought they only applied to those with Windows Vista.

After running Combofix, the screen froze before providing a log. I waited a long time incase the program was running slow. So, I had to rerun Combofix to get a log. I hope that is ok.

Here is my Combofix log:

ComboFix 08-03-01.3 - HP_Owner 2008-03-01 11:36:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-03-01 09:13 . 2008-03-01 09:13 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 22:39 . 2008-02-29 22:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-29 22:39 . 2008-02-29 22:39 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-02-29 22:39 . 2008-02-29 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-29 22:16 . 2008-02-29 22:16 33,856 --a------ C:\WINDOWS\system32\mdmsxvqi.dll
2008-02-28 22:14 . 2008-02-28 22:14 33,856 --a------ C:\WINDOWS\system32\gpxtlrjp.dll
2008-02-28 18:21 . 2008-02-28 19:21 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-28 18:07 . 2008-02-28 18:07 33,856 --a------ C:\WINDOWS\system32\eqasugqe.dll
2008-02-28 18:06 . 2008-02-28 18:06 33,856 --a------ C:\WINDOWS\system32\mgraujca.dll
2008-02-28 18:06 . 2008-02-28 18:06 33,856 --a------ C:\WINDOWS\system32\ilfjiujp.dll
2008-02-28 18:06 . 2008-02-28 18:06 33,856 --a------ C:\WINDOWS\system32\bmtofslc.dll
2008-02-28 17:38 . 2008-02-28 17:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\DoctorWeb
2008-02-27 23:36 . 2008-02-27 23:36 33,856 --a------ C:\WINDOWS\system32\plyfgrld.dll
2008-02-27 23:33 . 2008-02-27 23:33 33,856 --a------ C:\WINDOWS\system32\ugfxrdug.dll
2008-02-27 17:43 . 2008-02-27 17:43 33,856 --a------ C:\WINDOWS\system32\xjmslabk.dll
2008-02-27 17:40 . 2008-02-27 17:41 414 ---hs---- C:\WINDOWS\system32\dhyksfvl.ini
2008-02-27 17:31 . 2008-02-27 17:31 33,856 --a------ C:\WINDOWS\system32\edgvklsq.dll
2008-02-27 17:29 . 2008-02-27 17:38 354 ---hs---- C:\WINDOWS\system32\waoolfcx.ini
2008-02-27 16:50 . 2008-02-27 16:50 33,856 --a------ C:\WINDOWS\system32\jugvmten.dll
2008-02-27 16:47 . 2008-02-27 17:00 354 ---hs---- C:\WINDOWS\system32\iwliacex.ini
2008-02-27 15:23 . 2008-02-27 17:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 15:23 . 2008-02-27 17:53 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-02-27 15:23 . 2008-02-27 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 10:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 10:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 10:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 09:42 . 2008-02-29 22:10 22 --a------ C:\WINDOWS\pskt.ini
2008-02-27 09:36 . 2008-02-27 09:36 <DIR> d-------- C:\Program Files\COMODO
2008-02-27 09:36 . 2008-02-27 09:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Comodo
2008-02-27 09:36 . 2008-02-27 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-27 09:36 . 2008-02-27 09:36 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-02-27 09:36 . 2008-02-27 09:36 84,856 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-02-27 09:36 . 2008-02-27 09:36 23,800 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-02-26 21:52 . 2008-02-26 21:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-26 20:43 . 2008-02-26 21:52 4,658 --a------ C:\WINDOWS\unins000.dat
2008-02-26 20:22 . 2008-02-26 20:22 <DIR> d-------- C:\WINDOWS\system32\fs7
2008-02-26 06:42 . 2008-02-26 06:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 06:42 . 2008-02-26 06:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 15:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-27 15:38 --------- d-----w C:\Program Files\Symantec
2008-02-27 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-27 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 02:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-21 18:37 --------- d-----w C:\Program Files\Common Files\Real
2008-02-17 10:18 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2008-02-16 23:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 04:19 --------- d--h--w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2008-01-29 20:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-21 03:49 --------- d-----w C:\Program Files\GameHouse
2008-01-21 02:00 --------- d-----w C:\Program Files\PlayFirst
2008-01-20 15:19 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PlayFirst
2008-01-20 03:42 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Oberon Games
2008-01-20 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-11 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-10 12:47 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-01-07 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-01-07 01:22 --------- d-----w C:\Program Files\Yahoo! Games
2008-01-06 06:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\My Games
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-01 01:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-10-19 21:38 11,052,037 ----a-w C:\Documents and Settings\HP_Owner\Application Data\HCSetup2.0_IW.5.1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 18:01 43008]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-26 17:35 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-08-07 14:36 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 20:28 286720]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"VTTimer"="VTTimer.exe" [2004-03-26 23:07 49152 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 01:31 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-07 16:20 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 07:31:38 241664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-09 18:56:20 196608]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 16:33:32 16423]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gpxtlrjp]
gpxtlrjp.dll 2008-02-28 22:14 33856 C:\WINDOWS\system32\gpxtlrjp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-27 09:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-27 09:36]
S1 nwlnknbb;nwlnknbb;C:\WINDOWS\system32\drivers\nwlnknbb.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-02-21 19:50]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

.
Contents of the 'Scheduled Tasks' folder
"2007-08-05 10:12:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-26 10:54:20 C:\WINDOWS\Tasks\WebReg 20080226055419.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe_/TaskName 20080226055419 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 11:39:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
-> C:\WINDOWS\system32\gpxtlrjp.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\gpxtlrjp.dll
.
Completion time: 2008-03-01 11:40:17
ComboFix-quarantined-files.txt 2008-03-01 16:40:08
ComboFix2.txt 2008-03-01 16:24:05
.
2008-03-01 14:14:32 --- E O F ---



My new Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:23 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Turbo Pizza\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gpxtlrjp - C:\WINDOWS\SYSTEM32\gpxtlrjp.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7420 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 01 March 2008 - 01:17 PM

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\mdmsxvqi.dll
C:\WINDOWS\system32\gpxtlrjp.dll
C:\WINDOWS\system32\eqasugqe.dll
C:\WINDOWS\system32\mgraujca.dll
C:\WINDOWS\system32\ilfjiujp.dll
C:\WINDOWS\system32\bmtofslc.dll
C:\WINDOWS\system32\plyfgrld.dll
C:\WINDOWS\system32\ugfxrdug.dll
C:\WINDOWS\system32\xjmslabk.dll
C:\WINDOWS\SYSTEM32\gpxtlrjp.dll
C:\WINDOWS\system32\dhyksfvl.ini
C:\WINDOWS\system32\edgvklsq.dll
C:\WINDOWS\system32\waoolfcx.ini
C:\WINDOWS\system32\jugvmten.dll
C:\WINDOWS\system32\iwliacex.ini
C:\WINDOWS\pskt.ini
Dirlook::
C:\WINDOWS\system32\fs7
Driver::
MSControlService
nwlnknbb
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gpxtlrjp]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Edited by miekiemoes, 01 March 2008 - 01:18 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 01 March 2008 - 02:15 PM

New Combofix log:

ComboFix 08-03-01.3 - HP_Owner 2008-03-01 13:51:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.179 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: sfxcmd=C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bmtofslc.dll
C:\WINDOWS\system32\dhyksfvl.ini
C:\WINDOWS\system32\edgvklsq.dll
C:\WINDOWS\system32\eqasugqe.dll
C:\WINDOWS\SYSTEM32\gpxtlrjp.dll
C:\WINDOWS\system32\gpxtlrjp.dll
C:\WINDOWS\system32\ilfjiujp.dll
C:\WINDOWS\system32\iwliacex.ini
C:\WINDOWS\system32\jugvmten.dll
C:\WINDOWS\system32\mdmsxvqi.dll
C:\WINDOWS\system32\mgraujca.dll
C:\WINDOWS\system32\plyfgrld.dll
C:\WINDOWS\system32\ugfxrdug.dll
C:\WINDOWS\system32\waoolfcx.ini
C:\WINDOWS\system32\xjmslabk.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bmtofslc.dll
C:\WINDOWS\system32\dhyksfvl.ini
C:\WINDOWS\system32\edgvklsq.dll
C:\WINDOWS\system32\eqasugqe.dll
C:\WINDOWS\system32\gpxtlrjp.dll
C:\WINDOWS\system32\ilfjiujp.dll
C:\WINDOWS\system32\iwliacex.ini
C:\WINDOWS\system32\jugvmten.dll
C:\WINDOWS\system32\mdmsxvqi.dll
C:\WINDOWS\system32\mgraujca.dll
C:\WINDOWS\system32\plyfgrld.dll
C:\WINDOWS\system32\ugfxrdug.dll
C:\WINDOWS\system32\waoolfcx.ini
C:\WINDOWS\system32\xjmslabk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\LEGACY_NWLNKNBB
-------\MSControlService
-------\nwlnknbb


((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-03-01 09:13 . 2008-03-01 09:13 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 22:39 . 2008-02-29 22:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-29 22:39 . 2008-02-29 22:39 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-02-29 22:39 . 2008-02-29 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-28 18:21 . 2008-02-28 19:21 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-28 17:38 . 2008-02-28 17:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\DoctorWeb
2008-02-27 15:23 . 2008-02-27 17:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 15:23 . 2008-02-27 17:53 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-02-27 15:23 . 2008-02-27 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 10:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 10:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 10:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 09:36 . 2008-02-27 09:36 <DIR> d-------- C:\Program Files\COMODO
2008-02-27 09:36 . 2008-02-27 09:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Comodo
2008-02-27 09:36 . 2008-02-27 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-27 09:36 . 2008-02-27 09:36 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-02-27 09:36 . 2008-02-27 09:36 84,856 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-02-27 09:36 . 2008-02-27 09:36 23,800 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-02-26 21:52 . 2008-02-26 21:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-26 20:43 . 2008-02-26 21:52 4,658 --a------ C:\WINDOWS\unins000.dat
2008-02-26 20:22 . 2008-02-26 20:22 <DIR> d-------- C:\WINDOWS\system32\fs7
2008-02-26 06:42 . 2008-02-26 06:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 06:42 . 2008-02-26 06:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 15:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-27 15:38 --------- d-----w C:\Program Files\Symantec
2008-02-27 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-27 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 02:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-21 18:37 --------- d-----w C:\Program Files\Common Files\Real
2008-02-17 10:18 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2008-02-16 23:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 04:19 --------- d--h--w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2008-01-29 20:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-21 03:49 --------- d-----w C:\Program Files\GameHouse
2008-01-21 02:00 --------- d-----w C:\Program Files\PlayFirst
2008-01-20 15:19 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PlayFirst
2008-01-20 03:42 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Oberon Games
2008-01-20 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-11 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-10 12:47 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-01-07 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-01-07 01:22 --------- d-----w C:\Program Files\Yahoo! Games
2008-01-06 06:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\My Games
2007-11-01 01:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-10-19 21:38 11,052,037 ----a-w C:\Documents and Settings\HP_Owner\Application Data\HCSetup2.0_IW.5.1.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\fs7 ----

2008-01-05 16:48 126976 --a------ C:\WINDOWS\system32\fs7\cilcstat01.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 18:01 43008]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-26 17:35 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-08-07 14:36 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 20:28 286720]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"VTTimer"="VTTimer.exe" [2004-03-26 23:07 49152 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 01:31 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-07 16:20 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 07:31:38 241664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-09 18:56:20 196608]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 16:33:32 16423]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gpxtlrjp]
gpxtlrjp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-27 09:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-27 09:36]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-02-21 19:50]

.
Contents of the 'Scheduled Tasks' folder
"2007-08-05 10:12:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-26 10:54:20 C:\WINDOWS\Tasks\WebReg 20080226055419.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe_/TaskName 20080226055419 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 13:56:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-01 14:00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 19:00:02
ComboFix2.txt 2008-03-01 16:40:18
ComboFix3.txt 2008-03-01 16:24:05
.
2008-03-01 14:14:32 --- E O F ---



New Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:09 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Turbo Pizza\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7120 bytes

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 02 March 2008 - 04:18 AM

Hi,

Please navigate to and delete the following folder:

C:\WINDOWS\system32\fs7

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gpxtlrjp]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Then, reinstall your Norton Antivirus, because it got corrupted.
In case you don't want to reinstall it and want to install another Antivirus instead, uninstall your Norton.
* To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Also read the next article in case you're having problems with uninstalling Norton if above instructions didn't work, or noticed problems after uninstalling Norton: http://basconotw.mvps.org/SymRem.htm

If you uninstalled it, you should install another Antivirus instead. Look in my signature below for the ones I recommend. Only install 1 Antivirus!

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.



Post a new HijackThislog in your next reply after performing above steps.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 02 March 2008 - 01:49 PM

I am having problems with Comodo disabling my internet. At first I thought it was a problem with my service provider, but after speaking to their technical support I was told was most likely my firewall, or more specifically Norton conflicting with Comodo and I needed to uninstall Norton. After I read your info and Norton was completely uninstalled Comodo still kept my internet from working. I was wondering if you knew why this is or how I might be able to fix this problem.

Also, after I downloaded my antivirus software it automatically did a scan and found multiple viruses on my computer. So even though I'm not getting any error messages and my computer is working so much better (THANK YOU), I'm worried that there are still some hidden problems.

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:18 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Turbo Pizza\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6716 bytes

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 02 March 2008 - 02:07 PM

Hi,

Also, after I downloaded my antivirus software it automatically did a scan and found multiple viruses on my computer.

Most probably this scan was done before you uninstalled Combofix which may explain it. Because the scan would find the files Combofix quarantined (present in the Qoobox) and some files in your System Restore points.

We'll perform a new online scan in a minute..

Make sure you have uninstalled Combofix first.

Also, for your Comodo, If your comodo disables your Internet, do you mean it disables internet connection in general or only when you use Internet Explorer? Because i've seen this a couple of times where a Windows update modifies files related with Internet Explorer, Comodo gives an alert about that and people decide to block it. That may explain a lot.
Anyway, I suggest you uninstall Comodo and reinstall it again and leave it with the default settings. If Comodo gives an alert, you're not supposed to block every Alert. That's a common mistake many make when they install a firewall. They block every program - so it's normal that for example Internet won't work anymore in such cases.

For the online scan...

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 02 March 2008 - 09:52 PM

Comodo was disabling my internet connection, through I.E. and Firefox. I did uninstall and then reinstall it, and now I am not having any problems with my internet connection and Comodo. Thank you!

Here is my Kaspersky report:

Sunday, March 02, 2008 9:41:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/03/2008
Kaspersky Anti-Virus database records: 593820

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 106488
Number of viruses found 12
Number of infected objects 49
Number of suspicious objects 0
Duration of the scan process 02:13:52

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0653c1bdb113f0aa6e2b773b7c8e6fd4_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08c0f9b960ce19fb97c8c2c019082a2c_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2706d2f1c2774daf3623ae31a01eecac_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2825485e24a4047b365c7c1436b6a0d7_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\291be1b57a47de57a3a3e8119c3110db_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d3d5c1a53250b2052ae42293b10fc61_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47055118f6c31c88a5d42db6338edc1f_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\582db1570aa402aefa200d0b36bb7b6c_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7de9c3969839eccd7221d687d7f348d7_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b2ccb5292523ae3414622513ed2d11a_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9faeb414b100a029058257ea4af7d4ed_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5f2205c513ea7b9b24f2c78600c1805_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c418b0171aa88ccd16a0f256544f1c9b_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d41a7e8373dc082305b99c3548d21c12_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4a533d79591e6d02e2027f8eb16c746_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc660a2cead3b3d1ed0445fb06807bcf_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0e698b1a510df872522aec3d7d2a299_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e158ea90bd3ff080da64c971bfd07c3c_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4cdb18b9dba359aa6d1aeed6d9f1000_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e93c09fa9962d0002c0ddd7f8d0f4c89_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5f21e606170404875ba4eb1865d499_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee495d0f1c03d827cf3e174dc7e67a87_feb0f559-6d97-4b9c-9afb-b86a1fb262bc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/BraveSentry.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/BraveSentry0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/BraveSentry2.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/BraveSentry3.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 4 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/desktop.html Infected: not-virus:Hoax.Win32.Renos.cy skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/BraveSentry.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/BraveSentry0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/BraveSentry2.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/BraveSentry3.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: infected - 4 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/retadpu572.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/retadpu1000106.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/retadpu27.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip/retadpu572.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.0/webbuying.exe Infected: not-a-virus:AdWare.Win32.Agent.ta skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiSpyware.zip/WAS7Mon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiSpyware.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xorpixa.zip/bot.dll Infected: Email-Worm.Win32.Zhelatin.gh skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xorpixa.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1281OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1281OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1281OinUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip/Yazzle1281OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle3.zip/Yazzle1281OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle3.zip/Yazzle1281OinUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle3.zip ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip/modsregn.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch2.zip/dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch2.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch4.zip/pwinpndt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch4.zip ZIP: infected - 1 skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\ahceigai.dll.bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\cmp638[1].bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\kggnrxna.dll.bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\mteuittv.dll.bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\pfbawjkf.dll.bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\prhcbxpi.dll.bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\xhewpwbj.dll.bac_a00896 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\cert8.db Object is locked skipped

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\history.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\key3.db Object is locked skipped

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\parent.lock Object is locked skipped

C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 01 - Out Of This World.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 02 - Watching Me Fall.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 03 - Where The Birds Always Sing.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 04 - Maybe Someday.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 05 - The Last Day of Summer.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 06 - There Is No If ....mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 07 - The Loudest Song.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 08 - 39.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Bloodflowers (2000)\The Cure - 09 - Bloodflowers.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\cure-the_boys-dont-cry-back.jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 01 - Boys Don't Cry.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 02 - Plastic Passion.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 03 - 10.15 Saturday Night.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 04 - Accuracy.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 05 - So What.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 06 - Jumping Someone Else's Train.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 07 - Subway Song.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 08 - Killing An Arab.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 09 - Fire In Cairo.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 10 - Another Day.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 11 - Grinding Halt.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\The Cure - 12 - Three Imaginary Boys.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Boys Don't Cry (1980)\the_cure_-_boys_dont_cry_front.jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 01 - Plainsong.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 02 - Pictures Of You.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 03 - Closedown.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 04 - Love Song.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 05 - Last Dance.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 06 - Lullaby.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 07 - Fascination Street.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 08 - Prayers For Rain.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 09 - The Same Deep Water As You.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 10 - Disintegration.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 11 - Homesick.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Disintegration (1989)\The Cure - 12 - Untitled.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 01 - The Holy Hour.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 02 - Primary.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 03 - Other Voices.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 04 - All Cats Are Grey.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 05 - The Funeral Party.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 06 - Doubt.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 07 - The Drowning Man.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Faith (1981)\The Cure - 08 - Faith.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 01 - Why Can't I Be You-.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 02 - Catch.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 03 - Just Like Heaven.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 04 - Hot Hot Hot!!!.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 05 - Lullaby.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 06 - Facination Street.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 07 - Love Song.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 08 - Pictures Of You.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 09 - Never Enough.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 10 - Close To Me.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 11 - High.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 12 - Friday I'm In Love.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 13 - A Letter To Elise.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 14 - The 13th.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 15 - Mint Car.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 16 - Strange Attraction.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 17 - Gone!.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - 18 - Wrong Number.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - Galore_Back.jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Galore (1997)\The Cure - Galore_Front.jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 01 - Let's Go To Bed.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 02 - The Dream.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 03 - Just One Kiss.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 04 - The Upstairs Room.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 05 - The Walk.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 06 - Speak My Language.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 07 - La Ment.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - 08 - The Lovecats.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - Japanese Whisper_(Back).jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Japanese Whisper (1983)\The Cure - Japanese Whisper_(Front).jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 01 - The Kiss.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 02 - Catch.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 03 - Torture.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 04 - If Only Tonight We Could Sleep.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 05 - Why Can't I Be You-.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 06 - How Beautiful You Are.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 07 - The Snakepit.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 08 - Just Like Heaven.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 09 - All I Want.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 10 - Hot Hot Hot!!!.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 11 - One More Time.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 12 - Like Cockatoos.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 13 - Icing Sugar.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 14 - The Perfect Girl.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 15 - A Thousand Hours.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 16 - Shiver And Shake.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Kiss Me Kiss Me (1987)\The Cure - 17 - Fight.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 01 - Lullaby (Extended Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 02 - Close To Me (Closer Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 03 - Fascination Street (Extended Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 04 - The Walk (Everything Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 05 - Lovesong (Extended Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 06 - A Forest (Tree Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 07 - Pictures of You (Extended Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 08 - Hot Hot Hot!!! (Extended Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 09 - The Caterpillar (Flicker Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 10 - Inbetween Days (Shiver Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Mixed Up (1990)\The Cure - 11 - Never Enough (Big Mix).mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 01 - One Hundred Years.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 02 - A Short Term Effect.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 03 - The Hanging Garden.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 04 - Siamese Twins.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 05 - The Figurehead.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 06 - A Strange Day.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 07 - Cold.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Pornography (1982)\The Cure - 08 - Pornography.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 01 - A Reflection.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 02 - Play For Today.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 03 - Secrets.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 04 - In Your House.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 05 - Three.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 06 - The Final Sound.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 07 - A Forest.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 08 - M.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 09 - At Night.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Seventeen Seconds (1980)\The Cure - 10 - Seventeen Seconds.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 01 - Killing An Arab - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 02 - 10-15 Saturday Night - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 03 - Boys Don't Cry - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 04 - Jumping Someone Else's Train - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 05 - A Forest - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 06 - Play For Today - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 07 - Primary - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 08 - Other Voices - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 09 - Charlotte Sometimes - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 10 - The Hanging Garden - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 11 - Let's Go To Bed - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 12 - The Walk - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 13 - The Love Cats - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 14 - The Caterpillar - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 15 - In Between Days - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 16 - Close To Me - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Staring At The Sea - The Singles (1986)\The Cure - 17 - A Night Like This - The Cure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\1-Lost.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\10-Never.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\11-The Promise.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\2-Labyrinth.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\3-Before Three.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\4-The End Of The World.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\5-Anniversary.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\6-Us Or Them.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\7-Alt.end.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\8-(I Dont Know Whats Going) On.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\9-Taking Off.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\KerrazY-Torrents_-_Depereo.nfo Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Cure (2004)\The Cure.jpg Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 01 - In Between Days.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 02 - Kyoto Song.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 03 - The Blood.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 04 - Six Different Ways.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 05 - Push.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 06 - The Baby Screams.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 07 - Close to Me.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 08 - A Night Like This.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 09 - Screw.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Head On The Door (1985)\The Cure - 10 - Sinking.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 01 - Shake Dog Shake.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 02 - Birdmad Girl.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 03 - Wailing Wall.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 04 - Give Me It.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 05 - Dressing Up.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 06 - The Caterpillar.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 07 - Piggy In The Mirror.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 08 - The Empty World.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 09 - Bananafishbones.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - The Top (1984)\The Cure - 10 - The Top.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 01 - 10.15 Saturday Night.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 02 - Accuracy.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 03 - Grinding Halt.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 04 - Another Day.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 05 - Object.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 06 - Subway Song.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 07 - Foxy Lady.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 08 - Meat Hook.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 09 - So What.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 10 - Fire In Cairo.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 11 - It's Not You.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 12 - Three Imaginary Boys.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Three Imaginary Boys (1979)\The Cure - 13 - The Weedy Burton.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 01 - Want.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 02 - Club America.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 03 - This Is A Lie.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 04 - The 13Th.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 05 - Strange Attraction.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 06 - Mint Car.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 07 - Jupiter Crash.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 08 - Round & Round & Round.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 09 - Gone!.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 10 - Numb.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 11 - Return.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 12 - Trap.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 13 - Treasure.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wild Mood Swings (1996)\The Cure - 14 - Bare.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 01 - Open.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 02 - High.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 03 - Apart.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 04 - From the Edge of the Deep Green Sea.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 05 - Wendy Time.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 06 - Doing the Unstuck.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 07 - Friday I'm In Love.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 08 - Trust.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 09 - A Letter to Elise.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 10 - Cut.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 11 - To Wish Impossible Things.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Desktop\torrent songs\The Cure - The Collection ( 17 albums from 1979-2004)\The Cure - Wish (1992)\The Cure - 12 - End.mp3 Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mff75ocz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{C415A869-5E40-48BB-ABEE-F135A71DA59A}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_648.dat Object is locked skipped

C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:52 PM

Posted 03 March 2008 - 02:58 AM

Hi,

Comodo was disabling my internet connection, through I.E. and Firefox. I did uninstall and then reinstall it, and now I am not having any problems with my internet connection and Comodo.

As I thought.. Most probably you have blocked things you were not supposed to block anyway. Good it is working properly now.

What Kaspersky found are just files that were already deleted by Spybot S&D and housecall.
To delete them, open your Spybot s&d, select the option quarantine and select to delete what it quarantined.

For the housecall scan, to delete the files, just delete the C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine folder.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 PM

Posted 03 March 2008 - 07:55 PM

My computer seems to be running fine now. No error messages, no pop-ups, and no other problems.

I was wondering though about not being able to delete a file/folder. In the Kaspersky report it showed "The Cure" files. I've been trying to delete them for a long time, but whenever I try it says "access denied" and I get the same response if I try to move any/all of the files or open them. I didn't know if that meant the files where infected since they came up in the Kaspersky report.

Also, I have asked other people this, but I just wanted to make sure this is correct. When running a firewall (like Comodo) I should have my Windows firewall disabled, right? I've been told to do so in the past, but I just want to make sure that is the right thing to do.

I cannot thank you enough for all the help you have given me. In a few days you have drastically improved my computer. Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users