Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Is Smanager.7.exe? And What Do I Do To It?


  • This topic is locked This topic is locked
13 replies to this topic

#1 Mista

Mista

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 18 May 2007 - 04:17 PM

I have two processes running in my Windows TaskManager that I don't know what is .

The one is called "smanager.7.exe". I searched the Internet and found out that it is a malware/spyware but no description on how to remove it.
Can anyone help me on that?

The other one is called "iexplore.exe". I know what that is, at least I think. Because I have removed IE from my computer and then how come that it still keeps showing up?!
Can anyone help me on that too?

I will appreciate any help from anyone :thumbsup:
I can attach a HJT log if anyone wants to see one.

BC AdBot (Login to Remove)

 


#2 Mista

Mista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 20 May 2007 - 03:10 PM

Since nobody's answered I'm taking that as a yes to the post of the HiJackThis Log.
So here it is:

Logfile of HijackThis v1.99.1
Scan saved at 22:03:22, on 20-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\HP\QuickPlay\QPService.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\smanager.7.exe
C:\Programmer\Trillian\trillian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\iTunes\iTunes.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmer\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\dpwybtni.dll",realset
O4 - HKCU\..\Run: [Trillian] C:\\Programmer\\Trillian\\trillian.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: Download with Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SSScsiSV.exe

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 21 May 2007 - 02:20 AM

Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Mista

Mista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 22 May 2007 - 02:01 AM

The ComboFix Log:

"S›ren" - 2007-05-21 22:48:29 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\S›ren\Skrivebord\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bogrkiib.dll
C:\WINDOWS\system32\clromvle.dll
C:\WINDOWS\system32\dculcobi.dll
C:\WINDOWS\system32\dpwybtni.dll
C:\WINDOWS\system32\felmpucl.dll
C:\WINDOWS\system32\gtmgxlob.dll
C:\WINDOWS\system32\iqhjmukl.dll
C:\WINDOWS\system32\koeahvnt.dll
C:\WINDOWS\system32\ksjraacd.dll
C:\WINDOWS\system32\nojaijtb.dll
C:\WINDOWS\system32\oidghmrv.dll
C:\WINDOWS\system32\opqfvxvj.dll
C:\WINDOWS\system32\orkcumbw.dll
C:\WINDOWS\system32\pmnnkjh.dll
C:\WINDOWS\system32\qomlijh.dll
C:\WINDOWS\system32\qqgxassq.dll
C:\WINDOWS\system32\qrxrafsu.dll
C:\WINDOWS\system32\rblalmkn.dll
C:\WINDOWS\system32\saujtlcg.dll
C:\WINDOWS\system32\secwjtkp.dll
C:\WINDOWS\system32\soxfjjhp.dll
C:\WINDOWS\system32\wgvvkbxs.dll
C:\WINDOWS\system32\xmjyxjps.dll
C:\WINDOWS\system32\ybpvsvhl.dll
C:\WINDOWS\system32\yjbccvqg.dll
C:\WINDOWS\system32\ywcexnqk.dll
C:\WINDOWS\system32\tuvsstu.dll
C:\WINDOWS\system32\winbue32.dll
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\intbywpd.ini
C:\WINDOWS\system32\vrmhgdio.ini
C:\WINDOWS\system32\usfarxrq.ini
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\jkkkkhi.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\F‘lles filer\Yazzle1122OinUninstaller.exe
C:\WINDOWS\system32\components\flx0.dll
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\components\flx10.dll
C:\WINDOWS\system32\components\flx11.dll
C:\WINDOWS\system32\components\flx12.dll
C:\WINDOWS\system32\components\flx13.dll
C:\WINDOWS\system32\components\flx14.dll
C:\WINDOWS\system32\components\flx15.dll
C:\WINDOWS\system32\components\flx16.dll
C:\WINDOWS\system32\components\flx17.dll
C:\WINDOWS\system32\components\flx18.dll
C:\WINDOWS\system32\components\flx19.dll
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\components\flx20.dll
C:\WINDOWS\system32\components\flx21.dll
C:\WINDOWS\system32\components\flx22.dll
C:\WINDOWS\system32\components\flx23.dll
C:\WINDOWS\system32\components\flx24.dll
C:\WINDOWS\system32\components\flx25.dll
C:\WINDOWS\system32\components\flx26.dll
C:\WINDOWS\system32\components\flx27.dll
C:\WINDOWS\system32\components\flx28.dll
C:\WINDOWS\system32\components\flx29.dll
C:\WINDOWS\system32\components\flx3.dll
C:\WINDOWS\system32\components\flx30.dll
C:\WINDOWS\system32\components\flx31.dll
C:\WINDOWS\system32\components\flx32.dll
C:\WINDOWS\system32\components\flx33.dll
C:\WINDOWS\system32\components\flx34.dll
C:\WINDOWS\system32\components\flx35.dll
C:\WINDOWS\system32\components\flx36.dll
C:\WINDOWS\system32\components\flx37.dll
C:\WINDOWS\system32\components\flx38.dll
C:\WINDOWS\system32\components\flx39.dll
C:\WINDOWS\system32\components\flx4.dll
C:\WINDOWS\system32\components\flx40.dll
C:\WINDOWS\system32\components\flx41.dll
C:\WINDOWS\system32\components\flx42.dll
C:\WINDOWS\system32\components\flx43.dll
C:\WINDOWS\system32\components\flx44.dll
C:\WINDOWS\system32\components\flx45.dll
C:\WINDOWS\system32\components\flx46.dll
C:\WINDOWS\system32\components\flx47.dll
C:\WINDOWS\system32\components\flx48.dll
C:\WINDOWS\system32\components\flx49.dll
C:\WINDOWS\system32\components\flx5.dll
C:\WINDOWS\system32\components\flx50.dll
C:\WINDOWS\system32\components\flx51.dll
C:\WINDOWS\system32\components\flx52.dll
C:\WINDOWS\system32\components\flx53.dll
C:\WINDOWS\system32\components\flx54.dll
C:\WINDOWS\system32\components\flx55.dll
C:\WINDOWS\system32\components\flx56.dll
C:\WINDOWS\system32\components\flx57.dll
C:\WINDOWS\system32\components\flx58.dll
C:\WINDOWS\system32\components\flx59.dll
C:\WINDOWS\system32\components\flx6.dll
C:\WINDOWS\system32\components\flx60.dll
C:\WINDOWS\system32\components\flx61.dll
C:\WINDOWS\system32\components\flx62.dll
C:\WINDOWS\system32\components\flx63.dll
C:\WINDOWS\system32\components\flx64.dll
C:\WINDOWS\system32\components\flx65.dll
C:\WINDOWS\system32\components\flx66.dll
C:\WINDOWS\system32\components\flx67.dll
C:\WINDOWS\system32\components\flx68.dll
C:\WINDOWS\system32\components\flx69.dll
C:\WINDOWS\system32\components\flx7.dll
C:\WINDOWS\system32\components\flx70.dll
C:\WINDOWS\system32\components\flx71.dll
C:\WINDOWS\system32\components\flx72.dll
C:\WINDOWS\system32\components\flx73.dll
C:\WINDOWS\system32\components\flx74.dll
C:\WINDOWS\system32\components\flx75.dll
C:\WINDOWS\system32\components\flx76.dll
C:\WINDOWS\system32\components\flx77.dll
C:\WINDOWS\system32\components\flx78.dll
C:\WINDOWS\system32\components\flx79.dll
C:\WINDOWS\system32\components\flx8.dll
C:\WINDOWS\system32\components\flx80.dll
C:\WINDOWS\system32\components\flx81.dll
C:\WINDOWS\system32\components\flx82.dll
C:\WINDOWS\system32\components\flx83.dll
C:\WINDOWS\system32\components\flx84.dll
C:\WINDOWS\system32\components\flx85.dll
C:\WINDOWS\system32\components\flx86.dll
C:\WINDOWS\system32\components\flx87.dll
C:\WINDOWS\system32\components\flx9.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wtscc.exe
C:\Programmer\inetget2
C:\Programmer\vsadd-in
C:\WINDOWS\system32\components
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\FNTS~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\MCROSO~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\MANTEC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\YMANTE~1
C:\qoobox\purity\C\Programmer\ICROSO~1.NET
C:\qoobox\purity\C\Programmer\PPATCH~1
C:\qoobox\purity\C\Programmer\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\CROSOF~1
C:\qoobox\purity\C\WINDOWS\FNTS~1
C:\qoobox\purity\C\WINDOWS\MCROSO~1
C:\qoobox\purity\C\WINDOWS\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES
-------\COM+ Messages
-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))


2007-05-21 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-05-21 17:15 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-05-21 17:15 <DIR> d-------- C:\Programmer\IVT Corporation
2007-05-18 20:30 11,776 --a------ C:\WINDOWS\smanager.7.exe
2007-05-17 17:05 <DIR> d-------- C:\Programmer\JAM Software
2007-05-17 14:37 <DIR> d-------- C:\HiJackThis
2007-05-17 14:23 <DIR> d-------- C:\Programmer\Red Storm Entertainment
2007-05-16 19:09 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-05-16 09:23 17,408 --a------ C:\WINDOWS\system32\avp.exe
2007-05-14 17:07 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-14 17:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-14 17:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-14 17:07 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-14 17:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-14 17:07 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-14 17:07 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-14 17:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-14 17:07 350,208 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-14 17:07 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-14 17:07 344,576 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-14 17:07 229,376 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-14 17:07 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-14 17:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-14 17:07 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-14 17:07 132,096 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-14 17:07 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-14 17:07 123,904 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-14 17:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-14 17:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-14 17:07 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-11 21:08 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-05-11 21:08 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-05-11 21:08 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-05-11 21:08 26,064 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-05-11 21:08 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-11 21:07 <DIR> d-------- C:\Programmer\Ubi Soft
2007-05-11 16:56 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-05-11 16:56 44,464 --a------ C:\WINDOWS\system\D2HTOOLS.DLL
2007-05-11 16:56 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-05-11 16:56 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-05-11 16:56 <DIR> d-------- C:\SC2DEMOW
2007-05-10 00:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-10 00:12 <DIR> d-------- C:\Programmer\F‘lles filer\Adobe Systems Shared
2007-05-05 16:22 545 --a------ C:\WINDOWS\UC.PIF
2007-05-05 16:22 545 --a------ C:\WINDOWS\RAR.PIF
2007-05-05 16:22 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-05-05 16:22 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-05-05 16:22 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-05-05 16:22 545 --a------ C:\WINDOWS\LHA.PIF
2007-05-05 16:22 545 --a------ C:\WINDOWS\ARJ.PIF
2007-05-05 16:22 <DIR> d-------- C:\totalcmd
2007-04-30 20:14 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Foretrukne
2007-04-29 00:19 <DIR> d-------- C:\Programmer\Opera 9
2007-04-28 10:41 <DIR> d-------- C:\Programmer\OSM
2007-04-28 10:22 <DIR> d-------- C:\OGameSkin
2007-04-26 23:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-24 22:54 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-21 20:55:39 -------- d-----w C:\Programmer\Fælles filer
2007-05-21 15:16:45 -------- d-----w C:\Programmer\Mozilla Thunderbird
2007-05-21 15:14:38 -------- d--h--w C:\Programmer\InstallShield Installation Information
2007-05-21 14:42:55 -------- d-----w C:\Programmer\Trillian
2007-05-20 21:09:41 31,924 ----a-w C:\DOCUME~1\SREN~1\APPLIC~1\wklnhst.dat
2007-05-18 21:34:52 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\BitTorrent
2007-05-18 21:32:13 -------- d-----w C:\Programmer\NavNT
2007-05-18 20:56:02 -------- d-----w C:\Programmer\Just BASIC v1.01
2007-05-18 20:55:57 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\n-Track Studio5
2007-05-18 18:43:02 73,646 ----a-w C:\WINDOWS\system32\perfc006.dat
2007-05-18 18:43:02 415,904 ----a-w C:\WINDOWS\system32\perfh006.dat
2007-05-16 08:01:31 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\U3
2007-05-14 15:07:50 -------- d-----w C:\Programmer\Windows NT
2007-05-12 19:45:34 -------- d-----w C:\Programmer\Google
2007-05-12 13:17:37 -------- d-----w C:\Programmer\Maxis
2007-05-09 22:12:48 -------- d-----w C:\Programmer\Fælles filer\Adobe Systems Shared
2007-05-01 11:28:58 -------- d-----w C:\Programmer\Common Files
2007-04-24 21:15:44 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-24 21:00:41 -------- d-----w C:\Programmer\Shockwave.com
2007-04-24 20:59:52 -------- d-----w C:\Programmer\Empire XP 4.4
2007-04-24 20:59:38 -------- d-----w C:\Programmer\Fælles filer\Real
2007-04-24 20:58:44 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\Real
2007-04-16 15:23:29 -------- d-----w C:\Programmer\FASoft
2007-04-13 15:16:15 49,152 ----a-w C:\WINDOWS\system32\apache.dll
2007-04-09 12:35:31 -------- d-----w C:\Programmer\Ubisoft
2007-04-09 12:34:56 -------- d-----w C:\Programmer\WinISO
2007-04-09 12:34:32 -------- d-----w C:\Programmer\Gabest
2007-04-09 12:33:42 -------- d-----w C:\Programmer\NeoTracePro
2007-04-09 12:31:56 -------- d-----w C:\Programmer\ElastoMania111
2007-04-09 12:28:19 -------- d-----w C:\Programmer\Nvu
2007-04-08 17:33:19 -------- d-----w C:\Programmer\Microsoft Visual Studio 8
2007-04-07 20:14:01 -------- d-----w C:\Programmer\Fælles filer\Microsoft Shared
2007-04-07 20:13:40 -------- d-----w C:\Programmer\Fælles filer\Merge Modules
2007-04-07 20:12:22 -------- d-----w C:\Programmer\Microsoft.NET
2007-04-07 20:11:50 -------- d-----w C:\Programmer\Fælles filer\Designer
2007-04-05 07:56:05 -------- d-----w C:\Programmer\Fælles filer\{42CA88BB-063B-1030-0815-06042606002d}
2007-04-05 07:56:04 -------- d-----w C:\Programmer\Fælles filer\{42CA88BB-063C-1030-0815-06042606002d}
2007-04-04 19:13:28 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-04-04 18:27:06 -------- d-----w C:\Programmer\Ashampoo
2007-04-04 15:08:22 -------- d-----w C:\Programmer\IRC Trivia Bot
2007-04-02 20:50:29 -------- d-----w C:\Programmer\RustemSoft
2007-04-01 15:55:00 -------- d-----w C:\Programmer\SpeedSim
2007-03-30 18:11:48 -------- d-----w C:\Programmer\directx
2007-03-30 18:11:08 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-03-30 18:11:08 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2007-03-30 18:10:52 -------- d-----w C:\Programmer\Sierra On-Line
2007-03-25 12:36:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-03-25 12:36:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-03-25 12:36:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-03-23 09:37:33 -------- d-----w C:\Programmer\iTunes
2007-03-23 09:37:16 -------- d-----w C:\Programmer\iPod
2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 21:47:22 -------- d-----w C:\Programmer\Arto
2007-03-15 14:56:36 -------- d-----w C:\Programmer\OGUTeam
2007-03-11 09:10:26 558 ----a-w C:\WINDOWS\eReg.dat
2007-03-10 10:14:15 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\AdobeUM
2007-03-09 16:08:02 -------- d-----w C:\Programmer\BitTorrent
2007-03-09 10:07:57 -------- d-----w C:\Programmer\QuickTime
2007-03-08 15:38:16 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:16 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:16 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:35:19 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-14 22:16:44 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 11:09]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 21:22]
{FFFFFEF0-5B30-21D4-945D-000000000000}=C:\PROGRA~1\STARDO~1\SDIEInt.dll [2006-02-26 14:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49]
"QPService"="C:\Programmer\HP\QuickPlay\QPService.exe" [2006-04-11 21:54]
"HP Software Update"="C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03]
"vptray"="C:\Programmer\NavNT\vptray.exe" [2002-06-03 14:09]
"D-Link AirPlus G"="C:\Programmer\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 20:26]
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe" [2006-11-25 17:58]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2006-12-12 02:36]
"avp"="C:\WINDOWS\system32\avp.exe" [2007-05-16 09:23]
"SManager"="smanager.7.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trillian"="C:\\Programmer\\Trillian\\trillian.exe" [2007-04-30 00:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-04-04 21:13]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"BitTorrent"="C:\Programmer\BitTorrent\bittorrent.exe" [2007-03-02 01:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* -BLUESOLEIL_HID_SERVICE


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070518-204143-676
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)

backup-20070518-204134-313
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}]
@="WPDShServiceObj Class"

[HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\WPDShServiceObj.dll"
"ThreadingModel"="Both"



backup-20070518-204134-171
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

backup-20070518-204045-495
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm

backup-20070518-204045-484
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)

backup-20070518-204045-670
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

backup-20070518-204045-578
O4 - HKLM\..\Run: [SManager] smanager.7.exe

backup-20070518-204045-275
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

backup-20070517-144542-272
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

backup-20070517-144542-547
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)

backup-20070517-144542-227
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)

backup-20070517-144542-890
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-780
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

???????????????????????????????????????????4????????????????????????????????????????????????????????????????????????4???=??????????????????????????=???????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-714
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

???????????????????????????????????????????4????????????????????????????????????????????????????????????????????????4???=??????????????????????????=???????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-971
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

???????????????????????????????????????????4??????????????????????????????????4???=??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-393
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

???????????????????????????????????????????4????????????????????????????????????????????=????????????????????????????????????????????????????????

backup-20070517-144542-891
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

???????????????????????????????????????????4????????????????????????????????????????????=????????????????????????????????????????????????????????

backup-20070517-144542-681
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

backup-20070517-144542-984
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

backup-20070517-144542-901
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
Contents of the 'Scheduled Tasks' folder
2007-03-30 08:35:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-10-22 20:55:18 C:\WINDOWS\tasks\Low Battery Alarm Program.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-21 22:57:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe????????? ???@????????? ?????@??????\??????(?@???????@

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bogrkiib.dll
C:\WINDOWS\system32\clromvle.dll
C:\WINDOWS\system32\dculcobi.dll
C:\WINDOWS\system32\dpwybtni.dll
C:\WINDOWS\system32\felmpucl.dll
C:\WINDOWS\system32\gtmgxlob.dll
C:\WINDOWS\system32\iqhjmukl.dll
C:\WINDOWS\system32\koeahvnt.dll
C:\WINDOWS\system32\ksjraacd.dll
C:\WINDOWS\system32\nojaijtb.dll
C:\WINDOWS\system32\oidghmrv.dll
C:\WINDOWS\system32\opqfvxvj.dll
C:\WINDOWS\system32\orkcumbw.dll
C:\WINDOWS\system32\pmnnkjh.dll
C:\WINDOWS\system32\qomlijh.dll
C:\WINDOWS\system32\qqgxassq.dll
C:\WINDOWS\system32\qrxrafsu.dll
C:\WINDOWS\system32\rblalmkn.dll
C:\WINDOWS\system32\saujtlcg.dll
C:\WINDOWS\system32\secwjtkp.dll
C:\WINDOWS\system32\soxfjjhp.dll
C:\WINDOWS\system32\wgvvkbxs.dll
C:\WINDOWS\system32\xmjyxjps.dll
C:\WINDOWS\system32\ybpvsvhl.dll
C:\WINDOWS\system32\yjbccvqg.dll
C:\WINDOWS\system32\ywcexnqk.dll
C:\WINDOWS\system32\tuvsstu.dll
C:\WINDOWS\system32\winbue32.dll
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\intbywpd.ini
C:\WINDOWS\system32\vrmhgdio.ini
C:\WINDOWS\system32\usfarxrq.ini
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\jkkkkhi.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\F‘lles filer\Yazzle1122OinUninstaller.exe
C:\WINDOWS\system32\components\flx0.dll
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\components\flx10.dll
C:\WINDOWS\system32\components\flx11.dll
C:\WINDOWS\system32\components\flx12.dll
C:\WINDOWS\system32\components\flx13.dll
C:\WINDOWS\system32\components\flx14.dll
C:\WINDOWS\system32\components\flx15.dll
C:\WINDOWS\system32\components\flx16.dll
C:\WINDOWS\system32\components\flx17.dll
C:\WINDOWS\system32\components\flx18.dll
C:\WINDOWS\system32\components\flx19.dll
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\components\flx20.dll
C:\WINDOWS\system32\components\flx21.dll
C:\WINDOWS\system32\components\flx22.dll
C:\WINDOWS\system32\components\flx23.dll
C:\WINDOWS\system32\components\flx24.dll
C:\WINDOWS\system32\components\flx25.dll
C:\WINDOWS\system32\components\flx26.dll
C:\WINDOWS\system32\components\flx27.dll
C:\WINDOWS\system32\components\flx28.dll
C:\WINDOWS\system32\components\flx29.dll
C:\WINDOWS\system32\components\flx3.dll
C:\WINDOWS\system32\components\flx30.dll
C:\WINDOWS\system32\components\flx31.dll
C:\WINDOWS\system32\components\flx32.dll
C:\WINDOWS\system32\components\flx33.dll
C:\WINDOWS\system32\components\flx34.dll
C:\WINDOWS\system32\components\flx35.dll
C:\WINDOWS\system32\components\flx36.dll
C:\WINDOWS\system32\components\flx37.dll
C:\WINDOWS\system32\components\flx38.dll
C:\WINDOWS\system32\components\flx39.dll
C:\WINDOWS\system32\components\flx4.dll
C:\WINDOWS\system32\components\flx40.dll
C:\WINDOWS\system32\components\flx41.dll
C:\WINDOWS\system32\components\flx42.dll
C:\WINDOWS\system32\components\flx43.dll
C:\WINDOWS\system32\components\flx44.dll
C:\WINDOWS\system32\components\flx45.dll
C:\WINDOWS\system32\components\flx46.dll
C:\WINDOWS\system32\components\flx47.dll
C:\WINDOWS\system32\components\flx48.dll
C:\WINDOWS\system32\components\flx49.dll
C:\WINDOWS\system32\components\flx5.dll
C:\WINDOWS\system32\components\flx50.dll
C:\WINDOWS\system32\components\flx51.dll
C:\WINDOWS\system32\components\flx52.dll
C:\WINDOWS\system32\components\flx53.dll
C:\WINDOWS\system32\components\flx54.dll
C:\WINDOWS\system32\components\flx55.dll
C:\WINDOWS\system32\components\flx56.dll
C:\WINDOWS\system32\components\flx57.dll
C:\WINDOWS\system32\components\flx58.dll
C:\WINDOWS\system32\components\flx59.dll
C:\WINDOWS\system32\components\flx6.dll
C:\WINDOWS\system32\components\flx60.dll
C:\WINDOWS\system32\components\flx61.dll
C:\WINDOWS\system32\components\flx62.dll
C:\WINDOWS\system32\components\flx63.dll
C:\WINDOWS\system32\components\flx64.dll
C:\WINDOWS\system32\components\flx65.dll
C:\WINDOWS\system32\components\flx66.dll
C:\WINDOWS\system32\components\flx67.dll
C:\WINDOWS\system32\components\flx68.dll
C:\WINDOWS\system32\components\flx69.dll
C:\WINDOWS\system32\components\flx7.dll
C:\WINDOWS\system32\components\flx70.dll
C:\WINDOWS\system32\components\flx71.dll
C:\WINDOWS\system32\components\flx72.dll
C:\WINDOWS\system32\components\flx73.dll
C:\WINDOWS\system32\components\flx74.dll
C:\WINDOWS\system32\components\flx75.dll
C:\WINDOWS\system32\components\flx76.dll
C:\WINDOWS\system32\components\flx77.dll
C:\WINDOWS\system32\components\flx78.dll
C:\WINDOWS\system32\components\flx79.dll
C:\WINDOWS\system32\components\flx8.dll
C:\WINDOWS\system32\components\flx80.dll
C:\WINDOWS\system32\components\flx81.dll
C:\WINDOWS\system32\components\flx82.dll
C:\WINDOWS\system32\components\flx83.dll
C:\WINDOWS\system32\components\flx84.dll
C:\WINDOWS\system32\components\flx85.dll
C:\WINDOWS\system32\components\flx86.dll
C:\WINDOWS\system32\components\flx87.dll
C:\WINDOWS\system32\components\flx9.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wtscc.exe
C:\Programmer\inetget2
C:\Programmer\vsadd-in
C:\WINDOWS\system32\components
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\FNTS~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\MCROSO~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\MANTEC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\YMANTE~1
C:\qoobox\purity\C\Programmer\ICROSO~1.NET
C:\qoobox\purity\C\Programmer\PPATCH~1
C:\qoobox\purity\C\Programmer\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\CROSOF~1
C:\qoobox\purity\C\WINDOWS\FNTS~1
C:\qoobox\purity\C\WINDOWS\MCROSO~1
C:\qoobox\purity\C\WINDOWS\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\FNTS~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\MCROSO~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\MANTEC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\YMANTE~1
C:\qoobox\purity\C\Programmer\ICROSO~1.NET
C:\qoobox\purity\C\Programmer\PPATCH~1
C:\qoobox\purity\C\Programmer\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\CROSOF~1
C:\qoobox\purity\C\WINDOWS\FNTS~1
C:\qoobox\purity\C\WINDOWS\MCROSO~1
C:\qoobox\purity\C\WINDOWS\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\FNTS~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\APPLIC~1\MCROSO~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\MANTEC~1
C:\qoobox\purity\C\DOCUME~1\SREN~1\DOKUME~1\YMANTE~1
C:\qoobox\purity\C\Programmer\ICROSO~1.NET
C:\qoobox\purity\C\Programmer\PPATCH~1
C:\qoobox\purity\C\Programmer\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\CROSOF~1
C:\qoobox\purity\C\WINDOWS\FNTS~1
C:\qoobox\purity\C\WINDOWS\MCROSO~1
C:\qoobox\purity\C\WINDOWS\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES
-------\COM+ Messages
-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-21 20:55:39 -------- d-----w C:\Programmer\Fælles filer
2007-05-21 15:16:45 -------- d-----w C:\Programmer\Mozilla Thunderbird
2007-05-21 15:14:38 -------- d--h--w C:\Programmer\InstallShield Installation Information
2007-05-21 14:42:55 -------- d-----w C:\Programmer\Trillian
2007-05-20 21:09:41 31,924 ----a-w C:\DOCUME~1\SREN~1\APPLIC~1\wklnhst.dat
2007-05-18 21:34:52 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\BitTorrent
2007-05-18 21:32:13 -------- d-----w C:\Programmer\NavNT
2007-05-18 20:56:02 -------- d-----w C:\Programmer\Just BASIC v1.01
2007-05-18 20:55:57 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\n-Track Studio5
2007-05-18 18:43:02 73,646 ----a-w C:\WINDOWS\system32\perfc006.dat
2007-05-18 18:43:02 415,904 ----a-w C:\WINDOWS\system32\perfh006.dat
2007-05-16 08:01:31 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\U3
2007-05-14 15:07:50 -------- d-----w C:\Programmer\Windows NT
2007-05-12 19:45:34 -------- d-----w C:\Programmer\Google
2007-05-12 13:17:37 -------- d-----w C:\Programmer\Maxis
2007-05-09 22:12:48 -------- d-----w C:\Programmer\Fælles filer\Adobe Systems Shared
2007-05-01 11:28:58 -------- d-----w C:\Programmer\Common Files
2007-04-24 21:15:44 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-24 21:00:41 -------- d-----w C:\Programmer\Shockwave.com
2007-04-24 20:59:52 -------- d-----w C:\Programmer\Empire XP 4.4
2007-04-24 20:59:38 -------- d-----w C:\Programmer\Fælles filer\Real
2007-04-24 20:58:44 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\Real
2007-04-16 15:23:29 -------- d-----w C:\Programmer\FASoft
2007-04-13 15:16:15 49,152 ----a-w C:\WINDOWS\system32\apache.dll
2007-04-09 12:35:31 -------- d-----w C:\Programmer\Ubisoft
2007-04-09 12:34:56 -------- d-----w C:\Programmer\WinISO
2007-04-09 12:34:32 -------- d-----w C:\Programmer\Gabest
2007-04-09 12:33:42 -------- d-----w C:\Programmer\NeoTracePro
2007-04-09 12:31:56 -------- d-----w C:\Programmer\ElastoMania111
2007-04-09 12:28:19 -------- d-----w C:\Programmer\Nvu
2007-04-08 17:33:19 -------- d-----w C:\Programmer\Microsoft Visual Studio 8
2007-04-07 20:14:01 -------- d-----w C:\Programmer\Fælles filer\Microsoft Shared
2007-04-07 20:13:40 -------- d-----w C:\Programmer\Fælles filer\Merge Modules
2007-04-07 20:12:22 -------- d-----w C:\Programmer\Microsoft.NET
2007-04-07 20:11:50 -------- d-----w C:\Programmer\Fælles filer\Designer
2007-04-05 07:56:05 -------- d-----w C:\Programmer\Fælles filer\{42CA88BB-063B-1030-0815-06042606002d}
2007-04-05 07:56:04 -------- d-----w C:\Programmer\Fælles filer\{42CA88BB-063C-1030-0815-06042606002d}
2007-04-04 19:13:28 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-04-04 18:27:06 -------- d-----w C:\Programmer\Ashampoo
2007-04-04 15:08:22 -------- d-----w C:\Programmer\IRC Trivia Bot
2007-04-02 20:50:29 -------- d-----w C:\Programmer\RustemSoft
2007-04-01 15:55:00 -------- d-----w C:\Programmer\SpeedSim
2007-03-30 18:11:48 -------- d-----w C:\Programmer\directx
2007-03-30 18:11:08 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-03-30 18:11:08 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2007-03-30 18:10:52 -------- d-----w C:\Programmer\Sierra On-Line
2007-03-25 12:36:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-03-25 12:36:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-03-25 12:36:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-03-23 09:37:33 -------- d-----w C:\Programmer\iTunes
2007-03-23 09:37:16 -------- d-----w C:\Programmer\iPod
2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 21:47:22 -------- d-----w C:\Programmer\Arto
2007-03-15 14:56:36 -------- d-----w C:\Programmer\OGUTeam
2007-03-11 09:10:26 558 ----a-w C:\WINDOWS\eReg.dat
2007-03-10 10:14:15 -------- d-----w C:\DOCUME~1\SREN~1\APPLIC~1\AdobeUM
2007-03-09 16:08:02 -------- d-----w C:\Programmer\BitTorrent
2007-03-09 10:07:57 -------- d-----w C:\Programmer\QuickTime
2007-03-08 15:38:16 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:16 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:16 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:35:19 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-14 22:16:44 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 11:09]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 21:22]
{FFFFFEF0-5B30-21D4-945D-000000000000}=C:\PROGRA~1\STARDO~1\SDIEInt.dll [2006-02-26 14:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49]
"QPService"="C:\Programmer\HP\QuickPlay\QPService.exe" [2006-04-11 21:54]
"HP Software Update"="C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03]
"vptray"="C:\Programmer\NavNT\vptray.exe" [2002-06-03 14:09]
"D-Link AirPlus G"="C:\Programmer\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 20:26]
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe" [2006-11-25 17:58]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2006-12-12 02:36]
"avp"="C:\WINDOWS\system32\avp.exe" [2007-05-16 09:23]
"SManager"="smanager.7.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trillian"="C:\\Programmer\\Trillian\\trillian.exe" [2007-04-30 00:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-04-04 21:13]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"BitTorrent"="C:\Programmer\BitTorrent\bittorrent.exe" [2007-03-02 01:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070518-204143-676
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)

backup-20070518-204134-313
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}]
@="WPDShServiceObj Class"

[HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\WPDShServiceObj.dll"
"ThreadingModel"="Both"



backup-20070518-204134-171
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

backup-20070518-204045-495
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm

backup-20070518-204045-484
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)

backup-20070518-204045-670
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

backup-20070518-204045-578
O4 - HKLM\..\Run: [SManager] smanager.7.exe

backup-20070518-204045-275
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

backup-20070517-144542-272
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

backup-20070517-144542-547
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)

backup-20070517-144542-227
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)

backup-20070517-144542-890
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-780
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

???????????????????????????????????????????4????????????????????????????????????????????????????????????????????????4???=??????????????????????????=???????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-714
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

???????????????????????????????????????????4????????????????????????????????????????????????????????????????????????4???=??????????????????????????=???????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-971
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

???????????????????????????????????????????4??????????????????????????????????4???=??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070517-144542-393
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

???????????????????????????????????????????4????????????????????????????????????????????=????????????????????????????????????????????????????????

backup-20070517-144542-891
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

???????????????????????????????????????????4????????????????????????????????????????????=????????????????????????????????????????????????????????

backup-20070517-144542-681
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

backup-20070517-144542-984
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

backup-20070517-144542-901
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
Contents of the 'Scheduled Tasks' folder
2007-03-30 08:35:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-10-22 20:55:18 C:\WINDOWS\tasks\Low Battery Alarm Program.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-21 23:12:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe????????? ???@????????? ?????@??????\??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-21 23:33:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-21 23:33

--- E O F ---

The HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 08:56:11, on 22-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\HP\QuickPlay\QPService.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\avp.exe
C:\WINDOWS\smanager.7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {65C7AA63-6D83-4C55-A74A-6DE338EFFCE6} - (no file)
O2 - BHO: (no name) - {6793FB32-688A-1055-AB4A-6DE338EEA9BB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A2E20CE0-9A5C-EDFF-7177-C8896D2F31BF} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {C3F23EE7-F301-8880-7407-F91A07C40AB3} - (no file)
O2 - BHO: (no name) - {D43B0133-A24D-44B2-9F94-FAAA05E97A82} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmer\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [Trillian] C:\\Programmer\\Trillian\\trillian.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: Download with Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SSScsiSV.exe

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 22 May 2007 - 06:33 AM

Hello,

Let's deal with the rest now, so perform my instructions in the right order without missing any step..

* Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Where it says: "Paste List of Files/Folders to be Moved", copy and paste next bold part into that Window:

    C:\WINDOWS\smanager.7.exe
    C:\WINDOWS\system32\avp.exe
    C:\Programmer\Fælles filer\{42CA88BB-063B-1030-0815-06042606002d}
    C:\Programmer\Fælles filer\{42CA88BB-063C-1030-0815-06042606002d}



  • Then click the red Moveit! button below.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.. Then it will reboot your computer.
Even though OTMoveIT didn't ask to reboot your computer - reboot anyway, this since moved files may still be in use.

Then, after reboot, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {65C7AA63-6D83-4C55-A74A-6DE338EFFCE6} - (no file)
O2 - BHO: (no name) - {6793FB32-688A-1055-AB4A-6DE338EEA9BB} - (no file)
O2 - BHO: (no name) - {A2E20CE0-9A5C-EDFF-7177-C8896D2F31BF} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {C3F23EE7-F301-8880-7407-F91A07C40AB3} - (no file)
O2 - BHO: (no name) - {D43B0133-A24D-44B2-9F94-FAAA05E97A82} - (no file)
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
<== it's a bad idea to let p2p programs startup with Windows

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Post a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Mista

Mista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 22 May 2007 - 09:55 AM

Alright now, I did everything you said and here's the new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:51:23, on 22-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\HP\QuickPlay\QPService.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmer\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Trillian] C:\\Programmer\\Trillian\\trillian.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download with Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\npjpi160_01.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmer\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SSScsiSV.exe

Edited by Mista, 22 May 2007 - 10:01 AM.


#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 22 May 2007 - 10:03 AM

Hi,

Your log looks clean again. How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Mista

Mista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 22 May 2007 - 10:10 AM

Everything looks okay right now, but I don't know about later.

I've also been having a problem with some kind of virus/malware that keeps taking control over my Internet browser (using FireFox) and takes me to another site that I didn't ask forand the program (virus/malware) does it even when I'm not using my browser and surfing the Internet.

Is that the work of smanager.7.exe?
Or is that something else?

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 22 May 2007 - 10:22 AM

Hi,

Well, you were dealing with a lot of several different infections. It's a pity that Norton didn't even flag them and delete them though.
Is your Norton up to date by the way? Did you purchase Norton? Because I really can't believe it left so many malware on your system.
All these infections were causing the popups, strange behaviors in Internet Explorer and Firefox etc..
That should be gone now, since we deleted the malware/infections manually.

As a final cleanup, do next:

* Open OTMoveIt and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OtMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

Just let me know in your next reply about Norton. If it's up to date and if you purchased it - if so, if your license is still valid or already expired. Because I really want to make sure this won't happen again and if Norton really lacks here in detection and removal, then I guess it's time for another Antivirus imho
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Mista

Mista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 22 May 2007 - 10:43 AM

OTMoveIt has cleaned up after itself really good.
I can't even find the program now.

Hmm, my Norton AntiVirus is a corporate version. I'm not sure that is the right word for it but it means that I don't pay for it. It's a free version for big firms.
My dad got it from his work.

The Virus Definition File is:
Version 17-05-2007 rev. 73

I tried LiveUpdate, but Norton is up to date, at least it says.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 22 May 2007 - 11:09 AM

Well, it seems like it's indeed up to date. Too bad it doesn't update itself automatically more than once a day as most scanners do.
Anyway, it's a pity that it left so many malware on your system even though some files were able to get removed without any problem since they weren't in use.
If you look at your combofix log you posted previously (the first one), you see how many files Combofix removed (under "V log" and "Other Deletions"). So this means your Norton didn't remove them or didn't even flag them as infected previously.

If you're happy with Norton, then keep it. If you're in doubt, you can try another Antivirus instead which are also free.
Take a look at my signature under AntiVirus scanners for the ones I recommend. For example Avira is a free Antivirus which is great in detection and removal.
If you decide to install another Antivirus, make sure you uninstall Norton first. This because more than one Antivirus are not compatible.

But it may be better to discuss this with your dad - what he thinks.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Mista

Mista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 22 May 2007 - 11:22 AM

Yeah, I will do that .

Thank you very much for your help :flowers:

I only have one question left now:

I used to play DVD's on my computer, using HP's QuickPlay, but suddenly it doesn't work.

Can all my infections have something to do with that?
And if it does, what do I do to fix it?
Because it realy annoys me :thumbsup:

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 22 May 2007 - 12:29 PM

Hi,

I don't know if the infections caused this or not... Also, don't know what exact problems you are having with Quickplay, but you may want to take a look at the following site from hp related with HP Quickplay+issues with it.
http://www4.itrc.hp.com/service/james/sear...358941+28353475
Also, it may be better to post your exact issue in that forum, since they are the only ones who know best how to deal with it.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:43 AM

Posted 29 May 2007 - 05:28 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users