Computer Hope
Software => Computer viruses and spyware => Topic started by: Bamby on October 26, 2008, 02:02:38 PM
-
I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:14 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvk bd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6980 bytes
-
Start here http://www.computerhope.com/forum/index.php/topic,46313.0.html
Post the 3 logs when complete.
-
Evilfantasy, First, Thank you so much for responding. :) You might want to delete the other post that I created today. I tried to delete it but found out that I am not allowed to do that. Here is what I posted today.
--------------------------------------------------------------------------------
My apology for not providing all of the scan results that I should have included with my first post as requested by your forum. This is what has been going on with this computer....
I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log, super anti spyware as well as a new Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/26/2008 at 05:28 PM
Application Version : 4.21.1004
Core Rules Database Version : 3609
Trace Rules Database Version: 1595
Scan type : Complete Scan
Total Scan Time : 01:21:40
Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 5539
Registry threats detected : 4
File items scanned : 114235
File threats detected : 111
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adbrite[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adecn[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adlegend[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adrevolver[3].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adserver[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adultfriendfinder[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@advertising[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@bizrate[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@bluestreak[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@casalemedia[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@clickbank[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@collective-media[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@directtrack[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@doubleclick[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@eyewonder[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@fastclick[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@insightexpressai[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@interclick[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@media6degrees[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@mediapromoter[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@overture[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@realmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@revsci[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@socialmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@statcounter[2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@tacoda[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@zedo[1].txt
Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]
Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved
Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1552OINADMIN.EXE-01D813FF.PF
Trojan.Fake-Drop/Gen
C:\WINDOWS\TEMP\SALM.EXE
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2
10/26/2008 3:17:53 PM
mbam-log-2008-10-26 (15-17-53).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 156431
Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hijack log to follow in next post.... If included in this post it exceeds 20000 characters.
Thank you in advance.
-
--------------------------------------------------------------------------------
Hijack Log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:05 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7401 bytes
-
Suspicious files to scan
Please go to VirSCAN.org FREE on-line scan service (http://virscan.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
C:\WINDOWS\ad.dll
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
[color="Red"]Important:[/color] Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.
-
Evilfantasy, Here is the log....
VirSCAN.org Scanned Report :
Scanned time : 2008/10/27 14:53:28 (PDT)
Scanner results: 5% Scanner(2/39) found malware!
File Name : ad.dll
File Size : 10240 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 4a431b1ae4b64eb4f7f3c22cabc1e6da
SHA1 : 0a3f6e7832908d80817bb5c688a059ebc12b759 6
Online report : http://virscan.org/report/caa960800c43c91099f6d568512c91db.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.23 2008.10.27 2008-10-27 1.43 -
AhnLab V3 2008.10.28.00 2008.10.28 2008-10-28 0.94 -
AntiVir 7.9.0.9 7.1.0.4 2008-10-27 1.43 -
Antiy 2.0.18 20081023.1512524 2008-10-23 0.02 -
Arcavir 1.0.5 200810271102 2008-10-27 1.21 -
Authentium 5.1.1 200810270445 2008-10-27 1.04 -
AVAST! 3.0.1 081027-0 2008-10-27 0.71 -
AVG 7.5.52.442 270.8.4/1750 2008-10-27 1.70 -
BitDefender 7.60825.1966464 7.21524 2008-10-28 3.24 Generic.Malware.Sdld!.6D230658 (suspected)
CA (VET) 9.0.0.143 31.6.6176 2008-10-27 5.07 -
ClamAV 0.94 8512 2008-10-28 0.01 -
Comodo 2.11 2.0.0.689 2008-10-27 0.42 -
CP Secure 1.1.0.715 2008.10.28 2008-10-28 6.35 -
Dr.Web 4.44.0.9170 2008.10.27 2008-10-27 3.36 -
ewido 4.0.0.2 2008.10.27 2008-10-27 2.92 -
F-Prot 4.4.4.56 20081027 2008-10-27 1.04 -
F-Secure 5.51.6100 2008.10.27.06 2008-10-27 3.62 -
Fortinet 2.81-3.113 9.679 2008-10-27 0.21 -
GData 19.1169/19.73 20081023 2008-10-23 2.61 -
ViRobot 20081027 2008.10.27 2008-10-27 0.40 -
Ikarus T3.1.01.44 2008.10.27.71740 2008-10-27 2.87 -
JiangMin 11.0.706 2008.10.26 2008-10-26 1.27 -
Kaspersky 5.5.10 2008.10.27 2008-10-27 0.03 -
KingSoft 2008.9.8.18 2008.10.27.17 2008-10-27 0.67 -
McAfee 5.3.00 5416 2008-10-27 2.19 -
Microsoft 1.4005 2008.10.27 2008-10-27 3.99 -
mks_vir 2.01 2008.10.27 2008-10-27 2.66 -
Norman 5.93.01 5.93.00 2008-10-27 5.47 -
Panda 9.05.01 2008.10.27 2008-10-27 2.27 -
Trend Micro 8.700-1004 5.622.22 2008-10-27 0.02 -
Quick Heal 9.50 2008.10.27 2008-10-27 1.84 -
Rising 20.0 21.01.02.00 2008-10-27 0.76 -
Sophos 2.79.0 4.34 2008-10-28 1.94 -
Sunbelt 3.1.1760.1 2349 2008-10-27 0.51 -
Symantec 1.3.0.24 20081027.003 2008-10-27 0.05 -
nProtect 2008-10-27.01 2340124 2008-10-27 4.29 Generic.Malware.Sdld!.6D230658
The Hacker 6.3.1.1 v00132 2008-10-27 0.45 -
VBA32 3.12.8.8 20081027.1037 2008-10-27 1.35 -
VirusBuster 4.5.11.10 10.90.15/652003 2008-10-27 0.84 -
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
- O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
- O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
- O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')
- O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"cdcb6378"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.
Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.
Delete the fixme.reg from the Desktop.
----------
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
For Windows XP Systems install the Recovery Console:
- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
-
Received a success message about adding to the registry. I will do the Combo fix now. :)
-
Here is the scan results from the Combofix....
ComboFix 08-10-27.02 - Compaq_Owner 2008-10-27 16:51:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -7:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Owner\Application Data\Adobe\crc.dat
C:\Program Files\sks~1
C:\Program Files\sks~1\??sks\
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\koyuxpjp.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\xFeOrtwa.ini
C:\WINDOWS\system32\xFeOrtwa.ini2
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-26 15:43 . 2008-10-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 13:30 . 2008-10-26 13:30 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 13:30 . 2008-10-26 13:30 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 12:36 . 2008-10-25 12:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-25 12:22 . 2008-10-26 13:35 57,388 --a------ C:\WINDOWS\system32\%LocalXml%
2008-10-25 09:43 . 2008-10-25 09:43 <DIR> d-------- C:\Program Files\Maxtor
2008-10-24 14:20 . 2008-10-24 14:32 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-24 14:20 . 2008-10-24 14:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-24 14:18 . 2008-10-24 14:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 16:57 3,619,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-24 14:18 . 2008-10-27 17:00 442,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-24 14:18 . 2008-10-27 16:57 30,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-24 14:18 . 2008-10-27 17:00 2,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-23 21:51 . 2008-10-23 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-23 19:07 . 2008-10-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 10:22 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 22:56 . 2008-10-22 22:56 <DIR> d-------- C:\Program Files\Gateway
2008-10-22 20:16 . 2008-10-22 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Maxtor
2008-10-22 20:15 . 2008-10-22 20:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-10-22 20:14 . 2008-10-22 20:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-22 19:31 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-22 19:31 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-21 10:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-21 10:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-21 10:30 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-21 10:30 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-21 10:30 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-21 10:30 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-21 10:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-21 10:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:30 --------- d-----w C:\Program Files\Java
2008-10-25 19:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-10-25 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-23 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-20 05:11 10,240 ----a-w C:\WINDOWS\ad.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-30 03:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-05-22 05:07 10,426 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-04-15 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wia1extulj1.sys]
@="\??\C:\WINDOWS\system32\drivers\wia1extulj1.sys"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^userinit.exe]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\userinit.exe
backup=C:\WINDOWS\pss\userinit.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdcb6378]
--a------ 2008-08-19 22:11 10240 C:\WINDOWS\ad.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 17:16 169312 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-24 19:15 7311360 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 17:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\services.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 wia1extulj1.sys;wia1extulj1.sys;C:\WINDOWS\system32\drivers\wia1extulj1.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-userinit - C:\WINDOWS\system32\ntos.exe
MSConfigStartUp-winlogon - C:\Documents and Settings\Compaq_Owner\svchost.exe
MSConfigStartUp-[system] - C:\WINDOWS\system32\drivers\services.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL =
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 -: HKLM-Main,SearchMigratedDefaultURL =
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 16:59:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-10-27 17:07:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 00:07:02
Pre-Run: 90,448,408,576 bytes free
Post-Run: 92,141,826,048 bytes free
214 --- E O F --- 2008-10-23 21:29:57
-
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
MSSECURITY1.209.4
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wia1extulj1.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdcb6378]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Here are the results... :-) From last instuction.
ComboFix 08-10-27.02 - Compaq_Owner 2008-10-27 18:06:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -7:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-10-26 15:44 . 2008-10-26 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-26 15:43 . 2008-10-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 13:30 . 2008-10-26 13:30 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 13:30 . 2008-10-26 13:30 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 12:36 . 2008-10-25 12:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-25 12:22 . 2008-10-26 13:35 57,388 --a------ C:\WINDOWS\system32\%LocalXml%
2008-10-25 09:43 . 2008-10-25 09:43 <DIR> d-------- C:\Program Files\Maxtor
2008-10-24 14:20 . 2008-10-27 17:22 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-24 14:20 . 2008-10-24 14:20 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-24 14:18 . 2008-10-24 14:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-24 14:18 . 2008-10-27 18:11 3,619,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-24 14:18 . 2008-10-27 18:11 483,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-24 14:18 . 2008-10-27 18:11 30,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-24 14:18 . 2008-10-27 18:11 2,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-23 21:51 . 2008-10-23 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-23 19:07 . 2008-10-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-23 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 10:22 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 10:22 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 22:56 . 2008-10-22 22:56 <DIR> d-------- C:\Program Files\Gateway
2008-10-22 20:16 . 2008-10-22 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Maxtor
2008-10-22 20:15 . 2008-10-22 20:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-10-22 20:14 . 2008-10-22 20:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-22 19:31 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-22 19:31 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-21 10:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-21 10:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-21 10:30 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-21 10:30 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-21 10:30 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-21 10:30 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-21 10:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-21 10:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:30 --------- d-----w C:\Program Files\Java
2008-10-25 19:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-10-25 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-23 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-20 05:11 10,240 ----a-w C:\WINDOWS\ad.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-30 03:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-05-22 05:07 10,426 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-27_17.06.30.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-24 21:17:52 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-19 00:39:18 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-10-28 01:12:14 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_144.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^userinit.exe]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\userinit.exe
backup=C:\WINDOWS\pss\userinit.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 17:16 169312 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-24 19:15 7311360 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 17:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\services.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 wia1extulj1.sys;wia1extulj1.sys;C:\WINDOWS\system32\drivers\wia1extulj1.sys [ ]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:12:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-27 18:20:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 01:20:47
ComboFix2.txt 2008-10-28 00:07:08
Pre-Run: 92,026,425,344 bytes free
Post-Run: 92,060,536,832 bytes free
182 --- E O F --- 2008-10-23 21:29:57
-
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Run CCleaner.
----------
Run this online scan.
This scanner requires Internet Explorer
Use the ESET Nod32 Online Scanner (http://www.eset.com/onlinescan/index.php)
1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
Also let me know how the computer is running now.
-
Thank you Evilfantasy ;D I deleted the Combofix and followed it by doing the nod32 scan and only came up with one file. So far so good, No pop up rundlls going on at all and the start up menu looks awesome with no annoying files. I will surely post again if any problems should arrise. Thank you sooooo much. :) Next post nod32 >>>>
system.
-
Here are the results from the nod32 program.
Scan Log
Version of virus signature database: 3561 (20081027)
Date: 10/27/2008 Time: 10:49:26 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT - error opening [4]
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {002E2FC3-4B0E-40AD-B70A-EFA06D101228} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {047FBCAF-3B64-497A-8722-268DB1B3ECAC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {0778773D-5444-4BA6-83B2-EC92D9BBF5F4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {0F119E1F-299C-41F6-BFFD-57337FFC8408} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1277D5E1-A261-492A-8B54-6C3436990D7A} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {179181C7-0D0E-4FBF-9908-4A7FE4FC1F2F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1B1D7CF2-3203-4249-8A62-C3D49A9AE43E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1CF1FDE2-B308-4376-B3BB-7D51A77328BA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1E1A95A9-855D-4A9A-84C0-4A62021DE8D4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {1E802289-7A45-4F84-B724-90184F470E8B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {22955022-DF17-435A-85CB-525DAD56676C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {27018A7A-BAC6-49DE-AAE7-012DFD70D789} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2998CC56-74D5-4481-8E0D-7C0FCD006D43} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2B47942C-673E-4678-8D1C-20AD427F622F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2CDECD41-EDF9-4FF4-8B45-E8C4187AF460} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2CE1AB38-78E5-40E0-8BE9-997C9E318C6E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {2E3801C4-4FEE-48CD-BB50-F9B8D4D4C035} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {32A06186-B752-40BB-8C66-185613C4DB71} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {358440C3-D0BB-445E-9448-F03FEAE62074} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {366E3D49-955C-48ED-8F23-907C62DF2290} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3826BB52-E591-4EEF-85BE-212FAF158FB1} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {386402FA-FFCA-49B1-B22D-FCDFD88461EE} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3AC030BB-5068-486E-BE2B-A789694B42C4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3B0A0E6C-397B-4E1C-93DF-76D298005654} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3CD9ADB6-DC21-42B2-8F70-1B17E6C72428} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {3DB3299F-D075-4DB6-9978-983310FAD40F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {405B52DD-64BA-4506-A8F3-F553FF2A3752} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {41B64D72-B377-45C7-8839-025AB8B3AD89} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {45D27275-C6F7-4DB3-B006-0B9CF4C01A0C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {47347928-FCAF-44B2-A58A-4D0ED9A78267} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4A081071-00E5-421A-BC2A-BC0A94AF72CB} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4E33434B-590B-4EB5-84B8-A9C48DB3E4F8} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4ED37BA7-3735-42A0-9454-5DBB38DF3AAD} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {4FE782B2-47FE-40DD-AF2A-6916AA551C1E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {535B051F-5E9B-40AA-9BDC-8461CC3F4836} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {55EC3007-D711-4AC9-A5DC-D82F3FE193D8} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {56EAEFB6-D23B-46A6-9190-2F2708E4E6C6} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {5C997445-02DF-4000-BF5D-71B3BB703852} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {5F225E7A-8C7E-48A7-A4E5-90FB7E6DA7A7} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {5FE8D34F-0842-4585-A255-87EBF64F51D5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6321D995-4235-47E3-9E84-E71AAA209BBC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {64EB28CB-060D-48FF-8786-E790F730B3D6} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {65AEDDC7-F0C7-4D6A-BBC4-8D6FBF5A4F4E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {65D86BC3-6C87-4A88-996F-186417E8E7E0} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {68AA5B8C-E2FE-45BE-ABC9-CB197914871F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {69B81F5F-7CE5-48B8-81E0-BB741966E8B5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {69E74E15-2B60-401A-B4D2-498356F7D1A0} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6AC6372E-5E86-486E-82FF-330FE6921F8E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6AEE8D7D-2EAB-423D-AB7B-CEC7F3BC4400} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6DA1B2EE-B7E5-481D-8795-8C5DF749A260} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6E9B4273-D802-4ED2-98A9-C9E9E0DE69CA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {6FCE033E-422A-4FDC-B658-9DC1E9F2F97E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {71ADD95B-867D-4C35-820F-2FF81E9D3A0C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {71E06D72-2749-4CEC-A3D7-4B4A022CB4EC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {779E798F-B58D-4124-B629-DAFF7E32BEB4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {79E4E369-DF48-49EA-97F1-699DDF5ED826} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7AE13654-66F1-45FA-8043-D2F9C0ABCA19} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7B290A51-D40D-4BFC-BE22-D8B8F27B9B0C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7B7A65D7-2194-4264-BFC3-84A28CEE870B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7C0685FC-B809-4209-8677-4C96003CD170} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7E9173F6-3D02-4EB5-BEB4-B45D1A298E97} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {7FD0403A-35E9-473C-8A91-1F75EBBE968D} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {81762D2A-F362-44C4-AC09-CDB3C23FD0FC} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {81E88E2A-5DDE-4A84-97B7-6700EA165F64} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {82185E31-B15C-4CC6-8040-48B31D3DB381} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {88084DD8-DBA4-48E1-9FE4-24252EABC333} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {886F9734-806F-4D42-9AB0-5728E17510F1} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {887FA121-C5AD-4FA7-8011-17646D53E08A} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {8B685236-F368-4B9F-A1E8-8AAC8FD4C6BA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 -
-
Continued nod32:
00-14-47.SBU » ZIP » {8C35F98B-992C-4706-B7E1-3A83F9AC2F0E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {8D7E9981-859E-4910-851E-F88FE7B2AA04} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {8E963F03-693D-4CE4-B89C-B34F152107A7} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {906DAEEE-6CD4-4836-8ABA-7C31ED308A1F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {92BFFE45-D99F-41EE-AF7E-BDD49C48198B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {94AE5456-058C-4496-9AFC-3AB63916EC17} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9A1E0002-F5A7-4F76-9F7A-9EF9706409A6} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9B64F197-1A72-4DB1-8DAF-EB08CB39FF34} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9C20C17B-49DF-4618-8E7B-7A921B480041} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {9CA0D8C0-8594-44CD-8F1A-0AF3E4ACBC1D} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {A02C8CC9-E8CF-41AB-9FA3-CCDC97F2901B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {A187C1EB-D775-47BF-912C-3C598F7AB10E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {A4F91F4B-6136-465C-879D-4210AD594E21} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AB28718B-051C-4FF1-BE1B-C33CAEB156DD} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AD8DF13C-A762-47C8-BEE0-1CD53A13C9DB} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AE493C1E-62D8-4649-9F7D-6B08C62DABA9} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {AE6855BC-E183-408F-AED8-893AB9CCB700} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {B55CB8CE-F036-4390-8850-F79A43520147} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {BB9BD23E-BD54-4031-B23C-E08BADF927FA} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C0FBF0AC-F65D-4E6C-906E-1D77E7EF39F1} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C1927E01-219E-4772-903C-2636B97FBDF5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C4C657C4-B731-45F9-883E-2672D263CE20} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {C5807513-2F5A-4CAF-8D33-C5054CAEA921} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {CE69E7D2-C2FD-4C95-B31A-4FEFA09519EF} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D08CBFA6-AEB5-40D0-97B4-2781F014BB51} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D5411CA5-9771-4F04-A4BE-F1DF4EBC3E6B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D98E8E40-B9EC-4E2E-A7E9-3B7DBC59940E} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {D9EBC7F3-60D2-45DC-8F45-14807167A80B} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {DA4B8F45-3BBF-4E12-B09A-62D3FA708428} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {DB595BCD-882E-499C-87FF-6D785267D1F0} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {DCB6DFBE-1016-419A-9889-7CCB9E70035C} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {E4D0729B-1DC8-48FC-8DD1-A30CFB0433F2} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EAB6E346-176C-499F-B1DB-A45E25668D4F} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EB517ACB-9765-4087-BC44-848A6CDAB7A5} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {ECF53E3A-9B9F-48CB-A99B-BBBC65DFF707} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EEFCBACF-733C-4191-91AD-1EFE3AE57EDD} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {EFFC33EB-97EC-4140-A318-179C65106598} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {F1EF6B5A-AC07-4DF1-8E47-C5EEA505EAF9} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {F235CC8A-227D-44FE-BEEF-33379030CDD8} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {F4D41250-F787-479F-ADEB-9131B7BC96D4} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {FB0D055B-24FC-46DE-8F90-A005911A7648} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » {FF64BF73-B647-4450-9945-FEBA367FE942} - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 00-14-47.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » whatsound.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_gzip.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » double_const.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_bufio.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_cgi.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_codecs.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_contains.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_dis.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_extcall.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_format.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_funcattrs.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_future3.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_gc.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_import.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_linuxaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_long_future.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_locale.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_long.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_marshal.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_normalization.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_mmap.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_mutants.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_new.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_nis.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_ossaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_quopri.py » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 2.1 Installation Files\openofficeorg4.cab » CAB » test_regex.py » MIME - is OK (internal scanning not
-
::) Eek, Lost my place. If you need to see I can create an attachment. it exceeds the 20000 characters.
-
I don't think I need to see the rest.
Everything found was not a problem.
Disable the System Restore Utility to prevent re-infection from an old one
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.
Now re-enable System Restore
To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.
Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.
-
Thank you Evilfantasy. Computer is running great now. No problems at all today. I see the recommended tools that you included with your last post. I was going to ask you about the Malwarebytes, and or the Superspyware program to be used (Not at the same time) with Kaspersky 2009. I want to make it as simple as possible for the owner of this computer in the hopes that its kept up to date to avoid future infections.
-
They can both be used along with Kaspersky.