It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Trojan.Vundo, Trojan.horse.generic, How to remove?

Posted 5/13/2007 3:22 AM
#47247
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, Andrei, <br/> Infected with multiple Trojans, Vundo, Nebular, Downloader, etc etc... :freaked: <br/> <br/> Windows XP SP2 2002 edition <br/> <br/> <br/> <br/>Ran AVG anti-Virus, ran AVG Antispyware, rootchk.exe, and hijackthis. <br/> <br/>Here are the logfiles... Would really appreciate your expert advice... <br/> <br/> <br/> <br/>Thanks in advance... .... elsmootho. :shocked: <br/> <br/> <br/> <br/>AVG log; <br/> <br/>AVG Anti-Spyware - Scan Report <br/>--------------------------------------------------------- <br/> <br/> + Created at: 7:54:30 PM 5/12/2007 <br/> <br/> + Scan result: <br/> <br/> <br/> <br/>C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP746\A0033996.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP748\A0034297.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\afcwlxqf.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\evnexmhu.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\huyyonwx.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\iyjryhdc.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\keoatqrg.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\ktiuurht.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\mfgtpois.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\qoensens.dll -> Adware.BHO : Cleaned with backup (quarantined). <br/>[2052] VM_01F70000 -> Adware.BHO : Cleaned with backup (quarantined). <br/>HKLM\SOFTWARE\Eeee -> Adware.EzSearchBar : Cleaned with backup (quarantined). <br/>C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP748\A0034298.exe -> Adware.PurityScan : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\kcunkt.dll -> Adware.PurityScan : Cleaned with backup (quarantined). <br/>C:\WINDOWS\Міcrosoft.NET\__delete_on_reboot__l_о_g_o_n_u_i_._e_x_e_ -> Adware.PurityScan : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\rqrqqnm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). <br/>C:\Documents and Settings\Irene\Local Settings\Temporary Internet Files\Content.IE5\GJEHOTOK\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). <br/>C:\Documents and Settings\Irene\Cookies\irene@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. <br/>C:\Documents and Settings\Irene\Cookies\irene@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. <br/>C:\Documents and Settings\Irene\Cookies\irene@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. <br/>C:\Documents and Settings\Irene\Cookies\irene@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. <br/>C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP742\A0033852.exe -> Trojan.Rond : Cleaned with backup (quarantined). <br/>C:\WINDOWS\system32\wnstssv32.exe -> Trojan.Small : Cleaned with backup (quarantined). <br/> <br/> <br/>::Report end <br/> <br/> <br/> <br/> <br/>rootchk log; <br/> <br/>********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh <br/>Sat 05/12/2007 23:04:07.14 <br/> <br/>The rootkits that are detected by this tool were not found. <br/> <br/>********************************* ROOTCHK-LOG-end <br/> <br/> <br/>catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-05-12 23:04:08 <br/>Windows 5.1.2600 Service Pack 2 NTFS <br/>scanning hidden processes ... <br/>scanning hidden services ... <br/>scanning hidden autostart entries ... <br/>scanning hidden files ... <br/>scan completed successfully <br/>hidden processes: 0 <br/>hidden services: 0 <br/>hidden files: 0 <br/> <br/> <br/>HijackThis log; <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 11:08:38 PM, on 5/12/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>C:\Program Files\Symantec AntiVirus\DefWatch.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <br/>C:\WINDOWS\system32\HPZipm12.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Symantec AntiVirus\Rtvscan.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\keyhook.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <br/>C:\PROGRA~1\SYMANT~1\VPTray.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>C:\Program Files\Microsoft IntelliType Pro\itype.exe <br/>C:\Program Files\Microsoft IntelliPoint\ipoint.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <br/>C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\WINDOWS\system32\sistray.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\WINDOWS\system32\DllHost.exe <br/>C:\WINDOWS\NOTEPAD.EXE <br/>C:\Sergio_Docs\Virus_Clean\alternativ.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/montreal/montrealgazette/index.html <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {0B72141A-3863-4F22-85A1-966A3CC475D2} - C:\WINDOWS\system32\ssqrr.dll (file missing) <br/>O2 - BHO: (no name) - {35E0AF65-4783-3F51-A73D-6DE33FEFFB93} - C:\WINDOWS\system32\kcunkt.dll (file missing) <br/>O2 - BHO: (no name) - {61802808-BB20-49CD-8904-9CF136EBFC11} - C:\WINDOWS\system32\srqhaygk.dll (file missing) <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <br/>O2 - BHO: (no name) - {D2692EE8-4795-44F4-A8FF-8FAC5D4FE947} - C:\WINDOWS\system32\rqrqqnm.dll (file missing) <br/>O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\ysoovvov.dll (file missing) <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe <br/>O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe <br/>O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <br/>O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" <br/>O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" <br/>O4 - HKLM\..\Run: [SManager] smanager.7.exe <br/>O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 <br/>O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ywlnyjwb.dll",realset <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [Cubs] "C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" -vt yazb <br/>O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <br/>O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe <br/>O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe <br/>O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110651297645 <br/>O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll <br/>O20 - Winlogon Notify: rqrqqnm - rqrqqnm.dll (file missing) <br/>O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing) <br/>O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing) <br/>O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe <br/>O23 - Service: Radidmr - Sonic Solutions - (no file) <br/>O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Posted 5/13/2007 5:58 AM
#47249
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi elsmootho :cool: <br/> <br/> <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">Please download Combofix: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-ansi-language: EN"><SPAN class=spnmessagetext><SPAN lang=DA style="FONT-SIZE: 10pt; COLOR: windowtext; TEXT-DECORATION: none; mso-ansi-language: DA; text-underline: none"><SPAN style="mso-field-code: 'HYPERLINK 'http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe'\t '_blank''"><SPAN lang=EN-GB style="COLOR: #222222; mso-ansi-language: EN-GB">http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe<SPAN class=spnmessagetext><SPAN lang=DA style="FONT-SIZE: 10pt; COLOR: windowtext; TEXT-DECORATION: none; mso-ansi-language: EN-GB; text-underline: none"> <o:p></o:p> <br/> <br/><SPAN style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">download.bleepingcomputer.com/sUBs/ComboFix.exe<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody>and save to the desktop. <br/> <br/><SPAN class=postbody>1. Double click on combo.exe & follow the prompts. <br/><SPAN class=postbody>2. When finished, it will produce a logfile located at C:\ComboFix.txt. <br/><SPAN class=postbody>3. Post the contents of that log in your next reply with a new hijackthis log. <br/> <br/><SPAN class=postbody>Note: <br/><SPAN class=postbody>Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/16/2007 2:06 AM
#47392
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, :cry: <br/> Ran Combofix and Hijackthis again, here are the logs.... <br/> <br/>Combofix said it would take at least 10min, but completed in less than 5min. <br/> <br/>Many thanks in advance for your ongoing support... <br/> <br/>...elsmootho :shocked: <br/> <br/> <br/> <br/>Combofix Log; <br/> <br/>"Irene" - 2007-05-15 21:47:50 Service Pack 2 <br/>ComboFix 07-05.13.V - Running from: "C:\Sergio_Docs\Virus_Clean\" <br/> <br/> <br/>(((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>C:\Program Files\outerinfo\OiUninstaller.exe <br/>C:\Program Files\outerinfo\outerinfo.ico <br/>C:\Program Files\outerinfo\Terms.rtf <br/>C:\Program Files\outerinfo <br/>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <br/>Folders Quarantined: <br/>C:\qoobox\purity\C\DOCUME~1 <br/>C:\qoobox\purity\C\DOCUME~1\Irene <br/>C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1 <br/>C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1\DOBE~1 <br/>C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe <br/>C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1\DOBE~1\?dobe <br/>C:\qoobox\purity\C\WINDOWS\CROSOF~1.NET <br/>C:\qoobox\purity\C\WINDOWS\ICROSO~1.NET <br/>C:\qoobox\purity\C\WINDOWS\ICROSO~1.NET\m?dtc.exe <br/> <br/> <br/>((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 )))))))))))))))))))))))))))))))))) <br/> <br/> <br/>2007-05-14 08:17 60,928 --a------ C:\WINDOWS\system32\aubauq.dll <br/>2007-05-14 08:17 2 --a------ C:\WINDOWS\system32\wnstssv32.exe <br/>2007-05-14 08:17 <DIR> d-------- C:\WINDOWS\?icrosoft.NET <br/>2007-05-12 19:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys <br/>2007-05-12 18:16 <DIR> d-------- C:\Program Files\CCleaner <br/>2007-05-10 13:44 132,660 --------- C:\WINDOWS\system32\ywlnyjwb.dll <br/>2007-05-08 15:43 961,176 --ahs---- C:\WINDOWS\system32\rrqss.bak2 <br/>2007-05-07 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google <br/>2007-05-07 07:38 961,392 --ahs---- C:\WINDOWS\system32\rrqss.bak1 <br/>2007-05-07 07:29 <DIR> d-------- C:\DOCUME~1\Irene\APPLIC~1\?dobe <br/> <br/> <br/>(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>2007-05-16 01:49:12 -------- d-----w C:\DOCUME~1\Irene\APPLIC~1\?dobe <br/>2007-05-15 10:04:13 -------- d-----w C:\Program Files\Symantec AntiVirus <br/>2007-05-12 13:27:46 -------- d-----w C:\Program Files\SpywareBlaster <br/>2007-05-08 10:54:35 -------- d-----w C:\Program Files\Google <br/>2007-05-07 22:24:07 -------- d-----w C:\DOCUME~1\Irene\APPLIC~1\AdobeUM <br/> <br/> <br/>(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>*Note* empty entries & legit default entries are not shown <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] <br/>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 01:47] <br/>{0B72141A-3863-4F22-85A1-966A3CC475D2}=C:\WINDOWS\system32\ssqrr.dll [] <br/>{35E0AF65-4783-3F51-A73D-6DE33FEFFB93}=C:\WINDOWS\system32\kcunkt.dll [] <br/>{60B4FC36-47D3-3E51-F03D-6DE33FEFFD98}=C:\WINDOWS\system32\aubauq.dll [2007-03-19 14:30] <br/>{61802808-BB20-49CD-8904-9CF136EBFC11}=C:\WINDOWS\system32\srqhaygk.dll [] <br/>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22] <br/>{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55] <br/>{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] <br/>"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe" <br/>"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" <br/>"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe" <br/>"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" <br/>"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" <br/>"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" <br/>"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" <br/>"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" <br/>"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" <br/>"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\"" <br/>"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" <br/>"SManager"="smanager.7.exe" <br/>"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" <br/>"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-02-27 04:06] <br/>"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15] <br/>"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57] <br/>"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18] <br/>"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 17:44] <br/>"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] <br/>"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-07 15:40] <br/>"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35] <br/>"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12] <br/>"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14] <br/>"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15] <br/>"SManager"="smanager.7.exe" []) <br/>"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-12 18:49] <br/>"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"WeatherEye"="C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye" [] <br/>"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:07] <br/>"Cubs"="C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" [2007-05-07 07:29] <br/>"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-07 11:07] <br/>"Naosk"="C:\WINDOWS\?icrosoft.NET\m?dtc.exe" [] <br/> <br/>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] <br/>"WeatherEye"="C:\\program files\\TheWeatherNetwork\\WeatherEye\\WeatherEye" <br/>"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" <br/>"Cubs"="\"C:\\DOCUME~1\\Irene\\APPLIC~1\\DOBE~1\\dexplore.exe\" -vt yazb" <br/>"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" <br/>"Naosk"="C:\\WINDOWS\\?icrosoft.NET\\m?dtc.exe" <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <br/>"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13] <br/> <br/> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqnm <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrr <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32 <br/> <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa <br/> Authentication Packages msv1_0\0\0 <br/> Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 <br/> Notification Packages scecli\0\0 <br/> <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] <br/>HTTPFilter HTTPFilter\0\0 <br/>LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 <br/>NetworkService DnsCache\0\0 <br/>DcomLaunch DcomLaunch\0TermService\0\0 <br/>rpcss RpcSs\0\0 <br/>imgsvc StiSvc\0\0 <br/>termsvcs TermService\0\0 <br/> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost <br/> <br/> <br/>******************************************************************** <br/> <br/>catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-05-15 21:49:36 <br/>Windows 5.1.2600 Service Pack 2 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden services ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden processes: 0 <br/>hidden services: 0 <br/>hidden files: 0 <br/> <br/> <br/>******************************************************************** <br/> <br/>Completion time: 2007-05-15 21:49:39 <br/>C:\ComboFix-quarantined-files.txt ... 2007-05-15 21:49 <br/> <br/> <br/> <br/>Hijackthis Log; <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 9:55:54 PM, on 5/15/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>C:\Program Files\Symantec AntiVirus\DefWatch.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Symantec AntiVirus\Rtvscan.exe <br/>C:\WINDOWS\system32\keyhook.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <br/>C:\PROGRA~1\SYMANT~1\VPTray.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>C:\Program Files\Microsoft IntelliType Pro\itype.exe <br/>C:\Program Files\Microsoft IntelliPoint\ipoint.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <br/>C:\WINDOWS\?icrosoft.NET\m?dtc.exe <br/>C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\WINDOWS\system32\sistray.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\WINDOWS\system32\DllHost.exe <br/>C:\WINDOWS\system32\HPZipm12.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Sergio_Docs\Virus_Clean\alternativ.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/montreal/montrealgazette/index.html <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {0B72141A-3863-4F22-85A1-966A3CC475D2} - C:\WINDOWS\system32\ssqrr.dll (file missing) <br/>O2 - BHO: (no name) - {35E0AF65-4783-3F51-A73D-6DE33FEFFB93} - C:\WINDOWS\system32\kcunkt.dll (file missing) <br/>O2 - BHO: (no name) - {60B4FC36-47D3-3E51-F03D-6DE33FEFFD98} - C:\WINDOWS\system32\aubauq.dll <br/>O2 - BHO: (no name) - {61802808-BB20-49CD-8904-9CF136EBFC11} - C:\WINDOWS\system32\srqhaygk.dll (file missing) <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe <br/>O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe <br/>O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <br/>O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" <br/>O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" <br/>O4 - HKLM\..\Run: [SManager] smanager.7.exe <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [Cubs] "C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" -vt yazb <br/>O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <br/>O4 - HKCU\..\Run: [Naosk] C:\WINDOWS\?icrosoft.NET\m?dtc.exe <br/>O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe <br/>O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe <br/>O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110651297645 <br/>O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll <br/>O20 - Winlogon Notify: rqrqqnm - rqrqqnm.dll (file missing) <br/>O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing) <br/>O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing) <br/>O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe <br/>O23 - Service: Radidmr - Sonic Solutions - (no file) <br/>O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe <br/> <br/> <br/> <br/>The end...
Posted 5/16/2007 8:16 AM
#47403
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
You can safely delete c: qoobox folder <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Please download free<SPAN style="mso-spacerun: yes"> Trial of Superantispyware<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">http://www.superantispyware.com/superantispywarefreevspro.html<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">close the program<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana; mso-ansi-language: EN">Please download ATF Cleaner:<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana; mso-ansi-language: EN"><SPAN style="mso-spacerun: yes"> <SPAN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana"><SPAN lang=EN style="COLOR: red; mso-ansi-language: EN">http://www.atribune.org/ccount/click.php?id=1<SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana; mso-ansi-language: EN"> by Atribune. <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN">This program is for XP and Windows 2000 only<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click fix checked.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">O2 - BHO: (no name) - {0B72141A-3863-4F22-85A1-966A3CC475D2} - C:\WINDOWS\system32\ssqrr.dll (file missing) <br/>O2 - BHO: (no name) - {35E0AF65-4783-3F51-A73D-6DE33FEFFB93} - C:\WINDOWS\system32\kcunkt.dll (file missing) <br/>O2 - BHO: (no name) - {60B4FC36-47D3-3E51-F03D-6DE33FEFFD98} - C:\WINDOWS\system32\aubauq.dll <br/>O2 - BHO: (no name) - {61802808-BB20-49CD-8904-9CF136EBFC11} - C:\WINDOWS\system32\srqhaygk.dll (file missing)<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">O4 - HKCU\..\Run: [Cubs] "C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" -vt yazb <br/>O4 - HKCU\..\Run: [Naosk] C:\WINDOWS\?icrosoft.NET\m?dtc.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">O20 - Winlogon Notify: rqrqqnm - rqrqqnm.dll (file missing) <br/>O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing) <br/>O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">Double click ATF-Cleaner.exe to run the program. <br/>Check the boxes to the left of: <br/>Windows Temp <br/>Current User Temp <br/>All Users Temp <br/>Temporary Internet Files <br/>Prefetch (<SPAN style="COLOR: red">Windows XP) only. <br/>Java Cache<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">Recycle Bin<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">NB<SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">. <SPAN lang=EN style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN">It's normal after running ATF cleaner that the PC will be slower to boot the first time.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Start Superantispyware/rightclick on the black/yellow bug in tray.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Hit - Scan Your Computer - button<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">it will scan now. When scan have finished, put a checkmark with<SPAN style="mso-spacerun: yes"> all items it found. Next, after cleaning, allow it to Reboot<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Start Superantispyware again –<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click Preferences and then click the statistics/logs tab. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click the dated log and press view log and a text file will appear.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running<SPAN style="mso-spacerun: yes"> <SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">?<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/16/2007 9:08 AM
#47404
User avatar

asaygo Advanced member

Date Joined Nov 2016
Total Posts: 42
I have seen on your report that Trojan.Downloader.Winfixer was present on your system. You can find details and clean instructions in the BullGuard Tech Guides: How to remove Trojan.Downloader.Winfixer.O
Posted 5/18/2007 11:11 AM
#47483
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
cole trickle - Haven´t You read My signature ? <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click here - ->> <SPAN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-bidi-font-family: Tahoma"><SPAN lang=EN style="mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">[color=#0000ff>Before]<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> After You have run the scan tools -<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-bidi-font-family: 'Arial Unicode MS'; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Reboot normally<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Post AVG Antispyware log along with hijackthis log, rootchk log<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">in Your own thread/topic<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> and tell how things are running<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><FONT face="Times New Roman"> <o:p></o:p>[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/21/2007 3:55 AM
#47615
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, :shocked: <br/> Did all you said, here are the Superantispyware log, and new Hijackthis log, did not get Dr. Web log, Dr. Web is asking to remove all antivirus programs before install, not sure i wanna do that, is it really necessary? Last SuperAntispyware said everything was clean. <br/> <br/> <br/> <br/>Thanks again for your ongoing support. <br/> <br/> <br/> <br/> <br/> <br/>Superantispyware log; <br/> <br/>SUPERAntiSpyware Scan Log <br/>http://www.superantispyware.com <br/> <br/>Generated 05/20/2007 at 11:24 PM <br/> <br/>Application Version : 3.7.1018 <br/> <br/>Core Rules Database Version : 3241 <br/>Trace Rules Database Version: 1252 <br/> <br/>Scan type : Complete Scan <br/>Total Scan Time : 00:28:21 <br/> <br/>Memory items scanned : 514 <br/>Memory threats detected : 0 <br/>Registry items scanned : 5492 <br/>Registry threats detected : 0 <br/>File items scanned : 25566 <br/>File threats detected : 0 <br/> <br/> <br/> <br/>New Hijackthis log; <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 11:46:00 PM, on 5/20/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\keyhook.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <br/>C:\PROGRA~1\SYMANT~1\VPTray.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>C:\Program Files\Microsoft IntelliType Pro\itype.exe <br/>C:\Program Files\Microsoft IntelliPoint\ipoint.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe <br/>C:\Program Files\Symantec AntiVirus\DefWatch.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <br/>C:\WINDOWS\system32\HPZipm12.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <br/>C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>C:\Program Files\Symantec AntiVirus\Rtvscan.exe <br/>C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\WINDOWS\system32\DllHost.exe <br/>C:\WINDOWS\system32\sistray.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe <br/>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Sergio_Docs\Virus_Clean\alternativ.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/montreal/montrealgazette/index.html <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe <br/>O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe <br/>O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <br/>O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" <br/>O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" <br/>O4 - HKLM\..\Run: [SManager] smanager.7.exe <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <br/>O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe <br/>O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe <br/>O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe <br/>O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110651297645 <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll <br/>O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe <br/>O23 - Service: Radidmr - Sonic Solutions - (no file) <br/>O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe <br/> <br/> <br/> <br/>THE END <br/> <br/>..elsmootho out. :freaked:
Posted 5/21/2007 5:01 AM
#47616
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, <br/> Just for the heck of it, ran AVG antispyware one more time and found this; <br/> <br/>Yikes :freaked: <br/> <br/> <br/> <br/>..elsmootho... <br/> <br/> <br/> <br/>--------------------------------------------------------- <br/>AVG Anti-Spyware - Scan Report <br/>--------------------------------------------------------- <br/> <br/> + Created at: 12:57:14 AM 5/21/2007 <br/> <br/> + Scan result: <br/> <br/> <br/> <br/>C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP751\A0034432.exe -> Adware.PurityScan : Cleaned with backup (quarantined). <br/>C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP748\A0034310.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). <br/> <br/> <br/>::Report end
Posted 5/26/2007 6:23 AM
#47841
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, <br/> <br/> Didn hear from you with regards to my last communique, <br/> <br/>hoping u missed it for some reason, please help!... <br/> <br/>...elsmootho :freaked:
Posted 5/26/2007 7:17 AM
#47843
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sorry, I have missed You :blush: <br/> <br/> <br/>Please do this - <br/> <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma">To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps: <SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/><SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN lang=EN-GB style="COLOR: blue; mso-ansi-language: EN-GB">System Restore <br/> <br/><SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/> <br/><SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/> <br/><SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma">[color=black>And] <br/><SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/>[/color][/b] <br/> <br/>[color=#000000>[/b] <br/> <br/><FONT] <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt">Here are some additional software you may wish to consider using, to prevent malicious software installing in your PC <SPAN style="mso-spacerun: yes"> - ><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="COLOR: blue">IE-SPYADS<SPAN style="mso-spacerun: yes"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt">IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known ad/spy servers and domains to the "Restricted Zone" of Internet Explorer. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana">(Choose between IE-SPYAD and IE-SPYAD2).<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt"> Freeware<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-bidi-font-family: 'Times New Roman'"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: blue; mso-ansi-language: EN-GB">Spyware Guard <SPAN style="mso-spacerun: yes"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Background process to check applications as they begin to run for known spyware and malicious code, produces an alert if necessary. <SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Freeware. <br/> <br/><SPAN lang=EN-GB style="COLOR: blue; mso-ansi-language: EN-GB">SpywareBlaster <SPAN style="mso-spacerun: yes"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">From the same company as Spyware guard, this is not a scanner, it blocks malicious objects and code from being downloaded, in addition to blocking access to sites known to download malware. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Spyware Blaster runs silently in the background and does not need to be open to protect your PC. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Freeware<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-bidi-font-family: 'Times New Roman'"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-bidi-font-family: 'Times New Roman'"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Make sure to keep these programs up-to-date<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/>[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/3/2007 2:27 AM
#48185
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, <br/> <br/> Toggled the system restore, and installed Spyware Guard/Blaster as you suggested, Things seem to be running normally now. Thanks a million for your expert guidance, don't know what we would do without your support, you guys are the best... <br/> <br/>...elsmootho. :hop:
Posted 6/3/2007 2:54 AM
#48187
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I was glad to help- Nice chopper btw :smilewinkgrin:

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/24/2007 1:47 AM
#49409
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Hi Andrei, <br/> <br/> Just noticed that my recycle bin has disappeared. :freaked: Not sure if it was something I did when i was using HijackThis, or whatever. I tried to restore the recycle bin with the instructions "edit the registry" in this link; <br/> <br/>http://support.microsoft.com/default.aspx?scid=kb;en-us;810869 <br/> <br/>but it didn't do anything. :shocked: <br/> <br/>Not sure if u have any experience with this but i thought i'd run it by you in this thread since it dissappeared about the time that we did all these repairs. <br/> <br/>Again, Thanks in advance for your help... <br/> <br/>..> elsmootho.
Posted 6/25/2007 6:58 AM
#49471
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Download this reg file - <br/> <br/> <br/> <br/> <br/>Replace/Repair the Recycle Bin (Line 64) - Right pane <br/>http://www.kellys-korner-xp.com/xp_tweaks.htm <br/> <br/> <br/> <br/>Doubleclick on the reg file, say Yes to merge. <br/> <br/> <br/> <br/>Reboot and see if You´ve got recycle bin back on desktop

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/5/2007 2:50 AM
#51464
User avatar

elsmootho Advanced member

Date Joined Nov 2016
Total Posts: 34
Dear Touch, <br/> <br/> Just wanted to let you know that i got my recycle bin back and computer running great. You guys are the best! Many thanks for your excellent support! :hop: <br/> <br/>.>>S
Posted 8/5/2007 6:26 AM
#51466
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Thanks for feedback :cool: <br/> <br/><br /><br /> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Since your problem appears to be resolved, this thread will now be closed. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">If you need this topic reopened, please PM a Moderator and we will reopen it for you<o:p></o:p> <br/> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 3, 2016, 1:20 AM (GMT +1)
There are a total of 61,157 posts in 13,447 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,966 registered members. Please welcome our newest member, Don Tee.
There are currently no users on-line.