Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Spyware & Viruses... Hijack log help please ;-)  (Read 7165 times)

0 Members and 1 Guest are viewing this topic.

Bamby

    Topic Starter


    Rookie

    Spyware & Viruses... Hijack log help please ;-)
    « on: October 26, 2008, 02:02:38 PM »
    I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:37:14 PM, on 10/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvk bd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
    O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpdj - HP - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpdj.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6980 bytes
    « Last Edit: October 27, 2008, 11:28:48 AM by Bamby »

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Re: Spyware & Viruses... Hijack log help please ;-)
    « Reply #1 on: October 27, 2008, 01:13:05 PM »

    Bamby

      Topic Starter


      Rookie

      Re: Spyware & Viruses... Hijack log help please ;-)
      « Reply #2 on: October 27, 2008, 02:18:17 PM »
      Evilfantasy, First, Thank you so much for responding.   :) You might want to delete the other post that I created today. I tried to delete it but found out that I am not allowed to do that. Here is what I posted today.

      --------------------------------------------------------------------------------
      My apology for not providing all of the scan results that I should have included with my first post as requested by your forum. This is what has been going on with this computer....
      I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log, super anti spyware as well as a new Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all)

       SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 10/26/2008 at 05:28 PM

      Application Version : 4.21.1004

      Core Rules Database Version : 3609
      Trace Rules Database Version: 1595

      Scan type       : Complete Scan
      Total Scan Time : 01:21:40

      Memory items scanned      : 402
      Memory threats detected   : 0
      Registry items scanned    : 5539
      Registry threats detected : 4
      File items scanned        : 114235
      File threats detected     : 111

      Adware.Tracking Cookie
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected]echnologies.112.2o7[1].txt
         C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][3].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt

      Unclassified.Unknown Origin
         HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]
         HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]

      Rootkit.Unclassified/SysDamp-Traces
         HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
         HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved

      Adware.ClickSpring/Yazzle
         C:\WINDOWS\PREFETCH\YAZZLE1552OINADMIN.EXE-01D813FF.PF

      Trojan.Fake-Drop/Gen
         C:\WINDOWS\TEMP\SALM.EXE


      Malwarebytes' Anti-Malware 1.30
      Database version: 1324
      Windows 5.1.2600 Service Pack 2

      10/26/2008 3:17:53 PM
      mbam-log-2008-10-26 (15-17-53).txt

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 156431
      Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)


      Hijack log to follow in next post.... If included in this post it exceeds 20000 characters.

      Thank you in advance.   

      Bamby

        Topic Starter


        Rookie

        Re: Spyware & Viruses... Hijack log help please ;-)
        « Reply #3 on: October 27, 2008, 02:19:30 PM »
        --------------------------------------------------------------------------------
        Hijack Log....

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 10:07:05 AM, on 10/27/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16735)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Maxtor\Sync\SyncServices.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\notepad.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
        R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
        R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
        O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
        O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
        O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
        O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
        O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
        O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKUS\S-1-5-18\..\Run: [[system]]  (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [[system]]  (User 'Default user')
        O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
        O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
        O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
        O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
        O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
        O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
        O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

        --
        End of file - 7401 bytes

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 489
        • Experience: Familiar
        • OS: Windows 10
        Re: Spyware & Viruses... Hijack log help please ;-)
        « Reply #4 on: October 27, 2008, 02:25:49 PM »
        Suspicious files to scan

        Please go to VirSCAN.org FREE on-line scan service
        (If more than one file needs scanned they must be done separately and logs posted for each one)

        1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
        Code: [Select]
        C:\WINDOWS\ad.dll2. At the upload site, click once inside the window next to Browse.
        3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
        4. Click on the Upload button.
        This will perform a scan across multiple different virus scanning engines.
        Your file will possibly be entered into a queue which normally takes less than a minute to clear.
        [color="Red"]Important:[/color] Wait for all of the scanning engines to complete.
        5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
        6. Paste the contents of the Clipboard in your next reply.

        Bamby

          Topic Starter


          Rookie

          Re: Spyware & Viruses... Hijack log help please ;-)
          « Reply #5 on: October 27, 2008, 04:02:38 PM »
          Evilfantasy, Here is the log....

          VirSCAN.org Scanned Report :
          Scanned time   : 2008/10/27 14:53:28 (PDT)
          Scanner results: 5% Scanner(2/39) found malware!
          File Name      : ad.dll
          File Size      : 10240 byte
          File Type      : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
          MD5            : 4a431b1ae4b64eb4f7f3c22cabc1e6da
          SHA1           : 0a3f6e7832908d80817bb5c688a059ebc12b759 6
          Online report  : http://virscan.org/report/caa960800c43c91099f6d568512c91db.html

          Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
          a-squared      4.0.0.23        2008.10.27        2008-10-27  1.43   -
          AhnLab V3      2008.10.28.00   2008.10.28        2008-10-28  0.94   -
          AntiVir        7.9.0.9         7.1.0.4           2008-10-27  1.43   -
          Antiy          2.0.18          20081023.1512524  2008-10-23  0.02   -
          Arcavir        1.0.5           200810271102      2008-10-27  1.21   -
          Authentium     5.1.1           200810270445      2008-10-27  1.04   -
          AVAST!         3.0.1           081027-0          2008-10-27  0.71   -
          AVG            7.5.52.442      270.8.4/1750      2008-10-27  1.70   -
          BitDefender    7.60825.1966464 7.21524           2008-10-28  3.24   Generic.Malware.Sdld!.6D230658 (suspected)
          CA (VET)       9.0.0.143       31.6.6176         2008-10-27  5.07   -
          ClamAV         0.94            8512              2008-10-28  0.01   -
          Comodo         2.11            2.0.0.689         2008-10-27  0.42   -
          CP Secure      1.1.0.715       2008.10.28        2008-10-28  6.35   -
          Dr.Web         4.44.0.9170     2008.10.27        2008-10-27  3.36   -
          ewido          4.0.0.2         2008.10.27        2008-10-27  2.92   -
          F-Prot         4.4.4.56        20081027          2008-10-27  1.04   -
          F-Secure       5.51.6100       2008.10.27.06     2008-10-27  3.62   -
          Fortinet       2.81-3.113      9.679             2008-10-27  0.21   -
          GData          19.1169/19.73   20081023          2008-10-23  2.61   -
          ViRobot        20081027        2008.10.27        2008-10-27  0.40   -
          Ikarus         T3.1.01.44      2008.10.27.71740  2008-10-27  2.87   -
          JiangMin       11.0.706        2008.10.26        2008-10-26  1.27   -
          Kaspersky      5.5.10          2008.10.27        2008-10-27  0.03   -
          KingSoft       2008.9.8.18     2008.10.27.17     2008-10-27  0.67   -
          McAfee         5.3.00          5416              2008-10-27  2.19   -
          Microsoft      1.4005          2008.10.27        2008-10-27  3.99   -
          mks_vir        2.01            2008.10.27        2008-10-27  2.66   -
          Norman         5.93.01         5.93.00           2008-10-27  5.47   -
          Panda          9.05.01         2008.10.27        2008-10-27  2.27   -
          Trend Micro    8.700-1004      5.622.22          2008-10-27  0.02   -
          Quick Heal     9.50            2008.10.27        2008-10-27  1.84   -
          Rising         20.0            21.01.02.00       2008-10-27  0.76   -
          Sophos         2.79.0          4.34              2008-10-28  1.94   -
          Sunbelt        3.1.1760.1      2349              2008-10-27  0.51   -
          Symantec       1.3.0.24        20081027.003      2008-10-27  0.05   -
          nProtect       2008-10-27.01   2340124           2008-10-27  4.29   Generic.Malware.Sdld!.6D230658
          The Hacker     6.3.1.1         v00132            2008-10-27  0.45   -
          VBA32          3.12.8.8        20081027.1037     2008-10-27  1.35   -
          VirusBuster    4.5.11.10       10.90.15/652003   2008-10-27  0.84   -

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          Re: Spyware & Viruses... Hijack log help please ;-)
          « Reply #6 on: October 27, 2008, 04:16:02 PM »
          Open HijackThis and select Do a system scan only.

          Place a check mark next to the following entries: (if there)

          - O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
          - O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
          - O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
          - O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
          - O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
          - O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)


          Important: Close all windows except for HijackThis and then click Fix checked.

          Exit HijackThis.

          ----------

          Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

          Go to Start > Run and type notepad.exe then click OK

          Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

          Code: [Select]
          REGEDIT4

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
          "cdcb6378"=-

          Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

          Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

          Delete the fixme.reg from the Desktop.

          ----------

          Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

          Link #1
          Link #2

          **Note:  It is important that it is saved directly to your Desktop

          Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

          Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
           
          Double click combofix.exe & follow the prompts.

          For Windows XP Systems install the Recovery Console:

          - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
          - If for some reason your Internet is not working click No.
          - If you are not using Windows XP, you will not be prompted.
          - When prompted to accept the EULA click OK.
          - Accept Microsoft's EULA (Click Yes).
          - When you are told that the RC is installed correctly click YES to continue scanning for malware.

          When finished ComboFix will produce a log for you.
          Post the ComboFix log in your next reply.

          Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

          Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

          Bamby

            Topic Starter


            Rookie

            Re: Spyware & Viruses... Hijack log help please ;-)
            « Reply #7 on: October 27, 2008, 05:46:35 PM »
            Received a success message about adding to the registry. I will do the Combo fix now.   :)

            Bamby

              Topic Starter


              Rookie

              Re: Spyware & Viruses... Hijack log help please ;-)
              « Reply #8 on: October 27, 2008, 06:29:52 PM »
              Here is the scan results from the Combofix....

              ComboFix 08-10-27.02 - Compaq_Owner 2008-10-27 16:51:17.1 - NTFSx86
              Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.175 [GMT -7:00]
              Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
              * Created a new restore point
              .

              (((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\Compaq_Owner\Application Data\Adobe\crc.dat
              C:\Program Files\sks~1
              C:\Program Files\sks~1\??sks\
              C:\WINDOWS\IE4 Error Log.txt
              C:\WINDOWS\mainms.vpi
              C:\WINDOWS\megavid.cdt
              C:\WINDOWS\muotr.so
              C:\WINDOWS\system32\hljwugsf.bin
              C:\WINDOWS\system32\koyuxpjp.ini
              C:\WINDOWS\system32\MSINET.oca
              C:\WINDOWS\system32\xFeOrtwa.ini
              C:\WINDOWS\system32\xFeOrtwa.ini2
              D:\Autorun.inf

              .
              (((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              -------\Legacy_MSSECURITY1.209.4


              (((((((((((((((((((((((((  Files Created from 2008-09-27 to 2008-10-27  )))))))))))))))))))))))))))))))
              .

              2008-10-26 15:44 . 2008-10-26 15:44    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
              2008-10-26 15:44 . 2008-10-26 15:44    <DIR>    d--------    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
              2008-10-26 15:44 . 2008-10-26 15:44    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
              2008-10-26 15:43 . 2008-10-26 15:43    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
              2008-10-26 13:30 . 2008-10-26 13:30    410,976    --a------    C:\WINDOWS\system32\deploytk.dll
              2008-10-26 13:30 . 2008-10-26 13:30    73,728    --a------    C:\WINDOWS\system32\javacpl.cpl
              2008-10-25 12:36 . 2008-10-25 12:36    <DIR>    d--------    C:\Program Files\Trend Micro
              2008-10-25 12:22 . 2008-10-26 13:35    57,388    --a------    C:\WINDOWS\system32\%LocalXml%
              2008-10-25 09:43 . 2008-10-25 09:43    <DIR>    d--------    C:\Program Files\Maxtor
              2008-10-24 14:20 . 2008-10-24 14:32    96,976    --a------    C:\WINDOWS\system32\drivers\klin.dat
              2008-10-24 14:20 . 2008-10-24 14:20    87,855    --a------    C:\WINDOWS\system32\drivers\klick.dat
              2008-10-24 14:18 . 2008-10-24 14:18    <DIR>    d--------    C:\Program Files\Kaspersky Lab
              2008-10-24 14:18 . 2008-10-27 08:32    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2008-10-24 14:18 . 2008-10-27 16:57    3,619,872    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
              2008-10-24 14:18 . 2008-10-27 17:00    442,400    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.dat
              2008-10-24 14:18 . 2008-10-27 16:57    30,408    --ahs----    C:\WINDOWS\system32\drivers\fidbox.idx
              2008-10-24 14:18 . 2008-10-27 17:00    2,592    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.idx
              2008-10-23 21:51 . 2008-10-23 21:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avg8
              2008-10-23 19:07 . 2008-10-23 19:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
              2008-10-23 10:22 . 2008-10-23 10:22    <DIR>    d--------    C:\Program Files\Malwarebytes' Anti-Malware
              2008-10-23 10:22 . 2008-10-23 10:22    <DIR>    d--------    C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
              2008-10-23 10:22 . 2008-10-23 10:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
              2008-10-23 10:22 . 2008-10-22 16:10    38,496    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
              2008-10-23 10:22 . 2008-10-22 16:10    15,504    --a------    C:\WINDOWS\system32\drivers\mbam.sys
              2008-10-22 22:56 . 2008-10-22 22:56    <DIR>    d--------    C:\Program Files\Gateway
              2008-10-22 20:16 . 2008-10-22 20:16    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Maxtor
              2008-10-22 20:15 . 2008-10-22 20:15    <DIR>    d--------    C:\Program Files\MSXML 6.0
              2008-10-22 20:14 . 2008-10-22 20:14    <DIR>    d--hs----    C:\WINDOWS\ftpcache
              2008-10-22 19:31 . 2001-08-17 13:48    12,160    --a------    C:\WINDOWS\system32\drivers\mouhid.sys
              2008-10-22 19:31 . 2001-08-17 13:48    12,160    --a------    C:\WINDOWS\system32\dllcache\mouhid.sys
              2008-10-21 10:30 . 2004-08-03 23:08    31,616    --a------    C:\WINDOWS\system32\drivers\usbccgp.sys
              2008-10-21 10:30 . 2004-08-03 23:08    31,616    --a------    C:\WINDOWS\system32\dllcache\usbccgp.sys
              2008-10-21 10:30 . 2004-08-04 00:56    21,504    --a------    C:\WINDOWS\system32\hidserv.dll
              2008-10-21 10:30 . 2004-08-04 00:56    21,504    --a------    C:\WINDOWS\system32\dllcache\hidserv.dll
              2008-10-21 10:30 . 2004-08-03 22:58    14,848    --a------    C:\WINDOWS\system32\drivers\kbdhid.sys
              2008-10-21 10:30 . 2004-08-03 22:58    14,848    --a------    C:\WINDOWS\system32\dllcache\kbdhid.sys
              2008-10-21 10:30 . 2001-08-17 14:02    9,600    --a------    C:\WINDOWS\system32\drivers\hidusb.sys
              2008-10-21 10:30 . 2001-08-17 14:02    9,600    --a------    C:\WINDOWS\system32\dllcache\hidusb.sys

              .
              ((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-10-26 20:30    ---------    d-----w    C:\Program Files\Java
              2008-10-25 19:16    ---------    d-----w    C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
              2008-10-25 18:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-10-24 04:14    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
              2008-10-23 04:27    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
              2008-10-15 16:57    332,800    ----a-w    C:\WINDOWS\system32\dllcache\netapi32.dll
              2008-10-03 17:41    6,066,176    ------w    C:\WINDOWS\system32\dllcache\ieframe.dll
              2008-09-15 11:57    1,846,016    ----a-w    C:\WINDOWS\system32\win32k.sys
              2008-09-15 11:57    1,846,016    ----a-w    C:\WINDOWS\system32\dllcache\win32k.sys
              2008-08-28 10:04    333,056    ----a-w    C:\WINDOWS\system32\drivers\srv.sys
              2008-08-28 10:04    333,056    ----a-w    C:\WINDOWS\system32\dllcache\srv.sys
              2008-08-27 08:24    3,593,216    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
              2008-08-25 08:38    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
              2008-08-25 08:37    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
              2008-08-23 05:56    635,848    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
              2008-08-23 05:54    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
              2008-08-20 05:11    10,240    ----a-w    C:\WINDOWS\ad.dll
              2008-08-14 10:00    2,180,352    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
              2008-08-14 10:00    2,180,352    ------w    C:\WINDOWS\system32\dllcache\ntoskrnl.exe
              2008-08-14 09:58    2,136,064    ------w    C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
              2008-08-14 09:51    138,368    ----a-w    C:\WINDOWS\system32\dllcache\afd.sys
              2008-08-14 09:22    2,057,728    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
              2008-08-14 09:22    2,057,728    ------w    C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
              2008-08-14 09:22    2,015,744    ------w    C:\WINDOWS\system32\dllcache\ntkrpamp.exe
              2008-07-30 03:21    218,376    ----a-w    C:\WINDOWS\system32\klogon.dll
              2008-05-22 05:07    10,426    ----a-w    C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
              .

              (((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
              "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-04-15 66912]

              [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
              "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
              "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wia1extulj1.sys]
              @="\??\C:\WINDOWS\system32\drivers\wia1extulj1.sys"

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
              path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
              backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
              path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
              backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
              path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
              backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

              [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^userinit.exe]
              path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\userinit.exe
              backup=C:\WINDOWS\pss\userinit.exeStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdcb6378]
              --a------ 2008-08-19 22:11 10240 C:\WINDOWS\ad.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
              --a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
              --a------ 2008-07-21 17:16 169312 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
              --a------ 2006-01-24 19:15 7311360 C:\WINDOWS\system32\nvcpl.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
              --a------ 2007-07-19 17:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
              "WebrootSpySweeperService"=2 (0x2)
              "Symantec Core LC"=2 (0x2)
              "SPBBCSvc"=2 (0x2)
              "SNDSrvc"=2 (0x2)
              "SAVScan"=3 (0x3)
              "NSCService"=3 (0x3)
              "navapsvc"=2 (0x2)
              "MDM"=2 (0x2)
              "ccSetMgr"=2 (0x2)
              "ccProxy"=2 (0x2)
              "ccISPwdSvc"=3 (0x3)
              "ccEvtMgr"=2 (0x2)
              "aawservice"=2 (0x2)
              "LiveUpdate"=3 (0x3)
              "Automatic LiveUpdate Scheduler"=2 (0x2)

              [HKEY_LOCAL_MACHINE\software\microsoft\security center]
              "AntiVirusDisableNotify"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
              "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
              "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
              "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
              "C:\\Program Files\\iTunes\\iTunes.exe"=
              "C:\\WINDOWS\\system32\\services.exe"=

              R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
              R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
              R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
              R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
              R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
              S2 wia1extulj1.sys;wia1extulj1.sys;C:\WINDOWS\system32\drivers\wia1extulj1.sys [ ]
              .
              - - - - ORPHANS REMOVED - - - -

              MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
              MSConfigStartUp-userinit - C:\WINDOWS\system32\ntos.exe
              MSConfigStartUp-winlogon - C:\Documents and Settings\Compaq_Owner\svchost.exe
              MSConfigStartUp-[system] - C:\WINDOWS\system32\drivers\services.exe


              .
              ------- Supplementary Scan -------
              .
              R0 -: HKCU-Main,SearchMigratedDefaultURL =
              R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
              R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
              R0 -: HKLM-Main,SearchMigratedDefaultURL =
              R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
              R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
              O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
              O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
              .

              **************************************************************************

              catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-10-27 16:59:01
              Windows 5.1.2600 Service Pack 2 NTFS

              scanning hidden processes ...

              scanning hidden autostart entries ...

              scanning hidden files ...


              **************************************************************************
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
              C:\WINDOWS\system32\nvsvc32.exe
              .
              **************************************************************************
              .
              Completion time: 2008-10-27 17:07:06 - machine was rebooted
              ComboFix-quarantined-files.txt  2008-10-28 00:07:02

              Pre-Run: 90,448,408,576 bytes free
              Post-Run: 92,141,826,048 bytes free

              214    --- E O F ---    2008-10-23 21:29:57

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: Spyware & Viruses... Hijack log help please ;-)
              « Reply #9 on: October 27, 2008, 06:43:38 PM »
              Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

              Delete these files/folders, as follows:

              1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
              It must be Notepad, not Wordpad.
              2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

              Code: [Select]
              KillAll::

              Driver::
              MSSECURITY1.209.4

              Registry::
              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
              "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-

              [-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

              [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wia1extulj1.sys]

              [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdcb6378]

              3. Go to the Notepad window and click Edit > Paste
              4. Then click File > Save
              5. Name the file CFScript.txt - Save the file to your Desktop
              6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



              ComboFix will begin to execute, just follow the prompts.
              After reboot (in case it asks to reboot), it will produce a log for you.
              Post that log (Combofix.txt) in your next reply.

              Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

              Bamby

                Topic Starter


                Rookie

                Re: Spyware & Viruses... Hijack log help please ;-)
                « Reply #10 on: October 27, 2008, 07:25:08 PM »
                Here are the results...  :-)  From last instuction.

                ComboFix 08-10-27.02 - Compaq_Owner 2008-10-27 18:06:17.2 - NTFSx86
                Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.142 [GMT -7:00]
                Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
                Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
                 * Created a new restore point
                .

                (((((((((((((((((((((((((   Files Created from 2008-09-28 to 2008-10-28  )))))))))))))))))))))))))))))))
                .

                2008-10-26 15:44 . 2008-10-26 15:44   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
                2008-10-26 15:44 . 2008-10-26 15:44   <DIR>   d--------   C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
                2008-10-26 15:44 . 2008-10-26 15:44   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
                2008-10-26 15:43 . 2008-10-26 15:43   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
                2008-10-26 13:30 . 2008-10-26 13:30   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
                2008-10-26 13:30 . 2008-10-26 13:30   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
                2008-10-25 12:36 . 2008-10-25 12:36   <DIR>   d--------   C:\Program Files\Trend Micro
                2008-10-25 12:22 . 2008-10-26 13:35   57,388   --a------   C:\WINDOWS\system32\%LocalXml%
                2008-10-25 09:43 . 2008-10-25 09:43   <DIR>   d--------   C:\Program Files\Maxtor
                2008-10-24 14:20 . 2008-10-27 17:22   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
                2008-10-24 14:20 . 2008-10-24 14:20   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
                2008-10-24 14:18 . 2008-10-24 14:18   <DIR>   d--------   C:\Program Files\Kaspersky Lab
                2008-10-24 14:18 . 2008-10-27 17:30   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                2008-10-24 14:18 . 2008-10-27 18:11   3,619,872   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
                2008-10-24 14:18 . 2008-10-27 18:11   483,360   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
                2008-10-24 14:18 . 2008-10-27 18:11   30,408   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
                2008-10-24 14:18 . 2008-10-27 18:11   2,732   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
                2008-10-23 21:51 . 2008-10-23 21:51   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
                2008-10-23 19:07 . 2008-10-23 19:07   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                2008-10-23 10:22 . 2008-10-23 10:22   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
                2008-10-23 10:22 . 2008-10-23 10:22   <DIR>   d--------   C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
                2008-10-23 10:22 . 2008-10-23 10:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
                2008-10-23 10:22 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
                2008-10-23 10:22 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
                2008-10-22 22:56 . 2008-10-22 22:56   <DIR>   d--------   C:\Program Files\Gateway
                2008-10-22 20:16 . 2008-10-22 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Maxtor
                2008-10-22 20:15 . 2008-10-22 20:15   <DIR>   d--------   C:\Program Files\MSXML 6.0
                2008-10-22 20:14 . 2008-10-22 20:14   <DIR>   d--hs----   C:\WINDOWS\ftpcache
                2008-10-22 19:31 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
                2008-10-22 19:31 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\dllcache\mouhid.sys
                2008-10-21 10:30 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
                2008-10-21 10:30 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
                2008-10-21 10:30 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
                2008-10-21 10:30 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\dllcache\hidserv.dll
                2008-10-21 10:30 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
                2008-10-21 10:30 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\dllcache\kbdhid.sys
                2008-10-21 10:30 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
                2008-10-21 10:30 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\dllcache\hidusb.sys

                .
                ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-10-26 20:30   ---------   d-----w   C:\Program Files\Java
                2008-10-25 19:16   ---------   d-----w   C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
                2008-10-25 18:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
                2008-10-24 04:14   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
                2008-10-23 04:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
                2008-10-15 16:57   332,800   ----a-w   C:\WINDOWS\system32\dllcache\netapi32.dll
                2008-10-03 17:41   6,066,176   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
                2008-09-15 11:57   1,846,016   ----a-w   C:\WINDOWS\system32\win32k.sys
                2008-09-15 11:57   1,846,016   ----a-w   C:\WINDOWS\system32\dllcache\win32k.sys
                2008-08-28 10:04   333,056   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
                2008-08-28 10:04   333,056   ----a-w   C:\WINDOWS\system32\dllcache\srv.sys
                2008-08-27 08:24   3,593,216   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
                2008-08-25 08:38   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
                2008-08-25 08:37   70,656   ----a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
                2008-08-23 05:56   635,848   ----a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
                2008-08-23 05:54   161,792   ----a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
                2008-08-20 05:11   10,240   ----a-w   C:\WINDOWS\ad.dll
                2008-08-14 10:00   2,180,352   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
                2008-08-14 10:00   2,180,352   ------w   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
                2008-08-14 09:58   2,136,064   ------w   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
                2008-08-14 09:51   138,368   ----a-w   C:\WINDOWS\system32\dllcache\afd.sys
                2008-08-14 09:22   2,057,728   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
                2008-08-14 09:22   2,057,728   ------w   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
                2008-08-14 09:22   2,015,744   ------w   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
                2008-07-30 03:21   218,376   ----a-w   C:\WINDOWS\system32\klogon.dll
                2008-05-22 05:07   10,426   ----a-w   C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
                .

                (((((((((((((((((((((((((((((   [email protected]_17.06.30.60   )))))))))))))))))))))))))))))))))))))))))
                .
                - 2008-10-24 21:17:52   213,008   ----a-w   C:\WINDOWS\system32\drivers\klif.sys
                + 2008-07-19 00:39:18   213,008   ----a-w   C:\WINDOWS\system32\drivers\klif.sys
                + 2008-10-28 01:12:14   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_144.dat
                .
                (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Note* empty entries & legit default entries are not shown
                REGEDIT4

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
                "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
                "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

                [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
                path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
                backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
                path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
                backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
                path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
                backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

                [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^userinit.exe]
                path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\userinit.exe
                backup=C:\WINDOWS\pss\userinit.exeStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
                --a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
                --a------ 2008-07-21 17:16 169312 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
                --a------ 2006-01-24 19:15 7311360 C:\WINDOWS\system32\nvcpl.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                --a------ 2007-07-19 17:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                "WebrootSpySweeperService"=2 (0x2)
                "Symantec Core LC"=2 (0x2)
                "SPBBCSvc"=2 (0x2)
                "SNDSrvc"=2 (0x2)
                "SAVScan"=3 (0x3)
                "NSCService"=3 (0x3)
                "navapsvc"=2 (0x2)
                "MDM"=2 (0x2)
                "ccSetMgr"=2 (0x2)
                "ccProxy"=2 (0x2)
                "ccISPwdSvc"=3 (0x3)
                "ccEvtMgr"=2 (0x2)
                "aawservice"=2 (0x2)
                "LiveUpdate"=3 (0x3)
                "Automatic LiveUpdate Scheduler"=2 (0x2)

                [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                "AntiVirusDisableNotify"=dword:00000001

                [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
                "DisableMonitoring"=dword:00000001

                [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                "DisableMonitoring"=dword:00000001

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                "EnableFirewall"= 0 (0x0)

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
                "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
                "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
                "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
                "C:\\Program Files\\iTunes\\iTunes.exe"=
                "C:\\WINDOWS\\system32\\services.exe"=

                R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
                R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
                R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
                R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
                R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
                S2 wia1extulj1.sys;wia1extulj1.sys;C:\WINDOWS\system32\drivers\wia1extulj1.sys [ ]
                .

                **************************************************************************

                catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-10-27 18:12:53
                Windows 5.1.2600 Service Pack 2 NTFS

                scanning hidden processes ...

                scanning hidden autostart entries ...

                scanning hidden files ...

                scan completed successfully
                hidden files: 0

                **************************************************************************
                .
                ------------------------ Other Running Processes ------------------------
                .
                C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\WINDOWS\system32\wscntfy.exe
                .
                **************************************************************************
                .
                Completion time: 2008-10-27 18:20:51 - machine was rebooted
                ComboFix-quarantined-files.txt  2008-10-28 01:20:47
                ComboFix2.txt  2008-10-28 00:07:08

                Pre-Run: 92,026,425,344 bytes free
                Post-Run: 92,060,536,832 bytes free

                182   --- E O F ---   2008-10-23 21:29:57


                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Re: Spyware & Viruses... Hijack log help please ;-)
                « Reply #11 on: October 27, 2008, 09:57:13 PM »
                  • Click START then RUN
                  • Now type Combofix /u in the runbox
                  • Make sure there's a space between Combofix and /u
                  • Then hit Enter.
                  • The above procedure will:
                  • Delete the following:
                  • ComboFix and its associated files and folders.
                  • Reset the clock settings.
                  • Hide file extensions, if required.
                  • Hide System/Hidden files, if required.
                  • Set a new, clean Restore Point.
                  .
                  ----------

                  Run CCleaner.

                  ----------

                  Run this online scan.

                This scanner requires Internet Explorer

                Use the ESET Nod32 Online Scanner

                1. Check the box next to YES, I accept the Terms of Use.
                2. Click Start
                3. When asked, allow the activex control to install
                4. Click Start
                5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
                6. Click Scan
                7. Wait for the scan to finish
                8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
                9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

                Also let me know how the computer is running now.

                Bamby

                  Topic Starter


                  Rookie

                  Re: Spyware & Viruses... Hijack log help please ;-)
                  « Reply #12 on: October 28, 2008, 02:18:35 AM »
                  Thank you Evilfantasy   ;D  I deleted the Combofix and followed it by doing the nod32 scan and only came up with one file. So far so good, No pop up rundlls going on at all and the start up menu looks awesome with no annoying files. I will surely post again if any problems should arrise. Thank you sooooo much.   :) Next post nod32 >>>>

                  system.

                  Bamby

                    Topic Starter


                    Rookie

                    Re: Spyware & Viruses... Hijack log help please ;-)
                    « Reply #13 on: October 28, 2008, 02:22:41 AM »
                    Here are the results from the nod32 program.

                    Scan Log
                    Version of virus signature database: 3561 (20081027)
                    Date: 10/27/2008  Time: 10:49:26 PM
                    Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\
                    C:\hiberfil.sys - error opening [4]
                    C:\pagefile.sys - error opening [4]
                    C:\Documents and Settings\Compaq_Owner\NTUSER.DAT - error opening [4]
                    C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG - error opening [4]
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {002E2FC3-4B0E-40AD-B70A-EFA06D101228} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {047FBCAF-3B64-497A-8722-268DB1B3ECAC} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {0778773D-5444-4BA6-83B2-EC92D9BBF5F4} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {0F119E1F-299C-41F6-BFFD-57337FFC8408} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {1277D5E1-A261-492A-8B54-6C3436990D7A} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {179181C7-0D0E-4FBF-9908-4A7FE4FC1F2F} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {1B1D7CF2-3203-4249-8A62-C3D49A9AE43E} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {1CF1FDE2-B308-4376-B3BB-7D51A77328BA} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {1E1A95A9-855D-4A9A-84C0-4A62021DE8D4} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {1E802289-7A45-4F84-B724-90184F470E8B} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {22955022-DF17-435A-85CB-525DAD56676C} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {27018A7A-BAC6-49DE-AAE7-012DFD70D789} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {2998CC56-74D5-4481-8E0D-7C0FCD006D43} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {2B47942C-673E-4678-8D1C-20AD427F622F} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {2CDECD41-EDF9-4FF4-8B45-E8C4187AF460} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {2CE1AB38-78E5-40E0-8BE9-997C9E318C6E} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {2E3801C4-4FEE-48CD-BB50-F9B8D4D4C035} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {32A06186-B752-40BB-8C66-185613C4DB71} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {358440C3-D0BB-445E-9448-F03FEAE62074} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {366E3D49-955C-48ED-8F23-907C62DF2290} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {3826BB52-E591-4EEF-85BE-212FAF158FB1} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {386402FA-FFCA-49B1-B22D-FCDFD88461EE} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {3AC030BB-5068-486E-BE2B-A789694B42C4} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {3B0A0E6C-397B-4E1C-93DF-76D298005654} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {3CD9ADB6-DC21-42B2-8F70-1B17E6C72428} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {3DB3299F-D075-4DB6-9978-983310FAD40F} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {405B52DD-64BA-4506-A8F3-F553FF2A3752} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {41B64D72-B377-45C7-8839-025AB8B3AD89} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {45D27275-C6F7-4DB3-B006-0B9CF4C01A0C} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {47347928-FCAF-44B2-A58A-4D0ED9A78267} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {4A081071-00E5-421A-BC2A-BC0A94AF72CB} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {4E33434B-590B-4EB5-84B8-A9C48DB3E4F8} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {4ED37BA7-3735-42A0-9454-5DBB38DF3AAD} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {4FE782B2-47FE-40DD-AF2A-6916AA551C1E} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {535B051F-5E9B-40AA-9BDC-8461CC3F4836} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {55EC3007-D711-4AC9-A5DC-D82F3FE193D8} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {56EAEFB6-D23B-46A6-9190-2F2708E4E6C6} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {5C997445-02DF-4000-BF5D-71B3BB703852} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {5F225E7A-8C7E-48A7-A4E5-90FB7E6DA7A7} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {5FE8D34F-0842-4585-A255-87EBF64F51D5} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {6321D995-4235-47E3-9E84-E71AAA209BBC} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {64EB28CB-060D-48FF-8786-E790F730B3D6} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {65AEDDC7-F0C7-4D6A-BBC4-8D6FBF5A4F4E} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {65D86BC3-6C87-4A88-996F-186417E8E7E0} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {68AA5B8C-E2FE-45BE-ABC9-CB197914871F} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {69B81F5F-7CE5-48B8-81E0-BB741966E8B5} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {69E74E15-2B60-401A-B4D2-498356F7D1A0} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {6AC6372E-5E86-486E-82FF-330FE6921F8E} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {6AEE8D7D-2EAB-423D-AB7B-CEC7F3BC4400} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {6DA1B2EE-B7E5-481D-8795-8C5DF749A260} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {6E9B4273-D802-4ED2-98A9-C9E9E0DE69CA} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {6FCE033E-422A-4FDC-B658-9DC1E9F2F97E} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {71ADD95B-867D-4C35-820F-2FF81E9D3A0C} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {71E06D72-2749-4CEC-A3D7-4B4A022CB4EC} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {779E798F-B58D-4124-B629-DAFF7E32BEB4} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {79E4E369-DF48-49EA-97F1-699DDF5ED826} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {7AE13654-66F1-45FA-8043-D2F9C0ABCA19} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {7B290A51-D40D-4BFC-BE22-D8B8F27B9B0C} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {7B7A65D7-2194-4264-BFC3-84A28CEE870B} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {7C0685FC-B809-4209-8677-4C96003CD170} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {7E9173F6-3D02-4EB5-BEB4-B45D1A298E97} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {7FD0403A-35E9-473C-8A91-1F75EBBE968D} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {81762D2A-F362-44C4-AC09-CDB3C23FD0FC} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {81E88E2A-5DDE-4A84-97B7-6700EA165F64} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {82185E31-B15C-4CC6-8040-48B31D3DB381} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {88084DD8-DBA4-48E1-9FE4-24252EABC333} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {886F9734-806F-4D42-9AB0-5728E17510F1} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {887FA121-C5AD-4FA7-8011-17646D53E08A} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {8B685236-F368-4B9F-A1E8-8AAC8FD4C6BA} - error - password-protected file
                    C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 -

                    Bamby

                      Topic Starter


                      Rookie

                      Re: Spyware & Viruses... Hijack log help please ;-)
                      « Reply #14 on: October 28, 2008, 02:25:52 AM »
                      Continued nod32:


                      00-14-47.SBU ZIP {8C35F98B-992C-4706-B7E1-3A83F9AC2F0E} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {8D7E9981-859E-4910-851E-F88FE7B2AA04} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {8E963F03-693D-4CE4-B89C-B34F152107A7} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {906DAEEE-6CD4-4836-8ABA-7C31ED308A1F} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {92BFFE45-D99F-41EE-AF7E-BDD49C48198B} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {94AE5456-058C-4496-9AFC-3AB63916EC17} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {9A1E0002-F5A7-4F76-9F7A-9EF9706409A6} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {9B64F197-1A72-4DB1-8DAF-EB08CB39FF34} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {9C20C17B-49DF-4618-8E7B-7A921B480041} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {9CA0D8C0-8594-44CD-8F1A-0AF3E4ACBC1D} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {A02C8CC9-E8CF-41AB-9FA3-CCDC97F2901B} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {A187C1EB-D775-47BF-912C-3C598F7AB10E} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {A4F91F4B-6136-465C-879D-4210AD594E21} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {AB28718B-051C-4FF1-BE1B-C33CAEB156DD} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {AD8DF13C-A762-47C8-BEE0-1CD53A13C9DB} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {AE493C1E-62D8-4649-9F7D-6B08C62DABA9} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {AE6855BC-E183-408F-AED8-893AB9CCB700} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {B55CB8CE-F036-4390-8850-F79A43520147} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {BB9BD23E-BD54-4031-B23C-E08BADF927FA} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {C0FBF0AC-F65D-4E6C-906E-1D77E7EF39F1} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {C1927E01-219E-4772-903C-2636B97FBDF5} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {C4C657C4-B731-45F9-883E-2672D263CE20} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {C5807513-2F5A-4CAF-8D33-C5054CAEA921} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {CE69E7D2-C2FD-4C95-B31A-4FEFA09519EF} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {D08CBFA6-AEB5-40D0-97B4-2781F014BB51} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {D5411CA5-9771-4F04-A4BE-F1DF4EBC3E6B} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {D98E8E40-B9EC-4E2E-A7E9-3B7DBC59940E} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {D9EBC7F3-60D2-45DC-8F45-14807167A80B} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {DA4B8F45-3BBF-4E12-B09A-62D3FA708428} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {DB595BCD-882E-499C-87FF-6D785267D1F0} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {DCB6DFBE-1016-419A-9889-7CCB9E70035C} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {E4D0729B-1DC8-48FC-8DD1-A30CFB0433F2} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {EAB6E346-176C-499F-B1DB-A45E25668D4F} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {EB517ACB-9765-4087-BC44-848A6CDAB7A5} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {ECF53E3A-9B9F-48CB-A99B-BBBC65DFF707} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {EEFCBACF-733C-4191-91AD-1EFE3AE57EDD} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {EFFC33EB-97EC-4140-A318-179C65106598} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {F1EF6B5A-AC07-4DF1-8E47-C5EEA505EAF9} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {F235CC8A-227D-44FE-BEEF-33379030CDD8} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {F4D41250-F787-479F-ADEB-9131B7BC96D4} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {FB0D055B-24FC-46DE-8F90-A005911A7648} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP {FF64BF73-B647-4450-9945-FEBA367FE942} - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU ZIP backup.db - error - password-protected file
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB whatsound.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_gzip.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB double_const.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_bufio.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_cgi.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_codecs.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_contains.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_dis.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_extcall.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_format.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_funcattrs.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_future3.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_gc.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_import.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_linuxaudiodev.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_long_future.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_locale.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_long.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_marshal.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_normalization.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_mmap.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_mutants.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_new.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_nis.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_ossaudiodev.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_quopri.py MIME - is OK (internal scanning not performed)
                      C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab CAB test_regex.py MIME - is OK (internal scanning not