Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop-up adverts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

pop-up adverts

Unread postby leepettit » December 3rd, 2008, 9:08 am

i am being plagued by pop-up ads; they always seem to appear with the prefix CiD..
I have Spybot and Malwarebytes Anti-Malware on my computer but they are unable to detect this problem. I have attached my Hijackthis scan, but Hijackthis was downloaded sometime after the problem first occurred; and its still occuring. would appreciate some advice

regards
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:17, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8e095d72-8aec-4c5e-96e2-141e0f531dbb} - C:\WINDOWS\system32\mawuwaha.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [norikowufi] Rundll32.exe "C:\WINDOWS\system32\fuhiheje.dll",s
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [magstest] C:\DOCUME~1\Lee\APPLIC~1\6432~1\Move Cast Idol.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL,C:\WINDOWS\system32\kefuyave.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 4796 bytes
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am
Advertisement
Register to Remove

Re: pop-up adverts

Unread postby mz30 » December 3rd, 2008, 10:05 am

Hi
I'm Mz30
I will be helping you with your malware issue's.
I am currently reviewing your hjt log and will post back soon with instructions.
As I am still in training, everything that I post to you, must be checked by an Admin or Moderator. Therefore there could be a delay between posts, but it shouldn't be too long.

  • The fixes i post, are for fixing your issues only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean,as even if you appear clean the chances are you are not.
  • Please bookmark or favourite this page. In case you need it as reference.
  • Please remember that all the staff here are volunteers and help in our free time and you will sometimes have to wait for a reply.

    Important
  • Please do not attempt to remove anything or fix anything unless i ask,This includes running any sort of anti-virus/spyware programs as they may make thing's harder to remove.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 4th, 2008, 3:03 pm

Ok thanks thats great news.
Look forward to hearing from you.

regards
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am

Re: pop-up adverts

Unread postby mz30 » December 4th, 2008, 8:06 pm

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 5th, 2008, 12:55 pm

Here we go;
Logfile of random's system information tool 1.04 (written by random/random)
Run by Lee at 2008-12-05 16:54:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 128 GB (89%) free of 144 GB
Total RAM: 1015 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:13, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\S1Q3C16J\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Lee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8e095d72-8aec-4c5e-96e2-141e0f531dbb} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 4632 bytes

info.txt logfile of random's system information tool 1.04 2008-12-05 16:54:15

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x9 -removeonly
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP LaserJet 3050/3052/3055/3390/3392 3.0-->"C:\Program Files\HP\Digital Imaging\{E94E150C-762B-4cd1-8A54-7228A07C0710}\setup\hpzscr01.exe" -datfile hppscr01.dat
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}\setup\hpzscr01.exe -datfile hposcr29.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Project 2000 SR-1-->MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O2 - BHO: (no name) - {016E64C6-1680-4CD2-8049-596BF89EE6FA} - C:\WINDOWS\system32\geBSMDTK.dll (file missing)
O2 - BHO: (no name) - {959C8AF2-CBE0-49B7-8891-0CC2E63D2521} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [BM46a44c37] Rundll32.exe "C:\WINDOWS\system32\qygrnpei.dll",s
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - Winlogon Notify: geBSMDTK - geBSMDTK.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: {0cc37b20-debf-8aaa-6294-d088239331b5} - {5b133932-880d-4926-aaa8-fbed02b73cc0} - C:\WINDOWS\system32\cqrpwe.dll (file missing)
O2 - BHO: (no name) - {7E970CC1-CD7D-4389-9568-33DDBA62F087} - C:\WINDOWS\system32\tuvUNEwU.dll
O2 - BHO: (no name) - {772D3A20-7219-4C1C-BCB8-3BA29AF22331} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {8988f4c0-40ad-43ba-98ee-c902b0a35627} - (no file)
O4 - HKLM\..\Run: [45977fab] rundll32.exe "C:\WINDOWS\system32\yhphikel.dll",b
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O2 - BHO: (no name) - {DC4939D9-FBEE-49FF-BB59-A76AC225F594} - C:\WINDOWS\system32\tuvUNEwU.dll
O2 - BHO: (no name) - {7E970CC1-CD7D-4389-9568-33DDBA62F087} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O2 - BHO: (no name) - {DC4939D9-FBEE-49FF-BB59-A76AC225F594} - C:\WINDOWS\system32\tuvUNEwU.dll (file missing)
O4 - HKCU\..\Run: [magstest] C:\DOCUME~1\Georgina\APPLIC~1\6432~1\Move Cast Idol.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://194.72.84.1/dana-cached/setup/J ... tupSP1.cab
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O2 - BHO: (no name) - {DC4939D9-FBEE-49FF-BB59-A76AC225F594} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8e095d72-8aec-4c5e-96e2-141e0f531dbb} - C:\WINDOWS\system32\mawuwaha.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [norikowufi] Rundll32.exe "C:\WINDOWS\system32\fuhiheje.dll",s
O4 - HKLM\..\Run: [norikowufi] Rundll32.exe "C:\WINDOWS\system32\fuhiheje.dll",s
O2 - BHO: (no name) - {8e095d72-8aec-4c5e-96e2-141e0f531dbb} - C:\WINDOWS\system32\mawuwaha.dll

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Sophos Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------



thanks!!

Lee
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am

Re: pop-up adverts

Unread postby mz30 » December 5th, 2008, 1:07 pm

Hi the text is incomplete can you please repost the whole text.

Thanks :)
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 5th, 2008, 1:32 pm

Apologies; you're right;

Logfile of random's system information tool 1.04 (written by random/random)
Run by Lee at 2008-12-05 17:30:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 128 GB (89%) free of 144 GB
Total RAM: 1015 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:46, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\S1Q3C16J\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Lee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8e095d72-8aec-4c5e-96e2-141e0f531dbb} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 4567 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AA1AD2B991854E21.job
C:\WINDOWS\tasks\AD86B41991952721.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2008-11-03 240696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e095d72-8aec-4c5e-96e2-141e0f531dbb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\45977fab]
C:\WINDOWS\system32\jrgfxnjy.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM46a44c37]
C:\WINDOWS\system32\mhnplfix.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-08 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2006-07-21 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Locks open bore help]
C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open\Mp3 Program.exe [2008-11-21 10965504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\magstest]
C:\DOCUME~1\Lee\APPLIC~1\6432~1\Move Cast Idol.exe [2008-11-16 550400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2006-07-21 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe [2006-05-12 1138688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2006-03-31 761856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-07-04 16250880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
C:\WINDOWS\SMINST\Scheduler.exe [2006-04-24 888832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2002-06-10 131584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"usnjsvc"=3
"PCA"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{016E64C6-1680-4CD2-8049-596BF89EE6FA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvUNEwU

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Lee\Local Settings\Temp\ckz_IBC2\winvnc.exe"="C:\Documents and Settings\Lee\Local Settings\Temp\ckz_IBC2\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Documents and Settings\Lee\Local Settings\Temp\ckz_NZPU\winvnc.exe"="C:\Documents and Settings\Lee\Local Settings\Temp\ckz_NZPU\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_FST6\winvnc.exe"="C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_FST6\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_5SL1\winvnc.exe"="C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_5SL1\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_1HAM\winvnc.exe"="C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_1HAM\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_CZF0\winvnc.exe"="C:\Documents and Settings\Georgina\Local Settings\Temp\ckz_CZF0\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Documents and Settings\Lee\Local Settings\Temp\winvnc.exe"="C:\Documents and Settings\Lee\Local Settings\Temp\winvnc.exe:*:Enabled:VNC server for Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\HPZnet01.exe"="C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\hppapd.exe"="C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\hppapd.exe:*:Enabled:hppapd.exe"
"C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\hppnicifs01.exe"="C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\hpntwkexe.exe"="C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-12-05 16:54:01 ----D---- C:\rsit
2008-11-16 10:06:15 ----D---- C:\Program Files\64 32
2008-11-16 10:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-16 10:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 10:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 20:48:04 ----D---- C:\Documents and Settings\Lee\Application Data\HPAppData
2008-11-12 20:45:39 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-11-12 20:40:49 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-11-12 20:40:48 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2008-11-12 20:39:59 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-11-12 20:39:59 ----RA---- C:\WINDOWS\system32\hpovst14.dll
2008-11-12 20:39:58 ----RA---- C:\WINDOWS\system32\hpotiop6.dll
2008-11-12 20:39:57 ----RA---- C:\WINDOWS\system32\hpowiax8.dll
2008-11-12 20:35:53 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-12 20:35:53 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-11-12 20:35:09 ----D---- C:\Program Files\Common Files\HP

======List of files/folders modified in the last 1 months======

2008-12-05 17:28:37 ----D---- C:\WINDOWS\Temp
2008-12-05 16:56:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 21:20:00 ----D---- C:\WINDOWS\system32
2008-12-04 21:20:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 15:20:07 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 15:20:07 ----D---- C:\WINDOWS
2008-12-03 12:37:28 ----D---- C:\WINDOWS\Prefetch
2008-12-01 20:54:59 ----SHD---- C:\WINDOWS\Installer
2008-12-01 20:54:59 ----HD---- C:\Config.Msi
2008-12-01 20:51:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-01 20:51:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-21 20:32:20 ----HD---- C:\WINDOWS\inf
2008-11-21 20:32:19 ----D---- C:\WINDOWS\Help
2008-11-21 20:30:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-20 21:35:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-17 15:57:36 ----D---- C:\Documents and Settings\Lee\Application Data\Juniper Networks
2008-11-16 10:06:36 ----SD---- C:\WINDOWS\Tasks
2008-11-16 10:06:36 ----D---- C:\Documents and Settings\Lee\Application Data\64 32
2008-11-16 10:06:29 ----D---- C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open
2008-11-16 10:06:15 ----RD---- C:\Program Files
2008-11-16 10:02:50 ----D---- C:\WINDOWS\Debug
2008-11-16 10:02:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 10:02:14 ----A---- C:\WINDOWS\imsins.BAK
2008-11-16 10:01:26 ----D---- C:\WINDOWS\WinSxS
2008-11-12 20:44:54 ----D---- C:\Program Files\HP
2008-11-12 20:42:14 ----D---- C:\Documents and Settings\Lee\Application Data\HP
2008-11-12 20:41:38 ----A---- C:\WINDOWS\win.ini
2008-11-12 20:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-11-12 20:40:04 ----D---- C:\WINDOWS\twain_32
2008-11-12 20:38:12 ----D---- C:\Program Files\Hewlett-Packard
2008-11-12 20:35:09 ----D---- C:\Program Files\Common Files
2008-11-12 20:34:27 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-07-18 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-07-18 35584]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-04 4306944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2006-04-07 67584]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-08 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 18432]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 14976]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-22 611664]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-09-22 69632]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2008-04-04 172032]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-09 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-06-13 364544]

-----------------EOF-----------------
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am

Re: pop-up adverts

Unread postby mz30 » December 6th, 2008, 7:58 am

Download and run Combofix

Please visit this webpage for download links, and instructions for running the tool:
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
* IMPORTANT !!! Save ComboFix.exe to your Desktop

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this topic if you need help to disable your protection programs.
Please include the C:\ComboFix.txt in your next reply for further review.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 8th, 2008, 10:17 am

combo fix log attached; hopefully I did it correctly!

ComboFix 08-12-07.01 - Lee 2008-12-08 14:08:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.596 [GMT 0:00]
Running from: c:\documents and settings\Lee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lee\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\aascvkjf.ini
c:\windows\system32\hpowiax8.dll
c:\windows\system32\lekihphy.ini
c:\windows\system32\x64
c:\windows\system32\xssjanvq.ini
c:\windows\system32\yjnxfgrj.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-05 16:54 . 2008-12-05 16:54 <DIR> d-------- C:\rsit
2008-11-21 07:33 . 2008-11-21 07:33 <DIR> d-------- c:\documents and settings\James\Application Data\Malwarebytes
2008-11-21 07:30 . 2008-11-21 07:51 <DIR> d-------- c:\documents and settings\James\Application Data\HPAppData
2008-11-16 10:06 . 2008-11-16 10:06 <DIR> d-------- c:\program files\64 32
2008-11-16 09:45 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-16 09:45 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:48 . 2008-12-08 13:34 <DIR> d-------- c:\documents and settings\Lee\Application Data\HPAppData
2008-11-12 20:45 . 2008-11-12 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-12 20:40 . 2008-02-12 03:49 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-12 20:40 . 2008-02-07 10:26 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-11-12 20:39 . 2007-10-30 09:22 970,752 -ra------ c:\windows\system32\hpotiop6.dll
2008-11-12 20:39 . 2007-10-30 09:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-12 20:39 . 2007-10-30 09:22 303,104 -ra------ c:\windows\system32\hpovst14.dll
2008-11-12 20:35 . 2008-11-12 20:35 <DIR> d-------- c:\program files\Common Files\HP
2008-11-12 20:35 . 2008-11-12 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-12 20:35 . 2008-11-12 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-12 20:32 . 2008-11-12 20:45 157,508 --a------ c:\windows\hpoins29.dat
2008-11-12 20:32 . 2008-02-20 04:36 986 --------- c:\windows\hpomdl29.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 14:09 --------- d-----w c:\documents and settings\Lee\Application Data\64 32
2008-12-08 14:09 --------- d-----w c:\documents and settings\All Users\Application Data\Dumb Save Locks Open
2008-12-03 11:28 --------- d-----w c:\documents and settings\James\Application Data\64 32
2008-11-21 20:30 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 15:57 --------- d-----w c:\documents and settings\Lee\Application Data\Juniper Networks
2008-11-12 20:44 --------- d-----w c:\program files\HP
2008-11-12 20:42 --------- d-----w c:\documents and settings\Lee\Application Data\HP
2008-11-12 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-12 20:38 --------- d-----w c:\program files\Hewlett-Packard
2008-10-28 15:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-28 10:49 97,056 ----a-w c:\documents and settings\Lee\Application Data\GDIPFONTCACHEV1.DAT
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 13:37 --------- d-----w c:\documents and settings\Lee\Application Data\Apple Computer
2008-10-21 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 16:14 149 ----a-w C:\runme.bat
2008-09-19 16:11 2,336,729 ----a-w C:\433_ides.zip
2008-09-19 16:09 15,554,616 ----a-w C:\sav32sfx.exe
2008-09-19 15:51 73,615 ----a-w C:\PendMoves.zip
2008-09-19 15:36 11,353 ----a-w C:\runthis.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 245760]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(3).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-07-21 11:48 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-07-21 11:47 81920 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2006-05-12 19:50 1138688 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-31 21:44 761856 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-04-24 17:42 888832 c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 18:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-13 09:42 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2008-04-14 00:12 143360 c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-08 00:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-04 15:26 16250880 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PCA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2008-08-07 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2008-08-07 35584]
R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-09-22 69632]
R2 SAVService;Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SavService.exe" [2008-08-21 98304]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-10-01 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-12-08 c:\windows\Tasks\AA1AD2B991854E21.job
- c:\docume~1\james\applic~1\6432~1\Mfcd Memo Atom.exe [2008-07-06 11:37]

2008-12-08 c:\windows\Tasks\AD86B41991952721.job
- c:\docume~1\lee\applic~1\6432~1\Mfcd Memo Atom.exe []

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8e095d72-8aec-4c5e-96e2-141e0f531dbb} - (no file)
ShellExecuteHooks-{016E64C6-1680-4CD2-8049-596BF89EE6FA} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-45977fab - c:\windows\system32\jrgfxnjy.dll
MSConfigStartUp-BM46a44c37 - c:\windows\system32\mhnplfix.dll
MSConfigStartUp-Locks open bore help - c:\documents and settings\All Users\Application Data\Dumb Save Locks Open\Mp3 Program.exe
MSConfigStartUp-magstest - c:\docume~1\Lee\APPLIC~1\6432~1\Move Cast Idol.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FireFox -: Profile - c:\documents and settings\Lee\Application Data\Mozilla\Firefox\Profiles\39n6wqtf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.co.uk/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 14:11:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\WgaTray.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Sophos\AutoUpdate\ALsvc.exe
.
**************************************************************************
.
Completion time: 2008-12-08 14:13:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 14:13:00

Pre-Run: 134,081,060,864 bytes free
Post-Run: 134,145,196,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

200 --- E O F --- 2008-11-16 10:04:31
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am

Re: pop-up adverts

Unread postby mz30 » December 8th, 2008, 2:21 pm

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

---------------------------------------------

Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.

In your next reply please post
  • C:\lopR.txt
  • kasperky log
  • A fresh hijack this log taken after the above has run.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 10th, 2008, 6:12 am

so far so good.......


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lee ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:124 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 10/12/2008| 8:33 )

--------------------\\ Listing folders in APPLIC~1

[19/11/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Blackberry Desktop
[19/11/2007|11:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[05/07/2007|10:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/11/2007|11:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[10/09/2008|08:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[19/11/2007|11:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[19/11/2007|12:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Research In Motion
[22/10/2006|00:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[19/11/2007|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[08/06/2007|14:01] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Google
[08/06/2007|13:51] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Identities
[08/06/2007|14:00] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Symantec

[13/05/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/05/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07/05/2008|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[08/12/2008|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dumb Save Locks Open
[19/09/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/11/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[12/11/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[12/11/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[22/07/2008|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[07/08/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[27/09/2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/05/2007|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[07/08/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sophos
[21/10/2008|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/05/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[12/12/2006|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[12/11/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[11/05/2007|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/09/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/03/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[21/10/2006|23:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[22/10/2006|00:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec


[03/12/2008|11:28] C:\DOCUME~1\James\APPLIC~1\64 32
[25/05/2008|13:24] C:\DOCUME~1\James\APPLIC~1\Adobe
[16/03/2008|18:36] C:\DOCUME~1\James\APPLIC~1\Google
[16/03/2008|18:34] C:\DOCUME~1\James\APPLIC~1\HP
[21/11/2008|07:51] C:\DOCUME~1\James\APPLIC~1\HPAppData
[21/10/2006|23:57] C:\DOCUME~1\James\APPLIC~1\Identities
[16/03/2008|18:35] C:\DOCUME~1\James\APPLIC~1\Macromedia
[21/11/2008|07:33] C:\DOCUME~1\James\APPLIC~1\Malwarebytes
[28/09/2008|16:02] C:\DOCUME~1\James\APPLIC~1\Microsoft
[16/03/2008|18:39] C:\DOCUME~1\James\APPLIC~1\MSNInstaller
[28/03/2008|21:25] C:\DOCUME~1\James\APPLIC~1\Real
[16/03/2008|18:34] C:\DOCUME~1\James\APPLIC~1\Research In Motion
[22/10/2006|00:16] C:\DOCUME~1\James\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\James\APPLIC~1\Symantec
[09/04/2008|18:43] C:\DOCUME~1\James\APPLIC~1\Yahoo!

[08/12/2008|14:09] C:\DOCUME~1\Lee\APPLIC~1\64 32
[13/05/2008|08:04] C:\DOCUME~1\Lee\APPLIC~1\Adobe
[13/05/2008|09:11] C:\DOCUME~1\Lee\APPLIC~1\AdobeUM
[22/10/2008|13:37] C:\DOCUME~1\Lee\APPLIC~1\Apple Computer
[29/11/2007|08:48] C:\DOCUME~1\Lee\APPLIC~1\Google
[23/03/2008|11:18] C:\DOCUME~1\Lee\APPLIC~1\Help
[12/11/2008|20:42] C:\DOCUME~1\Lee\APPLIC~1\HP
[08/12/2008|13:34] C:\DOCUME~1\Lee\APPLIC~1\HPAppData
[21/10/2006|23:57] C:\DOCUME~1\Lee\APPLIC~1\Identities
[17/11/2008|15:57] C:\DOCUME~1\Lee\APPLIC~1\Juniper Networks
[29/11/2007|08:48] C:\DOCUME~1\Lee\APPLIC~1\Macromedia
[07/08/2008|12:17] C:\DOCUME~1\Lee\APPLIC~1\Malwarebytes
[11/09/2008|08:45] C:\DOCUME~1\Lee\APPLIC~1\Microsoft
[20/02/2008|13:51] C:\DOCUME~1\Lee\APPLIC~1\Microsoft Web Folders
[10/06/2008|14:41] C:\DOCUME~1\Lee\APPLIC~1\Mozilla
[19/09/2008|15:16] C:\DOCUME~1\Lee\APPLIC~1\MSNInstaller
[01/08/2008|17:34] C:\DOCUME~1\Lee\APPLIC~1\Real
[22/10/2006|00:16] C:\DOCUME~1\Lee\APPLIC~1\SampleView
[19/01/2008|14:33] C:\DOCUME~1\Lee\APPLIC~1\Sony Corporation
[29/11/2007|10:42] C:\DOCUME~1\Lee\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\Lee\APPLIC~1\Symantec
[10/06/2008|14:42] C:\DOCUME~1\Lee\APPLIC~1\Talkback
[31/03/2008|16:57] C:\DOCUME~1\Lee\APPLIC~1\Yahoo!

[02/07/2007|10:28] C:\DOCUME~1\LeeP\APPLIC~1\Adobe
[03/07/2007|08:12] C:\DOCUME~1\LeeP\APPLIC~1\AdobeUM
[15/01/2007|11:10] C:\DOCUME~1\LeeP\APPLIC~1\Google
[14/12/2006|10:45] C:\DOCUME~1\LeeP\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\LeeP\APPLIC~1\Identities
[21/05/2007|10:45] C:\DOCUME~1\LeeP\APPLIC~1\InterVideo
[15/01/2007|10:15] C:\DOCUME~1\LeeP\APPLIC~1\Macromedia
[19/03/2007|17:15] C:\DOCUME~1\LeeP\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\LeeP\APPLIC~1\SampleView
[02/07/2007|13:38] C:\DOCUME~1\LeeP\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\LeeP\APPLIC~1\Symantec

[02/07/2007|13:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[21/10/2006|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[21/10/2006|23:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08/12/2008 14:00][--ah-----] C:\WINDOWS\tasks\AD86B41991952721.job
[08/12/2008 14:00][--ah-----] C:\WINDOWS\tasks\AA1AD2B991854E21.job
[05/12/2008 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/12/2008 08:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 02:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( AA1AD2B991854E21.job )=( c:\docume~1\james\applic~1\6432~1\MfcdMemoAtom.exe )
( AD86B41991952721.job )=( c:\docume~1\lee\applic~1\6432~1\MfcdMemoAtom.exe )

--------------------\\ Listing Folders in C:\Program Files

[16/11/2008|10:06] C:\Program Files\64 32
[22/10/2006|00:10] C:\Program Files\Adobe
[07/05/2008|15:00] C:\Program Files\Apple Software Update
[07/05/2008|15:01] C:\Program Files\Bonjour
[22/10/2006|00:13] C:\Program Files\Broadcom
[20/08/2008|07:55] C:\Program Files\CCleaner
[08/12/2008|14:09] C:\Program Files\Common Files
[19/09/2008|15:18] C:\Program Files\Compaq
[21/10/2006|23:57] C:\Program Files\ComPlus Applications
[19/09/2008|15:22] C:\Program Files\Google
[12/11/2008|20:38] C:\Program Files\Hewlett-Packard
[07/08/2008|11:30] C:\Program Files\HijackThis
[12/11/2008|20:44] C:\Program Files\HP
[22/10/2006|00:11] C:\Program Files\HPQ
[05/01/2008|18:28] C:\Program Files\InstallShield Installation Information
[20/09/2008|10:01] C:\Program Files\Internet Explorer
[22/10/2006|00:10] C:\Program Files\InterVideo
[07/05/2008|15:01] C:\Program Files\iPod
[07/05/2008|15:01] C:\Program Files\iTunes
[22/10/2006|00:08] C:\Program Files\Java
[22/07/2008|09:18] C:\Program Files\Lavasoft
[28/10/2008|15:53] C:\Program Files\Malwarebytes' Anti-Malware
[20/09/2008|11:30] C:\Program Files\Messenger
[27/11/2007|20:18] C:\Program Files\Microsoft ActiveSync
[27/11/2007|21:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/10/2006|23:57] C:\Program Files\microsoft frontpage
[20/02/2008|13:51] C:\Program Files\Microsoft Office
[12/12/2006|14:16] C:\Program Files\Microsoft Visual Studio
[12/12/2006|14:09] C:\Program Files\Microsoft Windows Small Business Server
[12/12/2006|14:22] C:\Program Files\Microsoft Works
[12/12/2006|14:16] C:\Program Files\Microsoft.NET
[20/09/2008|10:01] C:\Program Files\Movie Maker
[07/08/2008|11:27] C:\Program Files\Mozilla Firefox
[19/09/2008|15:16] C:\Program Files\MSN
[21/10/2006|23:57] C:\Program Files\MSN Gaming Zone
[15/12/2006|03:00] C:\Program Files\MSXML 4.0
[20/09/2008|09:58] C:\Program Files\NetMeeting
[21/10/2006|23:57] C:\Program Files\Online Services
[20/09/2008|09:58] C:\Program Files\Outlook Express
[12/12/2006|14:03] C:\Program Files\Program Shortcuts
[07/05/2008|15:01] C:\Program Files\QuickTime
[23/03/2008|10:22] C:\Program Files\Real
[22/10/2006|00:10] C:\Program Files\Realtek
[19/11/2007|12:06] C:\Program Files\Research In Motion
[05/01/2008|18:27] C:\Program Files\Sony
[07/08/2008|11:08] C:\Program Files\Sophos
[21/11/2008|20:30] C:\Program Files\Spybot - Search & Destroy
[20/08/2008|07:52] C:\Program Files\Trend Micro
[21/10/2006|23:57] C:\Program Files\Uninstall Information
[27/09/2008|18:25] C:\Program Files\Windows Live
[19/09/2008|15:14] C:\Program Files\Windows Live Toolbar
[20/09/2008|10:01] C:\Program Files\Windows Media Player
[20/09/2008|09:58] C:\Program Files\Windows NT
[21/10/2006|23:57] C:\Program Files\WindowsUpdate
[21/10/2006|23:57] C:\Program Files\xerox
[02/08/2008|09:50] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[13/05/2008|09:12] C:\Program Files\Common Files\Adobe
[07/05/2008|15:00] C:\Program Files\Common Files\Apple
[07/08/2008|11:05] C:\Program Files\Common Files\Cisco Systems
[12/12/2006|14:16] C:\Program Files\Common Files\DESIGNER
[08/06/2007|15:14] C:\Program Files\Common Files\EPSON
[14/12/2006|10:41] C:\Program Files\Common Files\Hewlett-Packard
[12/11/2008|20:35] C:\Program Files\Common Files\HP
[19/11/2007|12:04] C:\Program Files\Common Files\InstallShield
[22/10/2006|00:07] C:\Program Files\Common Files\Java
[12/12/2006|14:16] C:\Program Files\Common Files\L&H
[19/09/2008|15:15] C:\Program Files\Common Files\Microsoft Shared
[21/10/2006|23:57] C:\Program Files\Common Files\MSSoap
[21/10/2006|23:57] C:\Program Files\Common Files\ODBC
[01/08/2008|17:35] C:\Program Files\Common Files\Real
[21/10/2006|23:57] C:\Program Files\Common Files\Services
[21/10/2006|23:57] C:\Program Files\Common Files\SpeechEngines
[14/12/2006|10:37] C:\Program Files\Common Files\SWF Studio
[12/12/2006|14:07] C:\Program Files\Common Files\Symantec Shared
[20/09/2008|09:58] C:\Program Files\Common Files\System
[26/11/2007|21:56] C:\Program Files\Common Files\WindowsLiveInstaller
[22/07/2008|09:16] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 29 Processes )

iexplore.exe ~ [PID:2784]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\James\APPLIC~1\6432~1
C:\DOCUME~1\James\APPLIC~1\6432~1\jortscja.exe
C:\DOCUME~1\James\APPLIC~1\6432~1\Mfcd Memo Atom.exe
C:\DOCUME~1\James\APPLIC~1\6432~1\wave time drive mpeg.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1
C:\DOCUME~1\Lee\APPLIC~1\6432~1\bkjvvfpo.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\bwuvrguy.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\ietibaat.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\wave time drive mpeg.exe
C:\Program Files\6432~1
C:\DOCUME~1\Lee\Cookies\lee@adultfriendfinder[1].txt
C:\DOCUME~1\Lee\Cookies\lee@adopt.euroclick[1].txt
C:\DOCUME~1\Lee\Cookies\lee@partypoker[2].txt
C:\WINDOWS\Tasks\AA1AD2B991854E21.job
C:\WINDOWS\Tasks\AD86B41991952721.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 08:34:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:5][D:0]-> C:\DOCUME~1\Lee\LOCALS~1\Temp
[F:91][D:0]-> C:\DOCUME~1\Lee\Cookies
[F:872][D:4]-> C:\DOCUME~1\Lee\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/12/2008| 8:34 - Option : [1]

--------------------\\ Scan completed at 8:34:58
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 10, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 21:19:47
Records in database: 1448136
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 53426
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:14:40


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bankfraud.ci 1
C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open\Defy Anti.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Documents and Settings\James\Application Data\64 32\Mfcd Memo Atom.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Documents and Settings\Lee\Application Data\64 32\bwuvrguy.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Documents and Settings\Lee\Application Data\64 32\wave time drive mpeg.exe Infected: Trojan.Win32.Obfuscated.gen 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:02, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=26688
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 5550 bytes
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am

Re: pop-up adverts

Unread postby mz30 » December 10th, 2008, 8:13 am

Lop S&D-Option 4

Select the entire area below, then right-click and choose Copy
C:\DOCUME~1\James\APPLIC~1\6432~1
C:\DOCUME~1\James\APPLIC~1\6432~1\jortscja.exe
C:\DOCUME~1\James\APPLIC~1\6432~1\Mfcd Memo Atom.exe
C:\DOCUME~1\James\APPLIC~1\6432~1\wave time drive mpeg.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1
C:\DOCUME~1\Lee\APPLIC~1\6432~1\bkjvvfpo.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\bwuvrguy.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\ietibaat.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\wave time drive mpeg.exe
C:\Program Files\6432~1
C:\WINDOWS\Tasks\AA1AD2B991854E21.job
C:\WINDOWS\Tasks\AD86B41991952721.job

Double click LopSD.exe to start the program.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 4 to choose Option 4 (LopScript), then press Enter
  • A blank page will be opened, right-click it and choose Paste
  • Close the page, you'll be asked to save it, click Save
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 10th, 2008, 8:48 am

here we go!...


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lee ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:124 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [4] ( 10/12/2008|12:40 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\DOCUME~1\James\APPLIC~1\6432~1
C:\DOCUME~1\James\APPLIC~1\6432~1\jortscja.exe
C:\DOCUME~1\James\APPLIC~1\6432~1\Mfcd Memo Atom.exe
C:\DOCUME~1\James\APPLIC~1\6432~1\wave time drive mpeg.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1
C:\DOCUME~1\Lee\APPLIC~1\6432~1\bkjvvfpo.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\bwuvrguy.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\ietibaat.exe
C:\DOCUME~1\Lee\APPLIC~1\6432~1\wave time drive mpeg.exe
C:\Program Files\6432~1
C:\WINDOWS\Tasks\AA1AD2B991854E21.job
C:\WINDOWS\Tasks\AD86B41991952721.job


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

... C:\DOCUME~1\James\APPLIC~1\6432~1\jortscja.exe -> does not exist !
Deleted! - C:\DOCUME~1\James\APPLIC~1\6432~1\Mfcd Memo Atom.exe
... C:\DOCUME~1\James\APPLIC~1\6432~1\wave time drive mpeg.exe -> does not exist !
... C:\DOCUME~1\Lee\APPLIC~1\6432~1\bkjvvfpo.exe -> does not exist !
Deleted! - C:\DOCUME~1\Lee\APPLIC~1\6432~1\bwuvrguy.exe
... C:\DOCUME~1\Lee\APPLIC~1\6432~1\ietibaat.exe -> does not exist !
Deleted! - C:\DOCUME~1\Lee\APPLIC~1\6432~1\wave time drive mpeg.exe
Deleted! - C:\WINDOWS\Tasks\AA1AD2B991854E21.job
Deleted! - C:\WINDOWS\Tasks\AD86B41991952721.job
Deleted! - C:\DOCUME~1\James\APPLIC~1\6432~1
Deleted! - C:\DOCUME~1\Lee\APPLIC~1\6432~1
Deleted! - C:\Program Files\6432~1
Deleted! - C:\DOCUME~1\Lee\Cookies\lee@adopt.euroclick[1].txt
Deleted! - C:\DOCUME~1\Lee\Cookies\lee@partypoker[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[19/11/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Blackberry Desktop
[19/11/2007|11:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[05/07/2007|10:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/11/2007|11:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[10/09/2008|08:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[19/11/2007|11:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[19/11/2007|12:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Research In Motion
[22/10/2006|00:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[19/11/2007|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[08/06/2007|14:01] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Google
[08/06/2007|13:51] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Identities
[08/06/2007|14:00] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Symantec

[13/05/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/05/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07/05/2008|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[10/12/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dumb Save Locks Open
[19/09/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/11/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[12/11/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[12/11/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[22/07/2008|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[07/08/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[27/09/2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/05/2007|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[07/08/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sophos
[21/10/2008|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/05/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[12/12/2006|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[12/11/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[11/05/2007|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/09/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/03/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[21/10/2006|23:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[22/10/2006|00:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec


[25/05/2008|13:24] C:\DOCUME~1\James\APPLIC~1\Adobe
[16/03/2008|18:36] C:\DOCUME~1\James\APPLIC~1\Google
[16/03/2008|18:34] C:\DOCUME~1\James\APPLIC~1\HP
[21/11/2008|07:51] C:\DOCUME~1\James\APPLIC~1\HPAppData
[21/10/2006|23:57] C:\DOCUME~1\James\APPLIC~1\Identities
[16/03/2008|18:35] C:\DOCUME~1\James\APPLIC~1\Macromedia
[21/11/2008|07:33] C:\DOCUME~1\James\APPLIC~1\Malwarebytes
[28/09/2008|16:02] C:\DOCUME~1\James\APPLIC~1\Microsoft
[16/03/2008|18:39] C:\DOCUME~1\James\APPLIC~1\MSNInstaller
[28/03/2008|21:25] C:\DOCUME~1\James\APPLIC~1\Real
[16/03/2008|18:34] C:\DOCUME~1\James\APPLIC~1\Research In Motion
[22/10/2006|00:16] C:\DOCUME~1\James\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\James\APPLIC~1\Symantec
[09/04/2008|18:43] C:\DOCUME~1\James\APPLIC~1\Yahoo!

[13/05/2008|08:04] C:\DOCUME~1\Lee\APPLIC~1\Adobe
[13/05/2008|09:11] C:\DOCUME~1\Lee\APPLIC~1\AdobeUM
[22/10/2008|13:37] C:\DOCUME~1\Lee\APPLIC~1\Apple Computer
[29/11/2007|08:48] C:\DOCUME~1\Lee\APPLIC~1\Google
[23/03/2008|11:18] C:\DOCUME~1\Lee\APPLIC~1\Help
[12/11/2008|20:42] C:\DOCUME~1\Lee\APPLIC~1\HP
[10/12/2008|08:31] C:\DOCUME~1\Lee\APPLIC~1\HPAppData
[21/10/2006|23:57] C:\DOCUME~1\Lee\APPLIC~1\Identities
[17/11/2008|15:57] C:\DOCUME~1\Lee\APPLIC~1\Juniper Networks
[29/11/2007|08:48] C:\DOCUME~1\Lee\APPLIC~1\Macromedia
[07/08/2008|12:17] C:\DOCUME~1\Lee\APPLIC~1\Malwarebytes
[11/09/2008|08:45] C:\DOCUME~1\Lee\APPLIC~1\Microsoft
[20/02/2008|13:51] C:\DOCUME~1\Lee\APPLIC~1\Microsoft Web Folders
[10/06/2008|14:41] C:\DOCUME~1\Lee\APPLIC~1\Mozilla
[19/09/2008|15:16] C:\DOCUME~1\Lee\APPLIC~1\MSNInstaller
[01/08/2008|17:34] C:\DOCUME~1\Lee\APPLIC~1\Real
[22/10/2006|00:16] C:\DOCUME~1\Lee\APPLIC~1\SampleView
[19/01/2008|14:33] C:\DOCUME~1\Lee\APPLIC~1\Sony Corporation
[29/11/2007|10:42] C:\DOCUME~1\Lee\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\Lee\APPLIC~1\Symantec
[10/06/2008|14:42] C:\DOCUME~1\Lee\APPLIC~1\Talkback
[31/03/2008|16:57] C:\DOCUME~1\Lee\APPLIC~1\Yahoo!

[02/07/2007|10:28] C:\DOCUME~1\LeeP\APPLIC~1\Adobe
[03/07/2007|08:12] C:\DOCUME~1\LeeP\APPLIC~1\AdobeUM
[15/01/2007|11:10] C:\DOCUME~1\LeeP\APPLIC~1\Google
[14/12/2006|10:45] C:\DOCUME~1\LeeP\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\LeeP\APPLIC~1\Identities
[21/05/2007|10:45] C:\DOCUME~1\LeeP\APPLIC~1\InterVideo
[15/01/2007|10:15] C:\DOCUME~1\LeeP\APPLIC~1\Macromedia
[19/03/2007|17:15] C:\DOCUME~1\LeeP\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\LeeP\APPLIC~1\SampleView
[02/07/2007|13:38] C:\DOCUME~1\LeeP\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\LeeP\APPLIC~1\Symantec

[02/07/2007|13:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[21/10/2006|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[21/10/2006|23:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/12/2008 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/12/2008 08:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 02:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[22/10/2006|00:10] C:\Program Files\Adobe
[07/05/2008|15:00] C:\Program Files\Apple Software Update
[07/05/2008|15:01] C:\Program Files\Bonjour
[22/10/2006|00:13] C:\Program Files\Broadcom
[20/08/2008|07:55] C:\Program Files\CCleaner
[08/12/2008|14:09] C:\Program Files\Common Files
[19/09/2008|15:18] C:\Program Files\Compaq
[21/10/2006|23:57] C:\Program Files\ComPlus Applications
[19/09/2008|15:22] C:\Program Files\Google
[12/11/2008|20:38] C:\Program Files\Hewlett-Packard
[07/08/2008|11:30] C:\Program Files\HijackThis
[12/11/2008|20:44] C:\Program Files\HP
[22/10/2006|00:11] C:\Program Files\HPQ
[05/01/2008|18:28] C:\Program Files\InstallShield Installation Information
[20/09/2008|10:01] C:\Program Files\Internet Explorer
[22/10/2006|00:10] C:\Program Files\InterVideo
[07/05/2008|15:01] C:\Program Files\iPod
[07/05/2008|15:01] C:\Program Files\iTunes
[10/12/2008|08:42] C:\Program Files\Java
[22/07/2008|09:18] C:\Program Files\Lavasoft
[28/10/2008|15:53] C:\Program Files\Malwarebytes' Anti-Malware
[20/09/2008|11:30] C:\Program Files\Messenger
[27/11/2007|20:18] C:\Program Files\Microsoft ActiveSync
[27/11/2007|21:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/10/2006|23:57] C:\Program Files\microsoft frontpage
[20/02/2008|13:51] C:\Program Files\Microsoft Office
[12/12/2006|14:16] C:\Program Files\Microsoft Visual Studio
[12/12/2006|14:09] C:\Program Files\Microsoft Windows Small Business Server
[12/12/2006|14:22] C:\Program Files\Microsoft Works
[12/12/2006|14:16] C:\Program Files\Microsoft.NET
[20/09/2008|10:01] C:\Program Files\Movie Maker
[07/08/2008|11:27] C:\Program Files\Mozilla Firefox
[19/09/2008|15:16] C:\Program Files\MSN
[21/10/2006|23:57] C:\Program Files\MSN Gaming Zone
[15/12/2006|03:00] C:\Program Files\MSXML 4.0
[20/09/2008|09:58] C:\Program Files\NetMeeting
[21/10/2006|23:57] C:\Program Files\Online Services
[20/09/2008|09:58] C:\Program Files\Outlook Express
[12/12/2006|14:03] C:\Program Files\Program Shortcuts
[07/05/2008|15:01] C:\Program Files\QuickTime
[23/03/2008|10:22] C:\Program Files\Real
[22/10/2006|00:10] C:\Program Files\Realtek
[19/11/2007|12:06] C:\Program Files\Research In Motion
[05/01/2008|18:27] C:\Program Files\Sony
[07/08/2008|11:08] C:\Program Files\Sophos
[21/11/2008|20:30] C:\Program Files\Spybot - Search & Destroy
[20/08/2008|07:52] C:\Program Files\Trend Micro
[21/10/2006|23:57] C:\Program Files\Uninstall Information
[27/09/2008|18:25] C:\Program Files\Windows Live
[19/09/2008|15:14] C:\Program Files\Windows Live Toolbar
[20/09/2008|10:01] C:\Program Files\Windows Media Player
[20/09/2008|09:58] C:\Program Files\Windows NT
[21/10/2006|23:57] C:\Program Files\WindowsUpdate
[21/10/2006|23:57] C:\Program Files\xerox
[02/08/2008|09:50] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[13/05/2008|09:12] C:\Program Files\Common Files\Adobe
[07/05/2008|15:00] C:\Program Files\Common Files\Apple
[07/08/2008|11:05] C:\Program Files\Common Files\Cisco Systems
[12/12/2006|14:16] C:\Program Files\Common Files\DESIGNER
[08/06/2007|15:14] C:\Program Files\Common Files\EPSON
[14/12/2006|10:41] C:\Program Files\Common Files\Hewlett-Packard
[12/11/2008|20:35] C:\Program Files\Common Files\HP
[19/11/2007|12:04] C:\Program Files\Common Files\InstallShield
[22/10/2006|00:07] C:\Program Files\Common Files\Java
[12/12/2006|14:16] C:\Program Files\Common Files\L&H
[19/09/2008|15:15] C:\Program Files\Common Files\Microsoft Shared
[21/10/2006|23:57] C:\Program Files\Common Files\MSSoap
[21/10/2006|23:57] C:\Program Files\Common Files\ODBC
[01/08/2008|17:35] C:\Program Files\Common Files\Real
[21/10/2006|23:57] C:\Program Files\Common Files\Services
[21/10/2006|23:57] C:\Program Files\Common Files\SpeechEngines
[14/12/2006|10:37] C:\Program Files\Common Files\SWF Studio
[12/12/2006|14:07] C:\Program Files\Common Files\Symantec Shared
[20/09/2008|09:58] C:\Program Files\Common Files\System
[26/11/2007|21:56] C:\Program Files\Common Files\WindowsLiveInstaller
[22/07/2008|09:16] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 31 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Lee\Cookies\lee@adultfriendfinder[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 12:41:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:945][D:11]-> C:\DOCUME~1\Lee\LOCALS~1\Temp
[F:93][D:0]-> C:\DOCUME~1\Lee\Cookies
[F:2024][D:4]-> C:\DOCUME~1\Lee\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/12/2008| 8:34 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/12/2008|12:42 - Option : [4]

--------------------\\ Scan completed at 12:42:03
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am

Re: pop-up adverts

Unread postby mz30 » December 11th, 2008, 6:01 am

Hi lee,

My apologies as i missed out a file in my last script please follow these instructions again.

Thanks


Lop S&D-Option 4

Select the entire area below, then right-click and choose Copy
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dumb Save Locks Open

Double click LopSD.exe to start the program.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 4 to choose Option 4 (LopScript), then press Enter
  • A blank page will be opened, right-click it and choose Paste
  • Close the page, you'll be asked to save it, click Save
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

-----------------------------------------

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items except items in the C:\System Volume Information folder and click on Remove Selected.

    Image

  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


In your next reply please post:

  • C:\lopR.txt
  • Malwarebytes' Anti-Malware
  • A fresh hijack this log taken after the above has been completed.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: pop-up adverts

Unread postby leepettit » December 11th, 2008, 7:00 pm

here we go.....

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lee ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:124 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [4] ( 11/12/2008|22:16 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dumb Save Locks Open


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dumb Save Locks Open
Deleted! - C:\DOCUME~1\Lee\Cookies\lee@adultfriendfinder[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[19/11/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Blackberry Desktop
[19/11/2007|11:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[05/07/2007|10:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/11/2007|11:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[10/09/2008|08:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[19/11/2007|11:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[19/11/2007|12:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Research In Motion
[22/10/2006|00:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[19/11/2007|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[08/06/2007|14:01] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Google
[08/06/2007|13:51] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Identities
[08/06/2007|14:00] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\ADMINI~1.BER\APPLIC~1\Symantec

[13/05/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/05/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07/05/2008|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/09/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/11/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[12/11/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[12/11/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[22/07/2008|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[07/08/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[27/09/2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/05/2007|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[07/08/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sophos
[21/10/2008|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/05/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[12/12/2006|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[12/11/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[11/05/2007|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/09/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/03/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[21/10/2006|23:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[22/10/2006|00:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec


[25/05/2008|13:24] C:\DOCUME~1\James\APPLIC~1\Adobe
[16/03/2008|18:36] C:\DOCUME~1\James\APPLIC~1\Google
[16/03/2008|18:34] C:\DOCUME~1\James\APPLIC~1\HP
[21/11/2008|07:51] C:\DOCUME~1\James\APPLIC~1\HPAppData
[21/10/2006|23:57] C:\DOCUME~1\James\APPLIC~1\Identities
[16/03/2008|18:35] C:\DOCUME~1\James\APPLIC~1\Macromedia
[21/11/2008|07:33] C:\DOCUME~1\James\APPLIC~1\Malwarebytes
[28/09/2008|16:02] C:\DOCUME~1\James\APPLIC~1\Microsoft
[16/03/2008|18:39] C:\DOCUME~1\James\APPLIC~1\MSNInstaller
[28/03/2008|21:25] C:\DOCUME~1\James\APPLIC~1\Real
[16/03/2008|18:34] C:\DOCUME~1\James\APPLIC~1\Research In Motion
[22/10/2006|00:16] C:\DOCUME~1\James\APPLIC~1\SampleView
[22/10/2006|00:12] C:\DOCUME~1\James\APPLIC~1\Symantec
[09/04/2008|18:43] C:\DOCUME~1\James\APPLIC~1\Yahoo!

[13/05/2008|08:04] C:\DOCUME~1\Lee\APPLIC~1\Adobe
[13/05/2008|09:11] C:\DOCUME~1\Lee\APPLIC~1\AdobeUM
[22/10/2008|13:37] C:\DOCUME~1\Lee\APPLIC~1\Apple Computer
[29/11/2007|08:48] C:\DOCUME~1\Lee\APPLIC~1\Google
[23/03/2008|11:18] C:\DOCUME~1\Lee\APPLIC~1\Help
[12/11/2008|20:42] C:\DOCUME~1\Lee\APPLIC~1\HP
[10/12/2008|08:31] C:\DOCUME~1\Lee\APPLIC~1\HPAppData
[21/10/2006|23:57] C:\DOCUME~1\Lee\APPLIC~1\Identities
[17/11/2008|15:57] C:\DOCUME~1\Lee\APPLIC~1\Juniper Networks
[29/11/2007|08:48] C:\DOCUME~1\Lee\APPLIC~1\Macromedia
[07/08/2008|12:17] C:\DOCUME~1\Lee\APPLIC~1\Malwarebytes
[11/09/2008|08:45] C:\DOCUME~1\Lee\APPLIC~1\Microsoft
[20/02/2008|13:51] C:\DOCUME~1\Lee\APPLIC~1\Microsoft Web Folders
[10/06/2008|14:41] C:\DOCUME~1\Lee\APPLIC~1\Mozilla
[19/09/2008|15:16] C:\DOCUME~1\Lee\APPLIC~1\MSNInstaller
[01/08/2008|17:34] C:\DOCUME~1\Lee\APPLIC~1\Real
[22/10/2006|00:16] C:\DOCUME~1\Lee\APPLIC~1\SampleView
[19/01/2008|14:33] C:\DOCUME~1\Lee\APPLIC~1\Sony Corporation
[29/11/2007|10:42] C:\DOCUME~1\Lee\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\Lee\APPLIC~1\Symantec
[10/06/2008|14:42] C:\DOCUME~1\Lee\APPLIC~1\Talkback
[31/03/2008|16:57] C:\DOCUME~1\Lee\APPLIC~1\Yahoo!

[02/07/2007|10:28] C:\DOCUME~1\LeeP\APPLIC~1\Adobe
[03/07/2007|08:12] C:\DOCUME~1\LeeP\APPLIC~1\AdobeUM
[15/01/2007|11:10] C:\DOCUME~1\LeeP\APPLIC~1\Google
[14/12/2006|10:45] C:\DOCUME~1\LeeP\APPLIC~1\HP
[21/10/2006|23:57] C:\DOCUME~1\LeeP\APPLIC~1\Identities
[21/05/2007|10:45] C:\DOCUME~1\LeeP\APPLIC~1\InterVideo
[15/01/2007|10:15] C:\DOCUME~1\LeeP\APPLIC~1\Macromedia
[19/03/2007|17:15] C:\DOCUME~1\LeeP\APPLIC~1\Microsoft
[22/10/2006|00:16] C:\DOCUME~1\LeeP\APPLIC~1\SampleView
[02/07/2007|13:38] C:\DOCUME~1\LeeP\APPLIC~1\Sun
[22/10/2006|00:12] C:\DOCUME~1\LeeP\APPLIC~1\Symantec

[02/07/2007|13:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[21/10/2006|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[21/10/2006|23:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/12/2008 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/12/2008 22:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 02:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[22/10/2006|00:10] C:\Program Files\Adobe
[07/05/2008|15:00] C:\Program Files\Apple Software Update
[07/05/2008|15:01] C:\Program Files\Bonjour
[22/10/2006|00:13] C:\Program Files\Broadcom
[20/08/2008|07:55] C:\Program Files\CCleaner
[08/12/2008|14:09] C:\Program Files\Common Files
[19/09/2008|15:18] C:\Program Files\Compaq
[21/10/2006|23:57] C:\Program Files\ComPlus Applications
[19/09/2008|15:22] C:\Program Files\Google
[12/11/2008|20:38] C:\Program Files\Hewlett-Packard
[07/08/2008|11:30] C:\Program Files\HijackThis
[12/11/2008|20:44] C:\Program Files\HP
[22/10/2006|00:11] C:\Program Files\HPQ
[05/01/2008|18:28] C:\Program Files\InstallShield Installation Information
[20/09/2008|10:01] C:\Program Files\Internet Explorer
[22/10/2006|00:10] C:\Program Files\InterVideo
[07/05/2008|15:01] C:\Program Files\iPod
[07/05/2008|15:01] C:\Program Files\iTunes
[10/12/2008|08:42] C:\Program Files\Java
[22/07/2008|09:18] C:\Program Files\Lavasoft
[28/10/2008|15:53] C:\Program Files\Malwarebytes' Anti-Malware
[20/09/2008|11:30] C:\Program Files\Messenger
[27/11/2007|20:18] C:\Program Files\Microsoft ActiveSync
[27/11/2007|21:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/10/2006|23:57] C:\Program Files\microsoft frontpage
[20/02/2008|13:51] C:\Program Files\Microsoft Office
[12/12/2006|14:16] C:\Program Files\Microsoft Visual Studio
[12/12/2006|14:09] C:\Program Files\Microsoft Windows Small Business Server
[12/12/2006|14:22] C:\Program Files\Microsoft Works
[12/12/2006|14:16] C:\Program Files\Microsoft.NET
[20/09/2008|10:01] C:\Program Files\Movie Maker
[07/08/2008|11:27] C:\Program Files\Mozilla Firefox
[19/09/2008|15:16] C:\Program Files\MSN
[21/10/2006|23:57] C:\Program Files\MSN Gaming Zone
[15/12/2006|03:00] C:\Program Files\MSXML 4.0
[20/09/2008|09:58] C:\Program Files\NetMeeting
[21/10/2006|23:57] C:\Program Files\Online Services
[20/09/2008|09:58] C:\Program Files\Outlook Express
[12/12/2006|14:03] C:\Program Files\Program Shortcuts
[07/05/2008|15:01] C:\Program Files\QuickTime
[23/03/2008|10:22] C:\Program Files\Real
[22/10/2006|00:10] C:\Program Files\Realtek
[19/11/2007|12:06] C:\Program Files\Research In Motion
[05/01/2008|18:27] C:\Program Files\Sony
[07/08/2008|11:08] C:\Program Files\Sophos
[21/11/2008|20:30] C:\Program Files\Spybot - Search & Destroy
[20/08/2008|07:52] C:\Program Files\Trend Micro
[21/10/2006|23:57] C:\Program Files\Uninstall Information
[27/09/2008|18:25] C:\Program Files\Windows Live
[19/09/2008|15:14] C:\Program Files\Windows Live Toolbar
[20/09/2008|10:01] C:\Program Files\Windows Media Player
[20/09/2008|09:58] C:\Program Files\Windows NT
[21/10/2006|23:57] C:\Program Files\WindowsUpdate
[21/10/2006|23:57] C:\Program Files\xerox
[02/08/2008|09:50] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[13/05/2008|09:12] C:\Program Files\Common Files\Adobe
[07/05/2008|15:00] C:\Program Files\Common Files\Apple
[07/08/2008|11:05] C:\Program Files\Common Files\Cisco Systems
[12/12/2006|14:16] C:\Program Files\Common Files\DESIGNER
[08/06/2007|15:14] C:\Program Files\Common Files\EPSON
[14/12/2006|10:41] C:\Program Files\Common Files\Hewlett-Packard
[12/11/2008|20:35] C:\Program Files\Common Files\HP
[19/11/2007|12:04] C:\Program Files\Common Files\InstallShield
[22/10/2006|00:07] C:\Program Files\Common Files\Java
[12/12/2006|14:16] C:\Program Files\Common Files\L&H
[19/09/2008|15:15] C:\Program Files\Common Files\Microsoft Shared
[21/10/2006|23:57] C:\Program Files\Common Files\MSSoap
[21/10/2006|23:57] C:\Program Files\Common Files\ODBC
[01/08/2008|17:35] C:\Program Files\Common Files\Real
[21/10/2006|23:57] C:\Program Files\Common Files\Services
[21/10/2006|23:57] C:\Program Files\Common Files\SpeechEngines
[14/12/2006|10:37] C:\Program Files\Common Files\SWF Studio
[12/12/2006|14:07] C:\Program Files\Common Files\Symantec Shared
[20/09/2008|09:58] C:\Program Files\Common Files\System
[26/11/2007|21:56] C:\Program Files\Common Files\WindowsLiveInstaller
[22/07/2008|09:16] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 30 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 22:17:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:949][D:12]-> C:\DOCUME~1\Lee\LOCALS~1\Temp
[F:93][D:0]-> C:\DOCUME~1\Lee\Cookies
[F:2806][D:4]-> C:\DOCUME~1\Lee\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/12/2008| 8:34 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/12/2008|12:42 - Option : [4]
3 - "C:\Lop SD\LopR_3.txt" - 11/12/2008|22:17 - Option : [4]

--------------------\\ Scan completed at 22:17:49

Malwarebytes' Anti-Malware 1.31
Database version: 1490
Windows 5.1.2600 Service Pack 3

11/12/2008 22:56:56
mbam-log-2008-12-11 (22-56-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 113432
Time elapsed: 27 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:40, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=26688
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 5667 bytes


have fun!
leepettit
Active Member
 
Posts: 9
Joined: December 3rd, 2008, 8:49 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 480 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware