Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Malware/Spyware


  • This topic is locked This topic is locked
15 replies to this topic

#1 BSpike

BSpike

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 18 February 2009 - 09:22 PM

Thank You so much

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 21:18:29.48 on Wed 02/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2633 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning enabled* (Updated)
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/default
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [EPSON Stylus CX5800F Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: trymedia.com
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176940033546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: pmnkHYPF - pmnkHYPF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtrOggF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\q9r7n8t0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 12080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\q9r7n8t0.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-17 138680]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-6-28 66048]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-27 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-12-23 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-17 352920]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-12-23 334352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-12-23 49680]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2008-12-23 492888]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-12-23 677128]

=============== Created Last 30 ================

2009-02-18 21:12 <DIR> --d----- c:\program files\Cobian Backup 9
2009-02-17 21:16 3,768 a--sh--- c:\windows\system32\QsCdKnmp.ini2
2009-02-17 14:36 302,592 a------- c:\windows\system32\wvUkKaay(2).dll
2009-02-17 06:40 368 a--sh--- c:\windows\system32\FggOrtwa.ini
2009-02-17 05:40 6,220 a------- c:\windows\system32\vtUkhffD.dll
2009-02-17 04:39 6,220 a------- c:\windows\system32\khfDwxyx.dll
2009-02-17 03:38 6,220 a------- c:\windows\system32\nnnnKeda.dll
2009-02-17 02:37 6,220 a------- c:\windows\system32\opnnomJd.dll
2009-02-17 01:37 6,220 a------- c:\windows\system32\yayaXOHb.dll
2009-02-17 00:36 6,220 a------- c:\windows\system32\mljGWoOg.dll
2009-02-16 23:35 6,220 a------- c:\windows\system32\ssqonOhg.dll
2009-02-16 22:35 6,220 a------- c:\windows\system32\wvULbXNH.dll
2009-02-16 21:35 6,220 a------- c:\windows\system32\xxywTLfd.dll
2009-02-16 20:34 6,220 a------- c:\windows\system32\fccyvWNg.dll
2009-02-16 19:34 6,220 a------- c:\windows\system32\pmnlihHb.dll
2009-02-16 18:33 6,220 a------- c:\windows\system32\rqRJDsrQ.dll
2009-02-16 17:33 6,220 a------- c:\windows\system32\nnnoLFyA.dll
2009-02-16 16:32 6,220 a------- c:\windows\system32\iifdbXRL.dll
2009-02-16 15:31 6,220 a------- c:\windows\system32\xxyVPfEU.dll
2009-02-16 14:31 6,220 a------- c:\windows\system32\vtUMgHwv.dll
2009-02-16 13:30 6,220 a------- c:\windows\system32\rqRJAtRI.dll
2009-02-16 12:29 6,220 a------- c:\windows\system32\pmnoOEWn.dll
2009-02-16 09:49 6,220 a------- c:\windows\system32\nnnoOeBu.dll
2009-02-16 08:49 6,220 a------- c:\windows\system32\nnnlmKbC.dll
2009-02-16 07:48 6,220 a------- c:\windows\system32\opnlKAsR.dll
2009-02-16 06:48 6,220 a------- c:\windows\system32\khfEWOGx.dll
2009-02-16 05:47 6,220 a------- c:\windows\system32\mlJDvSkh.dll
2009-02-16 04:46 6,220 a------- c:\windows\system32\pmnoPjKB.dll
2009-02-16 03:45 6,220 a------- c:\windows\system32\opnnkjkH.dll
2009-02-16 02:45 6,220 a------- c:\windows\system32\hgGxWpPi.dll
2009-02-16 01:44 6,220 a------- c:\windows\system32\hgGabYOe.dll
2009-02-16 00:43 6,220 a------- c:\windows\system32\ssqPfefd.dll
2009-02-15 23:42 6,220 a------- c:\windows\system32\iifCrOIX.dll
2009-02-15 22:42 6,220 a------- c:\windows\system32\vtUmmLdB.dll
2009-02-15 21:41 6,220 a------- c:\windows\system32\mljKCSml.dll
2009-02-15 16:43 6,220 a------- c:\windows\system32\urqPfEwV.dll
2009-02-15 15:43 6,220 a------- c:\windows\system32\rqRJAsts.dll
2009-02-15 14:43 6,220 a------- c:\windows\system32\mlJDtrRk.dll
2009-02-15 05:13 6,220 a------- c:\windows\system32\khfCuVmk.dll
2009-02-15 04:12 6,220 a------- c:\windows\system32\pmnllihe.dll
2009-02-15 03:11 6,220 a------- c:\windows\system32\wvUmnKax.dll
2009-02-15 02:11 6,220 a------- c:\windows\system32\rqRKDtUm.dll
2009-02-14 23:35 6,220 a------- c:\windows\system32\geBuvSMc.dll
2009-02-14 22:34 6,220 a------- c:\windows\system32\rqRICVPG.dll
2009-02-14 21:34 6,220 a------- c:\windows\system32\rqRHAroP.dll
2009-02-14 20:34 6,220 a------- c:\windows\system32\wvULFwXq.dll
2009-02-14 20:29 5,888 a------- c:\windows\system32\gEWNebXP.dll
2009-02-14 18:55 3,189 a------- c:\windows\system32\tversity.cookies
2009-02-11 03:01 <DIR> --d----- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-02-09 14:18 1,409 a------- c:\windows\system32\tmpC375E.FOT
2009-02-09 14:18 1,409 a------- c:\windows\system32\tmp3265E.FOT
2009-02-08 17:03 1,409 a------- c:\windows\system32\tmpD2D4A.FOT
2009-02-08 17:03 1,409 a------- c:\windows\system32\tmp8FD4A.FOT
2009-02-08 17:03 1,409 a------- c:\windows\system32\tmp77B4A.FOT
2009-02-08 17:03 1,409 a------- c:\windows\system32\tmp3CE4A.FOT
2009-02-08 17:03 1,409 a------- c:\windows\system32\tmp24C4A.FOT
2009-02-08 17:03 1,409 a------- c:\windows\system32\tmpD8A4A.FOT
2009-01-27 20:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-01-27 16:33 203,540 a------- c:\windows\system32\nvapps.nvb
2009-01-27 16:33 <DIR> --d----- c:\windows\NV16362028.TMP
2009-01-27 16:33 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-27 16:32 197,486 a------- c:\windows\system32\nvapps.xml
2009-01-27 16:30 <DIR> --d----- c:\windows\nview
2009-01-27 16:30 453,152 a----r-- c:\windows\system32\nvuninst.exe
2009-01-27 16:30 453,152 a------- c:\windows\system32\nvudisp.exe
2009-01-27 16:30 18,537 a------- c:\windows\system32\nvdisp.nvu
2009-01-23 21:58 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-02-16 01:26 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-02-14 19:01 210,418 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-03 06:24 81,920 a------- c:\windows\system32\frapsvid.dll
2008-12-30 18:36 70,324 a---h--- c:\windows\system32\mlfcache.dat
2008-12-27 18:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-27 18:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-27 18:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-23 14:26 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2008-12-23 14:26 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-23 14:26 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2008-12-23 14:26 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2008-12-23 14:26 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-01 14:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 14:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 14:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-11-21 12:39 157,428 a------- c:\windows\hpoins27.dat
2007-02-27 11:42 936 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-07-05 14:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070520080706\index.dat

============= FINISH: 21:18:49.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 19 February 2009 - 04:24 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 23 February 2009 - 10:20 PM

1. Malwarebytes'

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 234916
Time elapsed: 1 hour(s), 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 47

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP751\A0092252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP753\A0093717.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkKaay(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxywTLfd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBuvSMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlKAsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnkjkH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnomJd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRHAroP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRICVPG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJAsts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJAtRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJDsrQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKDtUm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlmKbC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnKeda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoLFyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoOeBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlihHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnllihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoOEWn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoPjKB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPfEwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gEWNebXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGabYOe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGxWpPi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifCrOIX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdbXRL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJDtrRk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJDvSkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mljGWoOg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mljKCSml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyVPfEU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaXOHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqonOhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPfefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvULbXNH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvULFwXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmnKax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyvWNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCuVmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDwxyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEWOGx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkhffD.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUMgHwv.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmmLdB.dll (Trojan.vundo) -> Quarantined and deleted successfully.

#4 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 23 February 2009 - 10:26 PM

I will upload the second steps!

sorry heres the other one I uploaded the same one twice

Attached Files

  • Attached File  info.txt   29.66KB   17 downloads
  • Attached File  log.txt   47.77KB   20 downloads
  • Attached File  log.txt   47.77KB   3 downloads


#5 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 23 February 2009 - 10:52 PM

Heres the GMER log. Thank you so much for your time!

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 24 February 2009 - 06:41 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 February 2009 - 09:42 AM

ComboFix LOG.....

ComboFix 09-02-21.01 - HP_Administrator 2009-02-24 9:17:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2932 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\FggOrtwa.ini
c:\windows\system32\QsCdKnmp.ini2
c:\windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-23 22:27 . 2009-02-23 22:27 250 --a------ c:\windows\gmer.ini
2009-02-23 22:21 . 2009-02-23 22:52 <DIR> d-------- C:\rsit
2009-02-23 20:24 . 2009-02-23 20:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 20:24 . 2009-02-23 20:24 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-23 20:24 . 2009-02-23 20:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 20:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 20:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 17:22 . 2009-02-19 17:22 <DIR> d-------- C:\VundoFix Backups
2009-02-18 21:12 . 2009-02-18 21:12 <DIR> d-------- c:\program files\Cobian Backup 9
2009-02-14 18:55 . 2009-02-24 01:13 3,185 --a------ c:\windows\system32\tversity.cookies
2009-02-11 03:01 . 2009-02-11 03:01 <DIR> d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-02-09 14:18 . 2009-02-09 14:18 1,409 --a------ c:\windows\system32\tmpC375E.FOT
2009-02-09 14:18 . 2009-02-09 14:18 1,409 --a------ c:\windows\system32\tmp3265E.FOT
2009-02-08 17:03 . 2009-02-08 17:03 1,409 --a------ c:\windows\system32\tmpD8A4A.FOT
2009-02-08 17:03 . 2009-02-08 17:03 1,409 --a------ c:\windows\system32\tmpD2D4A.FOT
2009-02-08 17:03 . 2009-02-08 17:03 1,409 --a------ c:\windows\system32\tmp8FD4A.FOT
2009-02-08 17:03 . 2009-02-08 17:03 1,409 --a------ c:\windows\system32\tmp77B4A.FOT
2009-02-08 17:03 . 2009-02-08 17:03 1,409 --a------ c:\windows\system32\tmp3CE4A.FOT
2009-02-08 17:03 . 2009-02-08 17:03 1,409 --a------ c:\windows\system32\tmp24C4A.FOT
2009-01-27 20:15 . 2009-01-27 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-01-27 16:33 . 2009-01-27 16:33 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-27 16:33 . 2009-01-27 16:35 <DIR> d-------- c:\windows\NV16362028.TMP
2009-01-27 16:33 . 2009-01-27 16:33 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-27 16:33 . 2008-11-13 03:20 203,540 --a------ c:\windows\system32\nvapps.nvb
2009-01-27 16:32 . 2009-02-24 09:25 197,486 --a------ c:\windows\system32\nvapps.xml
2009-01-27 16:30 . 2009-01-27 16:35 <DIR> d-------- c:\windows\nview
2009-01-27 16:30 . 2008-11-12 01:54 453,152 -ra------ c:\windows\system32\nvuninst.exe
2009-01-27 16:30 . 2008-11-12 01:54 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-01-27 16:30 . 2008-11-12 01:54 18,537 --a------ c:\windows\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 14:25 --------- d-----w c:\program files\DNA
2009-02-24 14:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\DNA
2009-02-20 02:19 --------- d-----w c:\program files\eMedia Guitar Method
2009-02-19 23:35 --------- d-----w c:\program files\World of Warcraft
2009-02-19 22:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\HPAppData
2009-02-19 22:05 --------- d-----w c:\program files\PeerGuardian2
2009-02-19 22:05 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-02-19 00:34 --------- d-----w c:\program files\Trend Micro
2009-02-18 17:33 --------- d-----w c:\program files\HP Games
2009-02-18 15:45 --------- d-----w c:\program files\AskBarDis
2009-02-18 04:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\FrostWire
2009-02-18 04:11 --------- d-----w c:\program files\Google
2009-02-18 02:28 --------- d-----w c:\program files\oovooToolbar
2009-02-15 01:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-28 01:16 --------- d-----w c:\program files\AIM6
2009-01-28 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-28 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-01-27 21:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 02:58 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-24 02:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
2009-01-16 02:39 --------- d-----w c:\program files\FrostWire
2009-01-16 02:29 --------- d-----w c:\program files\LimeWire
2009-01-15 00:39 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\IObit
2009-01-13 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2009-01-13 00:37 --------- d-----w c:\program files\TVersity Codec Pack
2009-01-13 00:37 --------- d-----w c:\program files\ffdshow
2009-01-12 23:27 --------- d-----w c:\program files\ATI Technologies
2009-01-11 03:02 --------- d-----w c:\program files\IObit
2009-01-11 02:50 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Uniblue
2009-01-11 01:41 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
2009-01-10 23:29 --------- d-----w c:\program files\TVersity
2008-12-29 20:54 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\ErrorFix
2008-12-28 00:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Logitech
2008-12-27 23:59 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2008-12-27 23:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-27 23:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-27 23:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-27 23:58 --------- d-----w c:\program files\Common Files\Logishrd
2008-12-27 23:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 23:57 --------- d-----w c:\program files\Logitech
2008-12-27 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2007-02-27 16:42 936 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-07-05 19:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070520080706\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 22:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"EPSON Stylus CX5800F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-09 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 81920]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-23 970808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-06-23 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-09-15 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-15 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 809488]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-15 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:WoW
"8087:TCP"= 8087:TCP:WoW
"9081:TCP"= 9081:TCP:WoW
"9090:TCP"= 9090:TCP:WoW
"9097:TCP"= 9097:TCP:WoW
"9100:TCP"= 9100:TCP:WoW
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-06-28 66048]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-27 10384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-12-23 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-12-23 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-12-23 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-12-23 677128]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-12-23 334352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377af514-5a8b-11dc-a7a9-0018f36286ee}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc1cee7-efd8-11dc-a80a-0018f36286ee}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-23 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []

2009-02-23 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
Notify-pmnkHYPF - pmnkHYPF.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/default
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 12080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 09:24:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1432)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2009-02-24 9:39:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 14:39:41

Pre-Run: 165,905,244,160 bytes free
Post-Run: 165,885,755,392 bytes free

308 --- E O F --- 2009-02-11 08:04:15

#8 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 February 2009 - 09:43 AM

HijackThis LOG...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:35 AM, on 2/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176940033546
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13798 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 24 February 2009 - 02:12 PM

Uninstall these programs if you don't use them..

1. Ask Toolbar
2. Viewpoint Manager
3. Viewpoint Media Player
4. Viewpoint Toolbar



Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :files
    c:\windows\system32\tmp*.FOT
    
    :commands
    [purity]
    [emptytemp]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Note: BitDefender Online Scan can only be used with Internet Explorer..

Lets do an online scan with BitDefender Online Scanner
  • Click on I Agree
  • Please install the Add-ons if requested
  • Click on Start Scan
  • Let it update its virus definition.. It will then automatically scan all your files and folders..
  • If infections found, it will attempt to disinfect/delete the infection..
  • After the scan finish, click on More Detail >>
  • Go to Detected Problems tab and click on Click here to export the scan report
  • Save the report as result.html on your Desktop. Copy the whole content of result.html and paste it in Notepad
  • Save the result in the Notepad and post the contents here in your next reply


Post me these logs in your next reply..

1. OTMoveIt3
2. BitDefender
3. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 February 2009 - 04:37 PM

OTMoveIt3 Log

========== FILES ==========
c:\windows\system32\tmp24C4A.FOT moved successfully.
c:\windows\system32\tmp251AD.FOT moved successfully.
c:\windows\system32\tmp321AD.FOT moved successfully.
c:\windows\system32\tmp3265E.FOT moved successfully.
c:\windows\system32\tmp3CE4A.FOT moved successfully.
c:\windows\system32\tmp401AD.FOT moved successfully.
c:\windows\system32\tmp5D0AD.FOT moved successfully.
c:\windows\system32\tmp77B4A.FOT moved successfully.
c:\windows\system32\tmp8FD4A.FOT moved successfully.
c:\windows\system32\tmpC375E.FOT moved successfully.
c:\windows\system32\tmpD2D4A.FOT moved successfully.
c:\windows\system32\tmpD8A4A.FOT moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_u0l8Eo2b1fC7gtbTxeAD scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~ROMFN_00000C38 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_718.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_162850

Files moved on Reboot...
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_u0l8Eo2b1fC7gtbTxeAD not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~ROMFN_00000C38 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_718.dat not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9r7n8t0.default\XUL.mfl moved successfully.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 24 February 2009 - 05:41 PM

waiting for the BitDefender result.. :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 February 2009 - 06:05 PM

on its way :thumbup2: still scanning after a hour and a half :)... but will post soon thank you so much for your help my computer is already running faster

#13 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 February 2009 - 07:04 PM

It's amazing how different scanners and anti-virus' pick up so many different things... But here it is, thank you a ton for your help! Hopefully we need not do more but due to this picking up viruses still I'll keep checking back in.

BitDefender Online Scanner

Scan report generated at: Tue, Feb 24, 2009 - 18:56:35
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time


02:11:36

Files


788492

Folders


13994

Boot Sectors


0

Archives


21831

Packed Files


51910



Results

Identified Viruses


2

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4


Engines Info

Virus Definitions


2684280

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4


Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes




Scanned File


Status

C:\hp\bin\KillWind.exe


Infected with: Virtool.1992

C:\hp\bin\KillWind.exe


Deleted

C:\Program Files\Trend Micro\Internet Security\Quarantine\BD.tmp=>(Quarantine-4)


Infected with: Gen:Trojan.Heur.564E44

C:\Program Files\Trend Micro\Internet Security\Quarantine\BD.tmp=>(Quarantine-4)


Disinfection failed

C:\Program Files\Trend Micro\Internet Security\Quarantine\BD.tmp=>(Quarantine-4)


Deleted

C:\Program Files\Trend Micro\Internet Security\Quarantine\BD.tmp


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP758\A0097150.exe


Infected with: Virtool.1992

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP758\A0097150.exe


Deleted

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 24 February 2009 - 09:45 PM

Looks good to me.. Lets do some cleanup...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 BSpike

BSpike
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 25 February 2009 - 03:30 AM

Thanks a ton... computer is def. running fast now that the viruses are gone... nice little tool to speed up my computer you posted. I'm gonna give some of those tricks a try and see how that goes. On another note, how you can sit here all day and read logs is beyond me.... but greatly appreciated :thumbup2:. Thank you again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users