Author Topic: Spyware & Viruses... Hijack log help please ;-) (Read 9882 times)

Bamby · « **on:** October 26, 2008, 02:02:38 PM »

I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:14 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvk bd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6980 bytes

evilfantasy · « **Reply #1 on:** October 27, 2008, 01:13:05 PM »

Start here http://www.computerhope.com/forum/index.php/topic,46313.0.html

Post the 3 logs when complete.

Bamby · « **Reply #2 on:** October 27, 2008, 02:18:17 PM »

Evilfantasy, First, Thank you so much for responding.

You might want to delete the other post that I created today. I tried to delete it but found out that I am not allowed to do that. Here is what I posted today.

--------------------------------------------------------------------------------
My apology for not providing all of the scan results that I should have included with my first post as requested by your forum. This is what has been going on with this computer....
I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log, super anti spyware as well as a new Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2008 at 05:28 PM

Application Version : 4.21.1004

Core Rules Database Version : 3609
Trace Rules Database Version: 1595

Scan type : Complete Scan
Total Scan Time : 01:21:40

Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 5539
Registry threats detected : 4
File items scanned : 114235
File threats detected : 111

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adbrite[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adecn[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adlegend[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adrevolver[3].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adserver[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adultfriendfinder[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@advertising[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@bizrate[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@bluestreak[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@casalemedia[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@clickbank[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@collective-media[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@directtrack[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@doubleclick[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@eyewonder[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@fastclick[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@insightexpressai[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@interclick[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@media6degrees[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@mediapromoter[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@overture[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@realmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@revsci[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@socialmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@statcounter[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@tacoda[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@zedo[1].txt

Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]

Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved

Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1552OINADMIN.EXE-01D813FF.PF

Trojan.Fake-Drop/Gen
C:\WINDOWS\TEMP\SALM.EXE

Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2

10/26/2008 3:17:53 PM
mbam-log-2008-10-26 (15-17-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 156431
Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack log to follow in next post.... If included in this post it exceeds 20000 characters.

Thank you in advance.

Bamby · « **Reply #3 on:** October 27, 2008, 02:19:30 PM »

--------------------------------------------------------------------------------
Hijack Log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:05 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7401 bytes

evilfantasy · « **Reply #4 on:** October 27, 2008, 02:25:49 PM »

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

Code: [Select]

C:\WINDOWS\ad.dll2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
[color="Red"]Important:[/color] Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

Bamby · « **Reply #5 on:** October 27, 2008, 04:02:38 PM »

Evilfantasy, Here is the log....

VirSCAN.org Scanned Report :
Scanned time : 2008/10/27 14:53:28 (PDT)
Scanner results: 5% Scanner(2/39) found malware!
File Name : ad.dll
File Size : 10240 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 4a431b1ae4b64eb4f7f3c22cabc1e6da
SHA1 : 0a3f6e7832908d80817bb5c688a059ebc12b759 6
Online report : http://virscan.org/report/caa960800c43c91099f6d568512c91db.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.23 2008.10.27 2008-10-27 1.43 -
AhnLab V3 2008.10.28.00 2008.10.28 2008-10-28 0.94 -
AntiVir 7.9.0.9 7.1.0.4 2008-10-27 1.43 -
Antiy 2.0.18 20081023.1512524 2008-10-23 0.02 -
Arcavir 1.0.5 200810271102 2008-10-27 1.21 -
Authentium 5.1.1 200810270445 2008-10-27 1.04 -
AVAST! 3.0.1 081027-0 2008-10-27 0.71 -
AVG 7.5.52.442 270.8.4/1750 2008-10-27 1.70 -
BitDefender 7.60825.1966464 7.21524 2008-10-28 3.24 Generic.Malware.Sdld!.6D230658 (suspected)
CA (VET) 9.0.0.143 31.6.6176 2008-10-27 5.07 -
ClamAV 0.94 8512 2008-10-28 0.01 -
Comodo 2.11 2.0.0.689 2008-10-27 0.42 -
CP Secure 1.1.0.715 2008.10.28 2008-10-28 6.35 -
Dr.Web 4.44.0.9170 2008.10.27 2008-10-27 3.36 -
ewido 4.0.0.2 2008.10.27 2008-10-27 2.92 -
F-Prot 4.4.4.56 20081027 2008-10-27 1.04 -
F-Secure 5.51.6100 2008.10.27.06 2008-10-27 3.62 -
Fortinet 2.81-3.113 9.679 2008-10-27 0.21 -
GData 19.1169/19.73 20081023 2008-10-23 2.61 -
ViRobot 20081027 2008.10.27 2008-10-27 0.40 -
Ikarus T3.1.01.44 2008.10.27.71740 2008-10-27 2.87 -
JiangMin 11.0.706 2008.10.26 2008-10-26 1.27 -
Kaspersky 5.5.10 2008.10.27 2008-10-27 0.03 -
KingSoft 2008.9.8.18 2008.10.27.17 2008-10-27 0.67 -
McAfee 5.3.00 5416 2008-10-27 2.19 -
Microsoft 1.4005 2008.10.27 2008-10-27 3.99 -
mks_vir 2.01 2008.10.27 2008-10-27 2.66 -
Norman 5.93.01 5.93.00 2008-10-27 5.47 -
Panda 9.05.01 2008.10.27 2008-10-27 2.27 -
Trend Micro 8.700-1004 5.622.22 2008-10-27 0.02 -
Quick Heal 9.50 2008.10.27 2008-10-27 1.84 -
Rising 20.0 21.01.02.00 2008-10-27 0.76 -
Sophos 2.79.0 4.34 2008-10-28 1.94 -
Sunbelt 3.1.1760.1 2349 2008-10-27 0.51 -
Symantec 1.3.0.24 20081027.003 2008-10-27 0.05 -
nProtect 2008-10-27.01 2340124 2008-10-27 4.29 Generic.Malware.Sdld!.6D230658
The Hacker 6.3.1.1 v00132 2008-10-27 0.45 -
VBA32 3.12.8.8 20081027.1037 2008-10-27 1.35 -
VirusBuster 4.5.11.10 10.90.15/652003 2008-10-27 0.84 -

evilfantasy · « **Reply #6 on:** October 27, 2008, 04:16:02 PM »

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
- O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
- O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
- O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
- O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"cdcb6378"=-

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Bamby · « **Reply #7 on:** October 27, 2008, 05:46:35 PM »

Received a success message about adding to the registry. I will do the Combo fix now.

Bamby · « **Reply #8 on:** October 27, 2008, 06:29:52 PM »

Here is the scan results from the Combofix....

ComboFix 08-10-27.02 - Compaq_Owner 2008-10-27 16:51:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -7:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner\Application Data\Adobe\crc.dat
C:\Program Files\sks~1
C:\Program Files\sks~1\??sks\
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\koyuxpjp.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\xFeOrtwa.ini
C:\WINDOWS\system32\xFeOrtwa.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-26 15:43 . 2008-10-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 13:30 . 2008-10-26 13:30 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 13:30 . 2008-10-26 13:30 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 12:36 . 2008-10-25 12:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-25 12:22 . 2008-10-26 13:35 57,388 --a------ C:\WINDOWS\system32\%LocalXml%
2008-10-25 09:43 . 2008-10-25 09:43 <DIR> d-------- C:\Program Files\Maxtor
2008-10-24 14:20 . 2008-10-24 14:32 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-24 14:20 . 2008-10-24 14:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-24 14:18 . 2008-10-24 14:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 16:57 3,619,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-24 14:18 . 2008-10-27 17:00 442,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-24 14:18 . 2008-10-27 16:57 30,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-24 14:18 . 2008-10-27 17:00 2,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-23 21:51 . 2008-10-23 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-23 19:07 . 2008-10-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 10:22 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 22:56 . 2008-10-22 22:56 <DIR> d-------- C:\Program Files\Gateway
2008-10-22 20:16 . 2008-10-22 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Maxtor
2008-10-22 20:15 . 2008-10-22 20:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-10-22 20:14 . 2008-10-22 20:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-22 19:31 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-22 19:31 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-21 10:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-21 10:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-21 10:30 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-21 10:30 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-21 10:30 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-21 10:30 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-21 10:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-21 10:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:30 --------- d-----w C:\Program Files\Java
2008-10-25 19:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-10-25 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-23 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-20 05:11 10,240 ----a-w C:\WINDOWS\ad.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-30 03:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-05-22 05:07 10,426 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-04-15 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wia1extulj1.sys]
@="\??\C:\WINDOWS\system32\drivers\wia1extulj1.sys"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^userinit.exe]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\userinit.exe
backup=C:\WINDOWS\pss\userinit.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdcb6378]
--a------ 2008-08-19 22:11 10240 C:\WINDOWS\ad.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 17:16 169312 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-24 19:15 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 17:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\services.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 wia1extulj1.sys;wia1extulj1.sys;C:\WINDOWS\system32\drivers\wia1extulj1.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-userinit - C:\WINDOWS\system32\ntos.exe
MSConfigStartUp-winlogon - C:\Documents and Settings\Compaq_Owner\svchost.exe
MSConfigStartUp-[system] - C:\WINDOWS\system32\drivers\services.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL =
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 -: HKLM-Main,SearchMigratedDefaultURL =
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 16:59:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-10-27 17:07:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 00:07:02

Pre-Run: 90,448,408,576 bytes free
Post-Run: 92,141,826,048 bytes free

214 --- E O F --- 2008-10-23 21:29:57

evilfantasy · « **Reply #9 on:** October 27, 2008, 06:43:38 PM »

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
MSSECURITY1.209.4

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-

[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wia1extulj1.sys]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdcb6378]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Bamby · « **Reply #10 on:** October 27, 2008, 07:25:08 PM »

Here are the results... :-) From last instuction.

ComboFix 08-10-27.02 - Compaq_Owner 2008-10-27 18:06:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -7:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-26 15:44 . 2008-10-26 15:44   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-10-26 15:44 . 2008-10-26 15:44   <DIR>   d--------   C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-10-26 15:44 . 2008-10-26 15:44   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-26 15:43 . 2008-10-26 15:43   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 13:30 . 2008-10-26 13:30   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-10-26 13:30 . 2008-10-26 13:30   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-10-25 12:36 . 2008-10-25 12:36   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-25 12:22 . 2008-10-26 13:35   57,388   --a------   C:\WINDOWS\system32\%LocalXml%
2008-10-25 09:43 . 2008-10-25 09:43   <DIR>   d--------   C:\Program Files\Maxtor
2008-10-24 14:20 . 2008-10-27 17:22   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-10-24 14:20 . 2008-10-24 14:20   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-10-24 14:18 . 2008-10-24 14:18   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 17:30   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 18:11   3,619,872   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-24 14:18 . 2008-10-27 18:11   483,360   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-24 14:18 . 2008-10-27 18:11   30,408   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-24 14:18 . 2008-10-27 18:11   2,732   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-23 21:51 . 2008-10-23 21:51   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-23 19:07 . 2008-10-23 19:07   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 10:22 . 2008-10-23 10:22   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 10:22 . 2008-10-23 10:22   <DIR>   d--------   C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-23 10:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 10:22 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 22:56 . 2008-10-22 22:56   <DIR>   d--------   C:\Program Files\Gateway
2008-10-22 20:16 . 2008-10-22 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Maxtor
2008-10-22 20:15 . 2008-10-22 20:15   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-10-22 20:14 . 2008-10-22 20:14   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-10-22 19:31 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-22 19:31 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-21 10:30 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-21 10:30 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-21 10:30 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2008-10-21 10:30 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-21 10:30 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-21 10:30 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-21 10:30 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-21 10:30 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:30   ---------   d-----w   C:\Program Files\Java
2008-10-25 19:16   ---------   d-----w   C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-10-25 18:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 04:14   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-10-23 04:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 16:57   332,800   ----a-w   C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:41   6,066,176   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57   1,846,016   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57   1,846,016   ----a-w   C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04   333,056   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04   333,056   ----a-w   C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24   3,593,216   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37   70,656   ----a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56   635,848   ----a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54   161,792   ----a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-20 05:11   10,240   ----a-w   C:\WINDOWS\ad.dll
2008-08-14 10:00   2,180,352   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00   2,180,352   ------w   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58   2,136,064   ------w   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51   138,368   ----a-w   C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22   2,057,728   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22   2,057,728   ------w   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22   2,015,744   ------w   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-30 03:21   218,376   ----a-w   C:\WINDOWS\system32\klogon.dll
2008-05-22 05:07   10,426   ----a-w   C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-27_17.06.30.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-24 21:17:52   213,008   ----a-w   C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-19 00:39:18   213,008   ----a-w   C:\WINDOWS\system32\drivers\klif.sys
+ 2008-10-28 01:12:14   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_144.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^userinit.exe]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\userinit.exe
backup=C:\WINDOWS\pss\userinit.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 17:16 169312 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-24 19:15 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 17:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\services.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 wia1extulj1.sys;wia1extulj1.sys;C:\WINDOWS\system32\drivers\wia1extulj1.sys [ ]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-27 18:20:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 01:20:47
ComboFix2.txt 2008-10-28 00:07:08

Pre-Run: 92,026,425,344 bytes free
Post-Run: 92,060,536,832 bytes free

182   --- E O F ---   2008-10-23 21:29:57

evilfantasy · « **Reply #11 on:** October 27, 2008, 09:57:13 PM »

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Also let me know how the computer is running now.

Bamby · « **Reply #12 on:** October 28, 2008, 02:18:35 AM »

Thank you Evilfantasy

I deleted the Combofix and followed it by doing the nod32 scan and only came up with one file. So far so good, No pop up rundlls going on at all and the start up menu looks awesome with no annoying files. I will surely post again if any problems should arrise. Thank you sooooo much.

Next post nod32 >>>>

system.

Bamby · « **Reply #13 on:** October 28, 2008, 02:22:41 AM »

Here are the results from the nod32 program.

Scan Log
Version of virus signature database: 3561 (20081027)
Date: 10/27/2008 Time: 10:49:26 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\

:\Boot sector;D:\;E:\Boot sector;E:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT - error opening [4]
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {002E2FC3-4B0E-40AD-B70A-EFA06D101228} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {047FBCAF-3B64-497A-8722-268DB1B3ECAC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {0778773D-5444-4BA6-83B2-EC92D9BBF5F4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {0F119E1F-299C-41F6-BFFD-57337FFC8408} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1277D5E1-A261-492A-8B54-6C3436990D7A} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {179181C7-0D0E-4FBF-9908-4A7FE4FC1F2F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1B1D7CF2-3203-4249-8A62-C3D49A9AE43E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1CF1FDE2-B308-4376-B3BB-7D51A77328BA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1E1A95A9-855D-4A9A-84C0-4A62021DE8D4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1E802289-7A45-4F84-B724-90184F470E8B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {22955022-DF17-435A-85CB-525DAD56676C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {27018A7A-BAC6-49DE-AAE7-012DFD70D789} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2998CC56-74D5-4481-8E0D-7C0FCD006D43} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2B47942C-673E-4678-8D1C-20AD427F622F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2CDECD41-EDF9-4FF4-8B45-E8C4187AF460} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2CE1AB38-78E5-40E0-8BE9-997C9E318C6E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2E3801C4-4FEE-48CD-BB50-F9B8D4D4C035} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {32A06186-B752-40BB-8C66-185613C4DB71} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {358440C3-D0BB-445E-9448-F03FEAE62074} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {366E3D49-955C-48ED-8F23-907C62DF2290} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3826BB52-E591-4EEF-85BE-212FAF158FB1} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {386402FA-FFCA-49B1-B22D-FCDFD88461EE} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3AC030BB-5068-486E-BE2B-A789694B42C4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3B0A0E6C-397B-4E1C-93DF-76D298005654} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3CD9ADB6-DC21-42B2-8F70-1B17E6C72428} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3DB3299F-D075-4DB6-9978-983310FAD40F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {405B52DD-64BA-4506-A8F3-F553FF2A3752} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {41B64D72-B377-45C7-8839-025AB8B3AD89} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {45D27275-C6F7-4DB3-B006-0B9CF4C01A0C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {47347928-FCAF-44B2-A58A-4D0ED9A78267} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4A081071-00E5-421A-BC2A-BC0A94AF72CB} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4E33434B-590B-4EB5-84B8-A9C48DB3E4F8} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4ED37BA7-3735-42A0-9454-5DBB38DF3AAD} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4FE782B2-47FE-40DD-AF2A-6916AA551C1E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {535B051F-5E9B-40AA-9BDC-8461CC3F4836} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {55EC3007-D711-4AC9-A5DC-D82F3FE193D8} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {56EAEFB6-D23B-46A6-9190-2F2708E4E6C6} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {5C997445-02DF-4000-BF5D-71B3BB703852} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {5F225E7A-8C7E-48A7-A4E5-90FB7E6DA7A7} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {5FE8D34F-0842-4585-A255-87EBF64F51D5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6321D995-4235-47E3-9E84-E71AAA209BBC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {64EB28CB-060D-48FF-8786-E790F730B3D6} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {65AEDDC7-F0C7-4D6A-BBC4-8D6FBF5A4F4E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {65D86BC3-6C87-4A88-996F-186417E8E7E0} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {68AA5B8C-E2FE-45BE-ABC9-CB197914871F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {69B81F5F-7CE5-48B8-81E0-BB741966E8B5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {69E74E15-2B60-401A-B4D2-498356F7D1A0} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6AC6372E-5E86-486E-82FF-330FE6921F8E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6AEE8D7D-2EAB-423D-AB7B-CEC7F3BC4400} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6DA1B2EE-B7E5-481D-8795-8C5DF749A260} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6E9B4273-D802-4ED2-98A9-C9E9E0DE69CA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6FCE033E-422A-4FDC-B658-9DC1E9F2F97E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {71ADD95B-867D-4C35-820F-2FF81E9D3A0C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {71E06D72-2749-4CEC-A3D7-4B4A022CB4EC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {779E798F-B58D-4124-B629-DAFF7E32BEB4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {79E4E369-DF48-49EA-97F1-699DDF5ED826} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7AE13654-66F1-45FA-8043-D2F9C0ABCA19} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7B290A51-D40D-4BFC-BE22-D8B8F27B9B0C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7B7A65D7-2194-4264-BFC3-84A28CEE870B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7C0685FC-B809-4209-8677-4C96003CD170} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7E9173F6-3D02-4EB5-BEB4-B45D1A298E97} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7FD0403A-35E9-473C-8A91-1F75EBBE968D} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {81762D2A-F362-44C4-AC09-CDB3C23FD0FC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {81E88E2A-5DDE-4A84-97B7-6700EA165F64} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {82185E31-B15C-4CC6-8040-48B31D3DB381} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {88084DD8-DBA4-48E1-9FE4-24252EABC333} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {886F9734-806F-4D42-9AB0-5728E17510F1} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {887FA121-C5AD-4FA7-8011-17646D53E08A} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {8B685236-F368-4B9F-A1E8-8AAC8FD4C6BA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 -

Bamby · « **Reply #14 on:** October 28, 2008, 02:25:52 AM »

Continued nod32:

00-14-47.SBU » ZIP » {8C35F98B-992C-4706-B7E1-3A83F9AC2F0E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {8D7E9981-859E-4910-851E-F88FE7B2AA04} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {8E963F03-693D-4CE4-B89C-B34F152107A7} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {906DAEEE-6CD4-4836-8ABA-7C31ED308A1F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {92BFFE45-D99F-41EE-AF7E-BDD49C48198B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {94AE5456-058C-4496-9AFC-3AB63916EC17} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9A1E0002-F5A7-4F76-9F7A-9EF9706409A6} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9B64F197-1A72-4DB1-8DAF-EB08CB39FF34} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9C20C17B-49DF-4618-8E7B-7A921B480041} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9CA0D8C0-8594-44CD-8F1A-0AF3E4ACBC1D} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {A02C8CC9-E8CF-41AB-9FA3-CCDC97F2901B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {A187C1EB-D775-47BF-912C-3C598F7AB10E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {A4F91F4B-6136-465C-879D-4210AD594E21} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AB28718B-051C-4FF1-BE1B-C33CAEB156DD} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AD8DF13C-A762-47C8-BEE0-1CD53A13C9DB} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AE493C1E-62D8-4649-9F7D-6B08C62DABA9} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AE6855BC-E183-408F-AED8-893AB9CCB700} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {B55CB8CE-F036-4390-8850-F79A43520147} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {BB9BD23E-BD54-4031-B23C-E08BADF927FA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C0FBF0AC-F65D-4E6C-906E-1D77E7EF39F1} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C1927E01-219E-4772-903C-2636B97FBDF5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C4C657C4-B731-45F9-883E-2672D263CE20} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C5807513-2F5A-4CAF-8D33-C5054CAEA921} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {CE69E7D2-C2FD-4C95-B31A-4FEFA09519EF} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D08CBFA6-AEB5-40D0-97B4-2781F014BB51} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D5411CA5-9771-4F04-A4BE-F1DF4EBC3E6B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D98E8E40-B9EC-4E2E-A7E9-3B7DBC59940E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D9EBC7F3-60D2-45DC-8F45-14807167A80B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {DA4B8F45-3BBF-4E12-B09A-62D3FA708428} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {DB595BCD-882E-499C-87FF-6D785267D1F0} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {DCB6DFBE-1016-419A-9889-7CCB9E70035C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {E4D0729B-1DC8-48FC-8DD1-A30CFB0433F2} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EAB6E346-176C-499F-B1DB-A45E25668D4F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EB517ACB-9765-4087-BC44-848A6CDAB7A5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {ECF53E3A-9B9F-48CB-A99B-BBBC65DFF707} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EEFCBACF-733C-4191-91AD-1EFE3AE57EDD} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EFFC33EB-97EC-4140-A318-179C65106598} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {F1EF6B5A-AC07-4DF1-8E47-C5EEA505EAF9} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {F235CC8A-227D-44FE-BEEF-33379030CDD8} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {F4D41250-F787-479F-ADEB-9131B7BC96D4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {FB0D055B-24FC-46DE-8F90-A005911A7648} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {FF64BF73-B647-4450-9945-FEBA367FE942} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » whatsound.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_gzip.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » double_const.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_bufio.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_cgi.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_codecs.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_contains.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_dis.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_extcall.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_format.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_funcattrs.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_future3.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_gc.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_import.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_linuxaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_long_future.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_locale.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_long.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_marshal.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_normalization.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_mmap.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_mutants.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_new.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_nis.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_ossaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_quopri.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_regex.py » MIME - is OK (internal scanning not

Computer Hope Forum

News:

Author Topic: Spyware & Viruses... Hijack log help please ;-) (Read 9882 times)

Bamby

Spyware & Viruses... Hijack log help please ;-)

evilfantasy

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

evilfantasy

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

evilfantasy

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

evilfantasy

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

evilfantasy

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)

Bamby

Re: Spyware & Viruses... Hijack log help please ;-)