My system is attacked by some malware. its automatically opening all porn websites and not letting me to run any virus program. i have followed the thread on the cool website and run as you guys said. i am pasting the logs below. please advise me what should i do next.
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 07/03/2009 at 03:07 PM
Application Version : 4.26.1006
Core Rules Database Version : 3969
Trace Rules Database Version: 1909
Scan type : Complete Scan
Total Scan Time : 03:47:20
Memory items scanned : 609
Memory threats detected : 3
Registry items scanned : 6318
Registry threats detected : 97
File items scanned : 119848
File threats detected : 75
Trojan.Agent/Gen-6TO4
C:\WINDOWS\SYSTEM32\6TO4V32.DLL
C:\WINDOWS\SYSTEM32\6TO4V32.DLL
Trojan.Agent/Gen-RogueDropper
C:\WINDOWS\SYSTEM32\IEHELPER.DLL
C:\WINDOWS\SYSTEM32\IEHELPER.DLL
HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003}
Adware.SysGuard/FakeAlert
C:\WINDOWS\SYSGUARD.EXE
C:\WINDOWS\SYSGUARD.EXE
HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run#system tool [ C:\WINDOWS\sysguard.exe ]
C:\WINDOWS\Prefetch\SYSGUARD.EXE-39D8A190.pf
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}
HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}
HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}\InProcServer32
HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}
Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567edfa-408c-43e9-b929-4c25c04f5003}
HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}
HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}
HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}\inprocserver32
HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}\inprocserver32#ThreadingModel
Adware.Tracking Cookie
C:\Documents and Settings\OM\Cookies\
[email protected][2].txt
C:\Documents and Settings\OM\Cookies\system@atdmt[2].txt
C:\Documents and Settings\OM\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\OM\Cookies\
[email protected][1].txt
C:\Documents and Settings\OM\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\OM\Cookies\om@clicktorrent[2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@adecn[2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@chitika[1].txt
C:\Documents and Settings\Guest\Cookies\guest@clicksense[1].txt
C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@imediablast[1].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[3].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@myroitracking[2].txt
C:\Documents and Settings\Guest\Cookies\guest@nextag[1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@specificmedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@specificmedia[3].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@windowsmedia[1].txt
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@traveladvertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\
[email protected][2].txt
Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
Rootkit.Unclassified/KR_Done
C:\WINDOWS\system32\kr_done1
Rogue.SysCleaner
HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\xInsiDERexe
Trojan.Unclassified/NVCOI
C:\Program Files\Temporary
Trojan.Hugipon
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll
Rogue.Agent/Gen
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#aazalirt
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#skaaanret
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jungertab
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#zibaglertz
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#iddqdops
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ronitfst
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#tobmygers
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jikglond
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#tobykke
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#klopnidret
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jiklagka
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#salrtybek
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#seeukluba
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jrjakdsd
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krkdkdkee
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#dkewiizkjdks
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#dkekkrkska
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#rkaskssd
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#kuruhccdsdd
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krujmmwlrra
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#kkwknrbsggeg
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ktknamwerr
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#iqmcnoeqz
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ienotas
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krkmahejdk
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#otpeppggq
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krtawefg
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#oranerkka
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#kitiiwhaas
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#otowjdseww
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#otnnbektre
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#oropbbsee
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#irprokwks
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ooorjaas
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#id
HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ready
Trojan.Agent/Gen
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec
C:\Program Files\DRV
Trojan.Backdoor[DRV]
HKLM\System\CONTROLSET001\SERVICES\DRV
HKLM\System\CONTROLSET001\SERVICES\DRV#Type
HKLM\System\CONTROLSET001\SERVICES\DRV#Start
HKLM\System\CONTROLSET001\SERVICES\DRV#ErrorControl
HKLM\System\CONTROLSET001\SERVICES\DRV#ImagePath
HKLM\System\CONTROLSET001\SERVICES\DRV#ObjectName
HKLM\System\CONTROLSET001\SERVICES\DRV#FailureActions
HKLM\System\CONTROLSET001\SERVICES\DRV\parameters
HKLM\System\CONTROLSET001\SERVICES\DRV\parameters#ServiceDll
HKLM\System\CONTROLSET001\SERVICES\DRV\security
HKLM\System\CONTROLSET001\SERVICES\DRV\security#Security
HKLM\System\CONTROLSET001\SERVICES\DRV\Enum
HKLM\System\CONTROLSET001\SERVICES\DRV\Enum#0
HKLM\System\CONTROLSET001\SERVICES\DRV\Enum#Count
HKLM\System\CONTROLSET001\SERVICES\DRV\Enum#NextInstance
HKLM\System\CONTROLSET003\SERVICES\DRV
HKLM\System\CONTROLSET003\SERVICES\DRV#Type
HKLM\System\CONTROLSET003\SERVICES\DRV#Start
HKLM\System\CONTROLSET003\SERVICES\DRV#ErrorControl
HKLM\System\CONTROLSET003\SERVICES\DRV#ImagePath
HKLM\System\CONTROLSET003\SERVICES\DRV#ObjectName
HKLM\System\CONTROLSET003\SERVICES\DRV#FailureActions
HKLM\System\CONTROLSET003\SERVICES\DRV\parameters
HKLM\System\CONTROLSET003\SERVICES\DRV\parameters#ServiceDll
HKLM\System\CONTROLSET003\SERVICES\DRV\security
HKLM\System\CONTROLSET003\SERVICES\DRV\security#Security
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#Type
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#Start
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#ErrorControl
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#ImagePath
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#ObjectName
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#FailureActions
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\parameters
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\parameters#ServiceDll
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\security
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\security#Security
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum#0
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum#Count
HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum#NextInstance
Trojan.Agent/Gen-Backdoor[WinRes]
C:\WINDOWS\FONTS\COOECP.TLB
C:\WINDOWS\FONTS\LOGCDE.DLL
C:\WINDOWS\FONTS\WINDEF.DLL
C:\WINDOWS\FONTS\WINDEF.LOG
C:\WINDOWS\FONTS\WINPAGED.OCX
C:\WINDOWS\SYSTEM32\MSBKTI.EXE
C:\WINDOWS\SYSTEM32\MSEQDW.EXE
C:\WINDOWS\SYSTEM32\MSHHISS.EXE
C:\WINDOWS\SYSTEM32\MSJXG.EXE
C:\WINDOWS\SYSTEM32\MSMAMJ.EXE
C:\WINDOWS\SYSTEM32\MSSBXGJ.EXE
C:\WINDOWS\SYSTEM32\MSUIV.EXE
C:\WINDOWS\SYSTEM32\MSVDAZP.EXE
C:\WINDOWS\SYSTEM32\MSWHC.EXE
C:\WINDOWS\SYSTEM32\MSXXGSVF.EXE
C:\WINDOWS\SYSTEM32\MSYJV.EXE
C:\WINDOWS\SYSTEM32\MSYNKM.EXE
Trojan.Agent/Gen-UPX
C:\WINDOWS\FONTS\SERVICES.EXE
Trojan.Dropper/Win-NV
C:\WINDOWS\LD12.EXE
Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\MSWINSCK.OCX
Rootkit.Agent/Gen-FraudLoad-F
C:\WINDOWS\SYSTEM32\TPSAXYD.EXE
Trojan.Agent/Gen-Dropper[Temp]
C:\WINDOWS\TWAIN_32\HPQGNDS2.TMP
Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3
7/3/2009 3:45:02 PM
mbam-log-2009-07-03 (15-45-02).txt
Scan type: Quick Scan
Objects scanned: 100383
Time elapsed: 7 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf7husjnfg98gi498aejhiugjkdg4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LowRiskFileTypes (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\OM\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
c:\fdvjfx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\OM\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\OM\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\OM\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:58 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaMelon\bin\wrapper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\OM\Desktop\JavaRa\JavaRa.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62
www.antiaware-pro.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmartVoip] "C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash -minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://picasaweb.google.com/s/v/45.11/uploader2.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c98fbdcfb083d4) (gupdate1c98fbdcfb083d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe (file missing)
O23 - Service: MediaMelon Client 1.0 (MediaMelon Client) - Unknown owner - C:\Program Files\MediaMelon\bin\wrapper.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 11611 bytes
Edit to remove malicious link in HJT log.