It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

I also have a Re-direct Virus

Posted 3/13/2010 11:56 PM
#83774
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
Hi all. <br/> <br/>I noticed this evening that when I clicked on a google or yahoo search result I was being re-directed to other websites almost 100% of the time. I found this forum and have registered. I have also followed the "Before posting a log instructions". I did have Limewire installed on my PC and have now removed this, but I do not believe Limewire to be the source of the virus because I have not downloaded any files recently, and the redirect problem has only appeared today. My computer is shared, so it is possible that another family member has unwittingly caused the virus infection. <br/> <br/>I use Avast free anti-virus and this was updated after I followed the steps in "Before posting a log instructions". I shall now post my logs in the requested order: <br/> <br/>Hijackthis Log: <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 23:45:14, on 13/03/2010 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16981) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>C:\WINDOWS\ehome\ehtray.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe <br/>C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe <br/>C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\arservice.exe <br/>C:\Program Files\Common Files\Teleca Shared\Generic.exe <br/>C:\WINDOWS\eHome\ehRecvr.exe <br/>C:\WINDOWS\eHome\ehSched.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\eHome\ehmsas.exe <br/>C:\HP\KBD\KBD.EXE <br/>c:\windows\system\hpsysdrv.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Windows Live\Toolbar\wltuser.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR <br/>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing) <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe <br/>O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode <br/>O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE <br/>O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE <br/>O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run <br/>O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon <br/>O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions <br/>O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot <br/>O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot <br/>O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/cab-driver/en/" <br/>O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') <br/>O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') <br/>O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') <br/>O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Compaq_Administrator\Desktop\WH GBP Casino.lnk (file missing) <br/>O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Compaq_Administrator\Desktop\WH GBP Casino.lnk (file missing) <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL <br/>O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm <br/>O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) <br/>O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) <br/>O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab <br/>O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab <br/>O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{887693BC-DF16-4BBC-A3E1-9A5EBBA69D4F}: NameServer = 212.139.132.57 212.139.132.56 <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/> <br/>-- <br/>End of file - 11072 bytes
Posted 3/13/2010 11:57 PM
#83775
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
Malwarebyte Log: <br/> <br/>Malwarebytes' Anti-Malware 1.44 <br/>Database version: 3864 <br/>Windows 5.1.2600 Service Pack 3 <br/>Internet Explorer 7.0.5730.11 <br/> <br/>13/03/2010 23:14:12 <br/>mbam-log-2010-03-13 (23-14-12).txt <br/> <br/>Scan type: Full Scan (C:\|D:\|) <br/>Objects scanned: 243167 <br/>Time elapsed: 46 minute(s), 33 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 31 <br/>Registry Values Infected: 2 <br/>Registry Data Items Infected: 3 <br/>Folders Infected: 3 <br/>Files Infected: 7 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{2d6a91cf-37c6-4eb2-a8d8-f65f1db14ece} (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{074e3aa7-7718-4404-b3f8-ff8fb5414e0e} (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d6a91cf-37c6-4eb2-a8d8-f65f1db14ece} (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\BrowserAccelerator (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. <br/> <br/>Folders Infected: <br/>C:\Program Files\BrowserAccelerator (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>C:\Program Files\BrowserAccelerator\_BACKUP_ (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. <br/> <br/>Files Infected: <br/>C:\WINDOWS\system32\sdra64.exe (Trojan.Zbot) -> Delete on reboot. <br/>C:\Program Files\BrowserAccelerator\BrowserAccelerator.log (Adware.BrowserAccelerator) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. <br/>C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. <br/>C:\Documents and Settings\Compaq_Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. <br/>C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Posted 3/13/2010 11:57 PM
#83776
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
DDS Log 1: <br/> <br/>DDS (Ver_09-12-01.01) - NTFSx86 <br/>Run by Compaq_Administrator at 23:20:15.00 on 13/03/2010 <br/>Internet Explorer: 7.0.5730.11 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.958.503 [GMT 0:00] <br/> <br/>AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>svchost.exe <br/>svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>C:\WINDOWS\ehome\ehtray.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe <br/>C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe <br/>C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>svchost.exe <br/>C:\WINDOWS\arservice.exe <br/>C:\Program Files\Common Files\Teleca Shared\Generic.exe <br/>C:\WINDOWS\eHome\ehRecvr.exe <br/>C:\WINDOWS\eHome\ehSched.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>svchost.exe <br/>C:\WINDOWS\system32\svchost.exe -k imgsvc <br/>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe <br/>C:\WINDOWS\System32\svchost.exe -k HTTPFilter <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\eHome\ehmsas.exe <br/>C:\HP\KBD\KBD.EXE <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Windows Live\Toolbar\wltuser.exe <br/>c:\windows\system\hpsysdrv.exe <br/>C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\IC4PQUBA\dds[1].scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = hxxp://www.tiscali.co.uk/ <br/>uSearch Page = hxxp://www.google.com <br/>uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>uSearch Bar = hxxp://www.google.com/ie <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mSearch Page = <br/>mStart Page = hxxp://www.yahoo.com/ <br/>mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR <br/>uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - <br/>BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll <br/>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File <br/>BHO: : {67982bb7-0f95-44c5-92dc-e3af3dc19d6d} - c:\program files\video activex object\isaddon.dll <br/>BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll <br/>BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll <br/>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll <br/>TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File <br/>uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [Registry Helper] "c:\program files\registry helper\RegistryHelper.Exe" /boot <br/>uRun: [Disk Cleaner] "c:\program files\disk cleaner\DiskCleaner.Exe" /boot <br/>uRun: [kdx] c:\program files\kontiki\KHost.exe -all <br/>uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe <br/>uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/cab-driver/en/" <br/>mRun: [ehTray] c:\windows\ehome\ehtray.exe <br/>mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode <br/>mRun: [RTHDCPL] RTHDCPL.EXE <br/>mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE <br/>mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup <br/>mRun: [nwiz] nwiz.exe /install <br/>mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE <br/>mRun: [PCDrProfiler] <br/>mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run <br/>mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" <br/>mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe <br/>mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon <br/>mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" <br/>mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions <br/>mRun: [NapsterShell] c:\program files\napster\napster.exe /systray <br/>mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime <br/>mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui <br/>mExplorerRun: [none] c:\program files\video activex object\pmsngr.exe <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe <br/>IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html <br/>IE: {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - c:\documents and settings\compaq_administrator\desktop\WH GBP Casino.lnk <br/>IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL <br/>DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab <br/>DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab <br/>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>TCP: {887693BC-DF16-4BBC-A3E1-9A5EBBA69D4F} = 212.139.132.57 212.139.132.56 <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-23 162512] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-23 19024] <br/>R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384] <br/>R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-22 54752] <br/>R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] <br/>R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384] <br/>R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384] <br/>S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] <br/>S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2007-6-17 61536] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2010-03-13 22:17:57 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes <br/>2010-03-13 22:17:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-03-13 22:17:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes <br/>2010-03-13 22:17:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-03-13 22:17:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-03-13 22:08:33 0 d-----w- c:\program files\CCleaner <br/>2010-03-13 17:40:13 664 ----a-w- c:\windows\system32\d3d9caps.dat <br/>2010-03-11 16:13:23 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe <br/>2010-02-26 10:52:01 293376 ------w- c:\windows\system32\browserchoice.exe <br/> <br/>==================== Find3M ==================== <br/> <br/>2010-01-16 15:59:22 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys <br/>2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe <br/>2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe <br/>2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe <br/>2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll <br/>2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe <br/>2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe <br/>2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll <br/>2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll <br/>2008-07-19 09:47:01 321 --sh--w- c:\windows\system32\3635561759.sys <br/>2009-03-30 15:17:59 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009033020090331\index.dat <br/> <br/>============= FINISH: 23:21:43.12 ===============
Posted 3/13/2010 11:59 PM
#83777
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
DDS Log 2: <br/> <br/> <br/>DDS (Ver_09-12-01.01) <br/> <br/>Microsoft Windows XP Professional <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 17/11/2006 19:38:23 <br/>System Uptime: 13/03/2010 23:16:29 (0 hours ago) <br/> <br/>Motherboard: ASUSTek Computer INC. | | NODUSM3 <br/>Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/200mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>C: is FIXED (NTFS) - 142 GiB total, 113.159 GiB free. <br/>D: is FIXED (FAT32) - 7 GiB total, 0.901 GiB free. <br/>E: is CDROM () <br/>F: is Removable <br/>G: is Removable <br/>H: is Removable <br/>I: is Removable <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>==== System Restore Points =================== <br/> <br/>RP563: 12/12/2009 18:18:39 - System Checkpoint <br/>RP564: 17/12/2009 21:50:36 - System Checkpoint <br/>RP565: 21/12/2009 11:29:43 - System Checkpoint <br/>RP566: 22/12/2009 13:35:43 - System Checkpoint <br/>RP567: 23/12/2009 20:02:09 - System Checkpoint <br/>RP568: 24/12/2009 15:17:39 - Software Distribution Service 3.0 <br/>RP569: 26/12/2009 11:39:24 - System Checkpoint <br/>RP570: 01/01/2010 19:11:22 - System Checkpoint <br/>RP571: 02/01/2010 15:34:24 - Software Distribution Service 3.0 <br/>RP572: 04/01/2010 09:32:52 - Software Distribution Service 3.0 <br/>RP573: 05/01/2010 09:04:12 - Avg8 Update <br/>RP574: 05/01/2010 09:05:07 - Avg8 Update <br/>RP575: 06/01/2010 13:16:43 - System Checkpoint <br/>RP576: 06/01/2010 18:07:40 - Installed WinZip 14.0 <br/>RP577: 08/01/2010 11:30:35 - System Checkpoint <br/>RP578: 10/01/2010 12:05:59 - System Checkpoint <br/>RP579: 12/01/2010 12:24:34 - System Checkpoint <br/>RP580: 14/01/2010 17:16:29 - Software Distribution Service 3.0 <br/>RP581: 14/01/2010 22:42:23 - Software Distribution Service 3.0 <br/>RP582: 16/01/2010 13:35:50 - Removed Driving Test Success 2002-2003 <br/>RP583: 16/01/2010 13:41:24 - Removed Hazard Perception Training 2002-2003 <br/>RP584: 16/01/2010 15:59:15 - Installed Java(TM) 6 Update 17 <br/>RP585: 17/01/2010 09:25:42 - Installed AVG Free 9.0 <br/>RP586: 18/01/2010 19:59:32 - Configured Bonjour <br/>RP587: 20/01/2010 23:25:57 - Software Distribution Service 3.0 <br/>RP588: 23/01/2010 18:41:08 - Removed AVG Free 9.0 <br/>RP589: 23/01/2010 18:42:49 - Installed AVG Free 9.0 <br/>RP590: 23/01/2010 18:58:43 - avast! Free Antivirus Setup <br/>RP591: 24/01/2010 00:12:23 - Software Distribution Service 3.0 <br/>RP592: 30/01/2010 10:17:25 - System Checkpoint <br/>RP593: 31/01/2010 20:54:22 - System Checkpoint <br/>RP594: 02/02/2010 15:44:57 - System Checkpoint <br/>RP595: 04/02/2010 14:00:37 - System Checkpoint <br/>RP596: 05/02/2010 14:18:27 - System Checkpoint <br/>RP597: 07/02/2010 11:47:12 - System Checkpoint <br/>RP598: 09/02/2010 23:32:38 - Software Distribution Service 3.0 <br/>RP599: 13/02/2010 12:59:05 - System Checkpoint <br/>RP600: 18/02/2010 17:25:50 - System Checkpoint <br/>RP601: 19/02/2010 18:08:08 - System Checkpoint <br/>RP602: 20/02/2010 18:11:53 - System Checkpoint <br/>RP603: 22/02/2010 16:12:34 - System Checkpoint <br/>RP604: 23/02/2010 22:21:08 - Software Distribution Service 3.0 <br/>RP605: 26/02/2010 14:43:44 - System Checkpoint <br/>RP606: 26/02/2010 16:32:52 - Software Distribution Service 3.0 <br/>RP607: 28/02/2010 18:58:52 - System Checkpoint <br/>RP608: 03/03/2010 17:39:48 - System Checkpoint <br/>RP609: 07/03/2010 14:48:42 - System Checkpoint <br/>RP610: 11/03/2010 23:14:37 - Software Distribution Service 3.0 <br/>RP611: 13/03/2010 18:47:57 - System Checkpoint <br/> <br/>==== Installed Programs ====================== <br/> <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Flash Player 10 Plugin <br/>Adobe Reader 7.1.0 <br/>ALShow <br/>Apple Software Update <br/>avast! Free Antivirus <br/>BBC iPlayer Download Manager <br/>BufferChm <br/>CCleaner <br/>CP_AtenaShokunin1Config <br/>CP_CalendarTemplates1 <br/>cp_LightScribeConfig <br/>cp_OnlineProjectsConfig <br/>CP_Package_Basic1 <br/>CP_Package_Variety1 <br/>CP_Package_Variety2 <br/>CP_Package_Variety3 <br/>CP_Panorama1Config <br/>cp_PosterPrintConfig <br/>cp_UpdateProjectsConfig <br/>Critical Update for Windows Media Player 11 (KB959772) <br/>CueTour <br/>CustomerResearchQFolder <br/>Destinations <br/>DeviceFunctionQFolder <br/>Enhanced Multimedia Keyboard Solution <br/>eSupportQFolder <br/>Football Manager 2010 <br/>FullDPAppQFolder <br/>High Definition Audio Driver Package - KB888111 <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) <br/>Hotfix for Windows Internet Explorer 7 (KB947864) <br/>Hotfix for Windows Media Format 11 SDK (KB929399) <br/>Hotfix for Windows Media Player 10 (KB903157) <br/>Hotfix for Windows Media Player 10 (KB910393) <br/>Hotfix for Windows Media Player 11 (KB939683) <br/>Hotfix for Windows XP (KB952287) <br/>Hotfix for Windows XP (KB954550-v5) <br/>Hotfix for Windows XP (KB954708) <br/>Hotfix for Windows XP (KB961118) <br/>Hotfix for Windows XP (KB970653-v3) <br/>Hotfix for Windows XP (KB976002-v5) <br/>Hotfix for Windows XP (KB976098-v2) <br/>Hotfix for Windows XP (KB979306) <br/>HP Boot Optimizer <br/>HP Deskjet 3900 series <br/>HP DVD Play 2.1 <br/>HP Extended Capabilities 5.0 <br/>HP Image Zone Express <br/>HP Imaging Device Functions 7.0 <br/>HP Photosmart Premier Software 6.5 <br/>HP Software Update <br/>HP Solution Center & Imaging Support Tools 5.0 <br/>HPDeskjet3900Series <br/>HPPhotoSmartExpress <br/>HPProductAssistant <br/>HpSdpAppCoreApp <br/>InstantShareDevices <br/>Internet from BT <br/>Internet Services <br/>iSofter DVD Ripper Platinum 3.0.2007.228 <br/>J2SE Runtime Environment 5.0 Update 11 <br/>J2SE Runtime Environment 5.0 Update 6 <br/>Java(TM) 6 Update 17 <br/>Java(TM) 6 Update 2 <br/>Java(TM) 6 Update 3 <br/>Java(TM) 6 Update 5 <br/>Junk Mail filter update <br/>LimeWire 5.4.6 <br/>Malwarebytes' Anti-Malware <br/>Map Button (Windows Live Toolbar) <br/>MarketResearch <br/>Microsoft .NET Framework 1.0 Hotfix (KB953295) <br/>Microsoft .NET Framework 1.1 <br/>Microsoft .NET Framework 1.1 Security Update (KB953297) <br/>Microsoft .NET Framework 2.0 Service Pack 2 <br/>Microsoft .NET Framework 3.0 Service Pack 2 <br/>Microsoft .NET Framework 3.5 SP1 <br/>Microsoft Application Error Reporting <br/>Microsoft Away Mode <br/>Microsoft Choice Guard <br/>Microsoft Compression Client Pack 1.0 for Windows XP <br/>Microsoft Internationalized Domain Names Mitigation APIs <br/>Microsoft National Language Support Downlevel APIs <br/>Microsoft Office 2007 Service Pack 2 (SP2) <br/>Microsoft Office Live Add-in 1.3 <br/>Microsoft Office Proof (English) 2007 <br/>Microsoft Office Proof (French) 2007 <br/>Microsoft Office Proof (Spanish) 2007 <br/>Microsoft Office Proofing (English) 2007 <br/>Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>Microsoft Office Shared MUI (English) 2007 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>Microsoft Office Word 2007 <br/>Microsoft Office Word Home and Student 2007 <br/>Microsoft Office Word MUI (English) 2007 <br/>Microsoft Search Enhancement Pack <br/>Microsoft Silverlight <br/>Microsoft Software Update for Web Folders (English) 12 <br/>Microsoft SQL Server 2005 Compact Edition [ENU] <br/>Microsoft Sync Framework Runtime Native v1.0 (x86) <br/>Microsoft Sync Framework Services Native v1.0 (x86) <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>Microsoft Works <br/>MS Access 97 SP2 <br/>MSN <br/>MSVCRT <br/>MSXML 4.0 SP2 (KB927978) <br/>MSXML 4.0 SP2 (KB936181) <br/>MSXML 4.0 SP2 (KB954430) <br/>MSXML 4.0 SP2 (KB973688) <br/>NVIDIA Drivers <br/>OneCare Advisor (Windows Live Toolbar) <br/>OptionalContentQFolder <br/>PhotoGallery <br/>Popup Blocker (Windows Live Toolbar) <br/>QuickTime <br/>RandMap <br/>Realtek High Definition Audio Driver <br/>Samsung Master <br/>Samsung USB Driver <br/>Security Update for 2007 Microsoft Office System (KB969559) <br/>Security Update for 2007 Microsoft Office System (KB978380) <br/>Security Update for CAPICOM (KB931906) <br/>Security Update for Microsoft Office system 2007 (972581) <br/>Security Update for Microsoft Office system 2007 (KB974234) <br/>Security Update for Microsoft Office Word 2007 (KB969604) <br/>Security Update for Step By Step Interactive Training (KB898458) <br/>Security Update for Step By Step Interactive Training (KB923723) <br/>Security Update for Windows Internet Explorer 7 (KB928090) <br/>Security Update for Windows Internet Explorer 7 (KB929969) <br/>Security Update for Windows Internet Explorer 7 (KB931768) <br/>Security Update for Windows Internet Explorer 7 (KB933566) <br/>Security Update for Windows Internet Explorer 7 (KB937143) <br/>Security Update for Windows Internet Explorer 7 (KB938127) <br/>Security Update for Windows Internet Explorer 7 (KB939653) <br/>Security Update for Windows Internet Explorer 7 (KB942615) <br/>Security Update for Windows Internet Explorer 7 (KB944533) <br/>Security Update for Windows Internet Explorer 7 (KB950759) <br/>Security Update for Windows Internet Explorer 7 (KB953838) <br/>Security Update for Windows Internet Explorer 7 (KB956390) <br/>Security Update for Windows Internet Explorer 7 (KB958215) <br/>Security Update for Windows Internet Explorer 7 (KB960714) <br/>Security Update for Windows Internet Explorer 7 (KB961260) <br/>Security Update for Windows Internet Explorer 7 (KB963027) <br/>Security Update for Windows Internet Explorer 7 (KB969897) <br/>Security Update for Windows Internet Explorer 7 (KB972260) <br/>Security Update for Windows Internet Explorer 7 (KB974455) <br/>Security Update for Windows Internet Explorer 7 (KB976325) <br/>Security Update for Windows Internet Explorer 7 (KB978207) <br/>Security Update for Windows Media Player (KB952069) <br/>Security Update for Windows Media Player (KB954155) <br/>Security Update for Windows Media Player (KB968816) <br/>Security Update for Windows Media Player (KB973540) <br/>Security Update for Windows Media Player 10 (KB911565) <br/>Security Update for Windows Media Player 10 (KB917734) <br/>Security Update for Windows Media Player 11 (KB936782) <br/>Security Update for Windows Media Player 11 (KB954154) <br/>Security Update for Windows Media Player 6.4 (KB925398) <br/>Security Update for Windows XP (KB923561) <br/>Security Update for Windows XP (KB923689) <br/>Security Update for Windows XP (KB938464-v2) <br/>Security Update for Windows XP (KB938464) <br/>Security Update for Windows XP (KB941569) <br/>Security Update for Windows XP (KB946648) <br/>Security Update for Windows XP (KB950760) <br/>Security Update for Windows XP (KB950762) <br/>Security Update for Windows XP (KB950974) <br/>Security Update for Windows XP (KB951066) <br/>Security Update for Windows XP (KB951376-v2) <br/>Security Update for Windows XP (KB951376) <br/>Security Update for Windows XP (KB951698) <br/>Security Update for Windows XP (KB951748) <br/>Security Update for Windows XP (KB952004) <br/>Security Update for Windows XP (KB952954) <br/>Security Update for Windows XP (KB953839) <br/>Security Update for Windows XP (KB954211) <br/>Security Update for Windows XP (KB954459) <br/>Security Update for Windows XP (KB954600) <br/>Security Update for Windows XP (KB955069) <br/>Security Update for Windows XP (KB956391) <br/>Security Update for Windows XP (KB956572) <br/>Security Update for Windows XP (KB956744) <br/>Security Update for Windows XP (KB956802) <br/>Security Update for Windows XP (KB956803) <br/>Security Update for Windows XP (KB956841) <br/>Security Update for Windows XP (KB956844) <br/>Security Update for Windows XP (KB957095) <br/>Security Update for Windows XP (KB957097) <br/>Security Update for Windows XP (KB958644) <br/>Security Update for Windows XP (KB958687) <br/>Security Update for Windows XP (KB958690) <br/>Security Update for Windows XP (KB958869) <br/>Security Update for Windows XP (KB959426) <br/>Security Update for Windows XP (KB960225) <br/>Security Update for Windows XP (KB960715) <br/>Security Update for Windows XP (KB960803) <br/>Security Update for Windows XP (KB960859) <br/>Security Update for Windows XP (KB961371) <br/>Security Update for Windows XP (KB961373) <br/>Security Update for Windows XP (KB961501) <br/>Security Update for Windows XP (KB968537) <br/>Security Update for Windows XP (KB969059) <br/>Security Update for Windows XP (KB969898) <br/>Security Update for Windows XP (KB969947) <br/>Security Update for Windows XP (KB970238) <br/>Security Update for Windows XP (KB970430) <br/>Security Update for Windows XP (KB971468) <br/>Security Update for Windows XP (KB971486) <br/>Security Update for Windows XP (KB971557) <br/>Security Update for Windows XP (KB971633) <br/>Security Update for Windows XP (KB971657) <br/>Security Update for Windows XP (KB971961) <br/>Security Update for Windows XP (KB972270) <br/>Security Update for Windows XP (KB973346) <br/>Security Update for Windows XP (KB973354) <br/>Security Update for Windows XP (KB973507) <br/>Security Update for Windows XP (KB973525) <br/>Security Update for Windows XP (KB973869) <br/>Security Update for Windows XP (KB973904) <br/>Security Update for Windows XP (KB974112) <br/>Security Update for Windows XP (KB974318) <br/>Security Update for Windows XP (KB974392) <br/>Security Update for Windows XP (KB974571) <br/>Security Update for Windows XP (KB975025) <br/>Security Update for Windows XP (KB975467) <br/>Security Update for Windows XP (KB975560) <br/>Security Update for Windows XP (KB975561) <br/>Security Update for Windows XP (KB975713) <br/>Security Update for Windows XP (KB977165) <br/>Security Update for Windows XP (KB977914) <br/>Security Update for Windows XP (KB978037) <br/>Security Update for Windows XP (KB978251) <br/>Security Update for Windows XP (KB978262) <br/>Security Update for Windows XP (KB978706) <br/>Segoe UI <br/>SimCity 3000 World Edition <br/>SkinsHP1 <br/>SlideShow <br/>SlideShowMusic <br/>Smart Menus (Windows Live Toolbar) <br/>SolutionCenter <br/>Sonic MyDVD Plus <br/>Sonic RecordNow Audio <br/>Sonic RecordNow Copy <br/>Sonic RecordNow Data <br/>Sonic Update Manager <br/>Sonic_PrimoSDK <br/>Sony Ericsson PC Suite <br/>SpeedTouch USB Software <br/>Status <br/>TEW2005 <br/>The Sims Hot Date <br/>TrayApp <br/>Unload <br/>Update for 2007 Microsoft Office System (KB967642) <br/>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) <br/>Update for Microsoft Office InfoPath 2007 (KB976416) <br/>Update for Windows Internet Explorer 7 (KB976749) <br/>Update for Windows Media Player 10 (KB913800) <br/>Update for Windows Media Player 10 (KB926251) <br/>Update for Windows XP (KB951072-v2) <br/>Update for Windows XP (KB951978) <br/>Update for Windows XP (KB953356) <br/>Update for Windows XP (KB955759) <br/>Update for Windows XP (KB955839) <br/>Update for Windows XP (KB961503) <br/>Update for Windows XP (KB967715) <br/>Update for Windows XP (KB968389) <br/>Update for Windows XP (KB971737) <br/>Update for Windows XP (KB973687) <br/>Update for Windows XP (KB973815) <br/>Update Rollup 2 for Windows XP Media Center Edition 2005 <br/>WebFldrs XP <br/>WebReg <br/>William Hill Poker <br/>Windows Genuine Advantage Notifications (KB905474) <br/>Windows Genuine Advantage Validation Tool (KB892130) <br/>Windows Internet Explorer 7 <br/>Windows Live Call <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live Family Safety <br/>Windows Live Favorites for Windows Live Toolbar <br/>Windows Live Mail <br/>Windows Live Messenger <br/>Windows Live Outlook Toolbar (Windows Live Toolbar) <br/>Windows Live Photo Gallery <br/>Windows Live Sign-in Assistant <br/>Windows Live Sync <br/>Windows Live Toolbar <br/>Windows Live Toolbar Extension (Windows Live Toolbar) <br/>Windows Live Toolbar Feed Detector (Windows Live Toolbar) <br/>Windows Live Upload Tool <br/>Windows Live Writer <br/>Windows Media Format 11 runtime <br/>Windows Media Player 11 <br/>Windows XP Media Center Edition 2005 KB925766 <br/>Windows XP Media Center Edition 2005 KB973768 <br/>Windows XP Service Pack 3 <br/>WinZip 14.0 <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>13/03/2010 23:17:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde <br/>13/03/2010 12:12:57, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. <br/>13/03/2010 12:12:57, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. <br/>12/03/2010 19:14:29, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code. <br/>12/03/2010 17:54:38, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 b8149adc, parameter3 f7a07b38, parameter4 f7a07834. <br/>12/03/2010 11:56:57, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. <br/>06/03/2010 11:13:18, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). <br/> <br/>==== End Of File ===========================
Posted 3/14/2010 3:44 AM
#83783
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello baronv and welcome to BG :smile: <br/> <br/><br /><br /> <br/>It looks like you have remnants from Norton, I´ll suggest you remove -> <br/> <br/>Download the Norton Removal Tool (SymNRT) to your Desktop. <br/><SPAN style="COLOR: black">Here<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it. <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-US; mso-bidi-font-size: 12.0pt" lang=EN-US> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Open notepad and copy/paste the text in the codebox below into it:<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Name the file as CFScript <br/>and Save it on the desktop<o:p></o:p> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: silver; FONT-SIZE: 7.5pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB> <br/> <br/>[code] <br/>Killall:: <br/>Snapshot:: <br/>Filelook:: <br/>c:\windows\system32\drivers\etc\hosts <br/> <br/> <br/>[/code] <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>User image <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p> <br/> <br/><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 3/14/2010 11:01 AM
#83788
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
Thanks for the instructions Touch, I've followed them as closely as I can. The link to the Norton Removal Tool didnt work for me, but I managed to find a download for it. I'm not 100% sure that I managed to completely uninstall the removal tool though. Here is my Combofix log: <br/> <br/> <br/> <br/> <br/>ComboFix 10-03-13.03 - Compaq_Administrator 14/03/2010 10:42:47.1.1 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.958.576 [GMT 0:00] <br/>Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe <br/>Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt <br/>AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>C:\LSB8DA.tmp <br/>D:\Autorun.inf <br/> <br/>. <br/>((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-03-13 23:44 . 2010-03-13 23:44 -------- d-----w- c:\program files\Trend Micro <br/>2010-03-13 22:17 . 2010-03-13 22:17 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes <br/>2010-03-13 22:17 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-03-13 22:17 . 2010-03-13 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2010-03-13 22:17 . 2010-03-13 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-03-13 22:17 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-03-13 22:08 . 2010-03-13 22:08 -------- d-----w- c:\program files\CCleaner <br/>2010-03-13 17:40 . 2010-03-13 17:40 664 ----a-w- c:\windows\system32\d3d9caps.dat <br/>2010-03-11 16:13 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe <br/>2010-02-26 10:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-03-14 09:58 . 2006-09-01 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec <br/>2010-03-13 23:34 . 2010-03-13 23:34 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-112e1373-n\msvcp71.dll <br/>2010-03-13 23:34 . 2010-03-13 23:34 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-112e1373-n\msvcr71.dll <br/>2010-03-13 23:34 . 2010-03-13 23:34 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-112e1373-n\jmc.dll <br/>2010-03-13 23:34 . 2010-03-13 23:34 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37764e11-n\decora-sse.dll <br/>2010-03-13 23:34 . 2010-03-13 23:34 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37764e11-n\decora-d3d.dll <br/>2010-03-13 23:34 . 2006-09-01 12:30 -------- d-----w- c:\program files\Common Files\Java <br/>2010-03-13 23:34 . 2010-01-16 15:59 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2010-03-13 23:34 . 2006-09-01 12:30 -------- d-----w- c:\program files\Java <br/>2010-03-13 22:04 . 2009-12-09 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton <br/>2010-03-11 23:15 . 2008-10-30 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2010-03-09 11:24 . 2010-01-23 18:58 153184 ----a-w- c:\windows\system32\aswBoot.exe <br/>2010-03-09 11:12 . 2010-01-23 18:59 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys <br/>2010-03-09 11:12 . 2010-01-23 18:59 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys <br/>2010-03-09 11:09 . 2010-01-23 18:59 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys <br/>2010-03-09 11:08 . 2010-01-23 18:59 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys <br/>2010-03-09 11:08 . 2010-01-23 18:59 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys <br/>2010-03-09 11:08 . 2010-01-23 18:59 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys <br/>2010-03-09 11:08 . 2010-01-23 18:59 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys <br/>2010-02-11 18:53 . 2010-01-23 18:58 38848 ----a-w- c:\windows\system32\avastSS.scr <br/>2010-01-23 18:58 . 2010-01-23 18:58 -------- d-----w- c:\program files\Alwil Software <br/>2010-01-23 18:58 . 2010-01-23 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software <br/>2010-01-21 16:37 . 2009-09-22 12:26 -------- d-----w- c:\program files\Microsoft Silverlight <br/>2010-01-18 20:05 . 2007-12-21 10:55 -------- d-----w- c:\program files\Kodak <br/>2010-01-16 13:52 . 2008-05-16 20:09 -------- d-----w- c:\program files\Ahead <br/>2010-01-05 10:00 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll <br/>2010-01-05 10:00 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll <br/>2010-01-05 10:00 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll <br/>2009-12-31 16:50 . 2004-08-10 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys <br/>2009-12-23 00:42 . 2006-11-18 11:27 59096 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-12-16 18:43 . 2004-08-10 04:00 343040 ----a-w- c:\windows\system32\mspaint.exe <br/>2008-07-19 09:47 . 2008-06-28 19:14 321 --sh--w- c:\windows\system32\3635561759.sys <br/>. <br/> <br/>(((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>--- c:\windows\system32\drivers\etc\hosts --- <br/>Company: ------ <br/>File Description: ------ <br/>File Version: ------ <br/>Product Name: ------ <br/>Copyright: ------ <br/>Original Filename: ------ <br/>File size: 27 <br/>Created time: 2004-08-10 11:00 <br/>Modified time: 2007-02-10 15:12 <br/>MD5: 6A4029CFF35FD4BA34C001C1ED5D9945 <br/>SHA1: DB23360218B3BC39606394836768B13B43BB6FC7 <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] <br/>"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] <br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] <br/>"ftutil2"="ftutil2.dll" [2004-06-07 106496] <br/>"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632] <br/>"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] <br/>"nwiz"="nwiz.exe" [2006-05-09 1519616] <br/>"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] <br/>"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] <br/>"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] <br/>"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] <br/>"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] <br/>"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] <br/>"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] <br/>HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= <br/>"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"= <br/> <br/>R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/01/2010 18:59 162640] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/01/2010 18:59 19024] <br/>S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [17/06/2007 13:54 61536] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.tiscali.co.uk/ <br/>uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mStart Page = hxxp://www.yahoo.com/ <br/>mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR <br/>IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html <br/>IE: {{37236812-C1A2-4529-A9CE-CFE04E3DF08A} - c:\documents and settings\Compaq_Administrator\Desktop\WH GBP Casino.lnk <br/>TCP: {887693BC-DF16-4BBC-A3E1-9A5EBBA69D4F} = 212.139.132.57 212.139.132.56 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) <br/>HKCU-Run-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe <br/>HKCU-Run-Disk Cleaner - c:\program files\Disk Cleaner\DiskCleaner.Exe <br/>HKCU-Run-kdx - c:\program files\Kontiki\KHost.exe <br/>HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE <br/>HKLM-Run-PCDrProfiler - (no file) <br/>HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe <br/> <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2010-03-14 10:50 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/> <br/>[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ftsata2] <br/>"ImagePath"="System32\Drivers\ftsata2.svs" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_USERS\S-1-5-21-3837339943-4291903543-2590479041-1007\Software\Microsoft\SystemCertificates\AddressBook*] <br/>@Allowed: (Read) (RestrictedCode) <br/>@Allowed: (Read) (RestrictedCode) <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(2860) <br/>c:\windows\system32\WININET.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files\Alwil Software\Avast5\AvastSvc.exe <br/>c:\windows\arservice.exe <br/>c:\windows\eHome\ehRecvr.exe <br/>c:\windows\eHome\ehSched.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\windows\system32\nvsvc32.exe <br/>c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>c:\windows\ehome\mcrdsvc.exe <br/>c:\windows\system32\dllhost.exe <br/>c:\windows\RTHDCPL.EXE <br/>c:\windows\ARPWRMSG.EXE <br/>c:\windows\eHome\ehmsas.exe <br/>c:\program files\Windows Media Player\wmpnetwk.exe <br/>c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe <br/>c:\program files\Common Files\Teleca Shared\Generic.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2010-03-14 10:55:32 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2010-03-14 10:55 <br/> <br/>Pre-Run: 122,019,647,488 bytes free <br/>Post-Run: 122,190,422,016 bytes free <br/> <br/>- - End Of File - - 84845E5E5D5B964CA4AE180BEF87C8F9
Posted 3/14/2010 12:54 PM
#83791
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[code] <br/>I'm not 100% sure that I managed to completely uninstall the removal tool though <br/>[/code] <br/>You have managed to remove Norton, except this folder -> <br/> <br/>c:\documents and settings\All Users\Application Data\Symantec <br/> <br/> <br/>If you can´t delete it, leave it then, as it don´t do any harm. <br/> <br/><br /><br /> <br/>Please post new hijackthis log and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 3/14/2010 1:15 PM
#83792
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
Here's the new Hijackthis log: <br/> <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 13:11:47, on 14/03/2010 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16981) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\arservice.exe <br/>C:\WINDOWS\eHome\ehRecvr.exe <br/>C:\WINDOWS\eHome\ehSched.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\ehome\ehtray.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\WINDOWS\ARPWRMSG.EXE <br/>C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe <br/>C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe <br/>C:\WINDOWS\eHome\ehmsas.exe <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Teleca Shared\Generic.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\HP\KBD\KBD.EXE <br/>c:\windows\system\hpsysdrv.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Program Files\Windows Live\Toolbar\wltuser.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR <br/>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe <br/>O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode <br/>O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE <br/>O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE <br/>O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run <br/>O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon <br/>O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') <br/>O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') <br/>O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Compaq_Administrator\Desktop\WH GBP Casino.lnk (file missing) <br/>O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Compaq_Administrator\Desktop\WH GBP Casino.lnk (file missing) <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL <br/>O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm <br/>O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) <br/>O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) <br/>O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab <br/>O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab <br/>O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{887693BC-DF16-4BBC-A3E1-9A5EBBA69D4F}: NameServer = 212.139.132.57 212.139.132.56 <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/> <br/>-- <br/>End of file - 9592 bytes
Posted 3/14/2010 1:18 PM
#83793
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
I have done 3 searches each on Google and Yahoo, and all have taken me to the correct destination. So it looks good at the moment.
Posted 3/15/2010 5:27 AM
#83815
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN style="COLOR: black; mso-ansi-language: EN; mso-bidi-font-family: Arial" lang=EN>[3]Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): [/3] <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN" lang=EN>R3 - URLSearchHook: Yahoo! <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#000000>http://www.williamhillcasino.com</FONT>[/url]<SPAN] (file missing) (HKCU) <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 7.5pt" lang=EN-GB> <o:p></o:p> <br/> <br/> <br/> <br/>Reboot, and you are good to go :smile: <br/> <br/> <br/> <br/> <br/><SPAN class=spnmessagetext><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Now your computer problems are solved, it is time for the clean-up procedure<SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>You should Create a New Restore Point to prevent possible reinfection from an old one. <br/>The easiest and safest way to do this is:<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Go to Start > All Programs > Accessories > System Tools > System Restore <br/>Select Create a restore point, and Ok it. <br/>Next, go to Start > Run and type in cleanmgr <br/>Select the More options tab <br/>Choose the option to clean up system restore and OK it. <br/> <br/>This will remove all restore points except the new one you just created.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Download OTL by OldTimer, saving it to your desktop: <SPAN style="COLOR: black">Here<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Click on the CleanUp! button. You'll be asked if you want to Begin cleanup process? Select Yes. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>This step removes the files, folders, and shortcuts created by the tools I had you download and run.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>When done, you will be prompted to restart your computer. Please restart your computer.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB><BR style="mso-special-character: line-break"> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>To find out what programs need to be updated, please download and run the: <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Secunia Personal Software Inspector (PSI)[/color][/url]<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>P<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>lease read Tony Klein´s<SPAN style="mso-spacerun: yes"> guide about how to protect yourself while on the internet: <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB><FONT color=#222222>How did I get infected in the first place? <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 3/15/2010 8:22 PM
#83827
User avatar

baronv Member

Date Joined Nov 2016
Total Posts: 8
I have followed all of your instructions. Thanks very much for the help. Computer seems to be working fine.
Posted 3/16/2010 4:14 AM
#83837
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[code] <br/>Thanks very much for the help. Computer seems to be working fine. <br/>[/code] <br/> <br/><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[3][/3] <br/> <br/><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[3]It was my pleasure to help. I´ll lock here, if you need us again, please make a new topic, Thank you.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>[/3]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 3, 2016, 10:52 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.