Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows.ActiveDesktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows.ActiveDesktop

Unread postby malohroqui » April 14th, 2006, 10:03 pm

after i do a google search and click on a result, i get redirected to an advertisement site. i've scanned my computer with spybot s & d, and found the following result:

HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

after removing this threat and scanning again, it seems to have returned.
how do i remove it completely?

here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:42:07 AM, on 15/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program
Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Trend Micro\Internet Security 2006
\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common
Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0
\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRAM FILES\SECWAY\SIMPLITE-MSN 2.1.7
BETA 4\SIMPLITE-MSN.EXE
C:\PROGRAM FILES\UPDATES FROM HP\137903
\PROGRAM\BACKWEB-137903.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET
EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_AU&c=Q304&bd=pavili
on&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavil
ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavil
ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_AU&c=Q304&bd=pavili
on&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavil
ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_AU&c=Q304&bd=pavili
on&pf=desktop
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inte
rnet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F
-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-
9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-
05D28BCF79F5} - C:\Program Files\HP\Digital
Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar -
{871F91FD-3A92-4988-A842-16AB2CFF5AF1} -
C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll (file
missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8
-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program
Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common Files\Real\Update_OB\realsched.exe" -
osboot
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32
\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program
Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32
\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}
\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program
Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program
Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program
Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1
\HPPAVI~1\Pavilion\XPHWWBS4
\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Simp] C:\Program
Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-
MSN.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Acrobat Speed
Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program
Files\Updates from HP\137903\Program\BackWeb-
137903.exe
O8 - Extra context menu item: Add to &Windows Live
Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to
existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.ht
ml
O8 - Extra context menu item: Convert selected links to
existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.ht
ml
O8 - Extra context menu item: Convert selection to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to
existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF
- res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft
Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11
\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1
\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-
2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-
FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Cont
rols/en/x86/client/wuweb_site.cab?1141441344750
O16 - DPF: {6E5A37BF-FD42-463A-877C-
4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-
housecall.trendmicro-
europe.com/housecall/applet/html/native/x86/win32/acti
vex/hcImpl.cab
O16 - DPF: {77F539E4-3C23-48D9-960B-
B6E62905C113} (FavImport Class) -
https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-
4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStat
sClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-
595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) -
http://cdn.messenger.msn.com/download/MsnMesseng
erSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-
587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-
8E305202313F} - "C:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component
(PcCtlCom) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv)
- Trend Micro Incorporated. - C:\PROGRA~1
\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) -
Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3
\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -
Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3
\tmproxy.exe
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm
Advertisement
Register to Remove

Unread postby malohroqui » April 15th, 2006, 9:54 am

umm..is someone going to help me or are you all trying to hack into my computer?
it's been 10 hrs since i asked for help, and every time i do a search on the net i get redirected to a different obscure website.
I'm running trend micro pc-cillin 2006, windows defender beta 2, adaware se, spybot and webroot spysweeper, plus the windows malicious software remover tool. in my opinion they are all useless because i constantly get viruses and trojans.
can someone please help???
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 15th, 2006, 11:07 am

umm..is someone going to help me or are you all trying to hack into my computer?


Patience please... I know getting your system back to normal is important to you... it is to us as well.

But we are all volunteers here that do this in our spare time. We have jobs/personal lives to attend to before we can find time to do this.

So again... please be patient.

Now... the formatting of your log could be an issue as to why you never received a reply. The way it has been posted makes it almost impossible to read.

Go into Notepad... click the Format header and uncheck Word Wrap if it is checked.

Rescan with HijackThis and post the new log please.

I will take a look at your log once you have posted a new one. :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby malohroqui » April 15th, 2006, 11:58 am

Logfile of HijackThis v1.99.1
Scan saved at 1:57:10 AM, on 16/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\PROGRAM FILES\UPDATES FROM HP\137903\PROGRAM\BACKWEB-137903.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-MSN.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1441344750
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/M ... loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 15th, 2006, 12:36 pm

Thanks for posting the new log.

Download ATFCleaner. Don't run the program yet.

Download Ewido Anti-Malware. Install and update the program. Don't scan with it yet.

Download WinPFind. Extract(unzip) it to its own folder. Don't run it yet.

Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Once in Safe Mode... double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run Ewido and do a full scan letting it fix whatever it finds. Save the log it creates to your desktop.

Run WinPFind(scan may take a while) and save the log it creates to your desktop. Once it is done reboot your computer normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.


Post the Ewido log, Kaspersky log, and WinPFind logs please.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby malohroqui » April 15th, 2006, 11:34 pm

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:35:06 AM, 16/04/2006
+ Report-Checksum: FD082503

+ Scan result:

C:\Program Files\Adobe\Adobe Photoshop CS2\Goodies\PROGRAMS & EXTRA STUFF\WinZip 9.0.6224-SR1.zip/WinZip 9.0.6224-SR1/WinZip-KEY-GEN.exe -> Dropper.Delf.fl : Error during cleaning
C:\Program Files\Internet Explorer\update.exe -> Adware.BHO : Cleaned with backup
D:\Downloads\Adobe CS2 SUITE\ADOBE PHOTOSHOP CS2 VS9\Goodies\PROGRAMS & EXTRA STUFF\WinZip 9.0.6224-SR1.zip/WinZip 9.0.6224-SR1/WinZip-KEY-GEN.exe -> Dropper.Delf.fl : Error during cleaning


::Report End
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby malohroqui » April 15th, 2006, 11:36 pm

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PEC2 14/04/2006 6:08:38 PM 82436 C:\WINDOWS\cpu.exe
PECompact2 14/04/2006 6:08:38 PM 82436 C:\WINDOWS\cpu.exe
PECompact2 10/11/2005 11:56:16 AM 16418765 C:\WINDOWS\lpt$vpn.939
qoologic 10/11/2005 11:56:16 AM 16418765 C:\WINDOWS\lpt$vpn.939
SAHAgent 10/11/2005 11:56:16 AM 16418765 C:\WINDOWS\lpt$vpn.939
UPX! 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
FSG! 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
PEC2 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
PECompact2 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
qoologic 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
aspack 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
SAHAgent 19/02/2006 2:28:04 PM 112918528 C:\WINDOWS\MEMORY.DMP
UPX! 3/05/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 10/01/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 10/11/2005 11:56:16 AM 16418765 C:\WINDOWS\VPTNFILE.939
qoologic 10/11/2005 11:56:16 AM 16418765 C:\WINDOWS\VPTNFILE.939
SAHAgent 10/11/2005 11:56:16 AM 16418765 C:\WINDOWS\VPTNFILE.939
UPX! 18/02/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 18/02/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 13/02/2004 11:05:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 20/08/2004 3:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp
PTech 14/02/2006 8:20:14 AM 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 6/04/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/04/2006 12:48:40 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 5:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 5:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 12/02/2004 2:24:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 15/04/2006 10:49:58 AM 75264 C:\WINDOWS\SYSTEM32\winbrume.dll
PECompact2 15/04/2006 10:49:58 AM 75264 C:\WINDOWS\SYSTEM32\winbrume.dll

Checking %System%\Drivers folder and sub-folders...
PTech 4/08/2004 3:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
UPX! 9/11/2005 7:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys
aspack 9/11/2005 7:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
16/04/2006 3:37:36 AM S 2048 C:\WINDOWS\bootstat.dat
15/04/2006 3:58:26 AM H 54156 C:\WINDOWS\QTFont.qfn
4/03/2006 1:05:10 PM H 0 C:\WINDOWS\inf\oem49.inf
4/03/2006 1:06:58 PM H 0 C:\WINDOWS\inf\oem50.inf
20/03/2006 11:42:16 AM HS 3584 C:\WINDOWS\Microsoft.NET\Thumbs.db
4/03/2006 3:16:06 PM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_11.cab
23/03/2006 9:17:30 AM S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
23/03/2006 4:15:38 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
13/03/2006 4:45:34 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
17/03/2006 7:24:26 PM S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
15/02/2006 4:49:00 PM S 9639 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912475.cat
30/03/2006 8:03:56 PM S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
16/04/2006 3:37:44 AM H 20480 C:\WINDOWS\system32\config\default.LOG
16/04/2006 3:40:06 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
16/04/2006 3:37:38 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
16/04/2006 4:05:16 AM H 73728 C:\WINDOWS\system32\config\software.LOG
16/04/2006 3:40:40 AM H 942080 C:\WINDOWS\system32\config\system.LOG
16/04/2006 3:34:08 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
13/04/2006 7:04:06 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
13/04/2006 7:04:06 PM S 146 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
4/03/2006 12:21:54 PM H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
4/03/2006 12:21:54 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
4/03/2006 11:39:38 AM RHS 4272 C:\WINDOWS\system32\drivers\HP_PG051AA-ABG t620a_YC_Pavi_QAUW426_E43ANheBLG2_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M504_J20_7Intel_8Pentium 4_92.8_111063044_N10EC8139_P_Z11C1048C_K_A808624C5.MRK
4/03/2006 11:47:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a5a9b99b-a067-4b07-9021-5381cf7214ea
4/03/2006 12:27:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b5395549-e215-43b7-98bf-21ca7187e2b6
4/03/2006 12:27:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c7ccaf4d-393f-4f95-a8ae-7092196c3ccd
4/03/2006 11:47:44 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
16/04/2006 3:40:58 AM H 370 C:\WINDOWS\Tasks\MP Scheduled Scan.job
16/04/2006 3:36:28 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 20/09/2004 2:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 4/08/2004 5:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 20/08/2004 3:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 12:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/02/2004 1:34:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/02/2004 1:52:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 12/02/2004 1:58:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 12/02/2004 1:34:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 12/02/2004 1:52:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 12/02/2004 1:58:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Realtek Semiconductor Corp. 10/02/2004 12:19:32 AM 14224384 C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\ALSNDMGR.CPL
Intel Corporation 10/02/2004 10:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
16/04/2006 3:32:00 AM 2335 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
4/04/2006 9:28:00 PM 1768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
1/04/2004 10:56:54 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
4/03/2006 11:47:34 AM 1865 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2/04/2004 8:44:48 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
4/04/2006 8:54:40 PM 9105 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
26/10/2005 5:02:12 AM 2916 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
4/04/2006 9:50:12 PM 999 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
1/04/2004 10:56:54 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
2/04/2004 8:44:48 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{196B9CB5-4C83-46F7-9B06-9672ECD9D99B}
= C:\WINDOWS\system32\winbrume.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
Adobe PDF Conversion Toolbar Helper = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}
hp view = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
= :
{871F91FD-3A92-4988-A842-16AB2CFF5AF1} = Trend Micro Antifraud Toolbar : C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{871F91FD-3A92-4988-A842-16AB2CFF5AF1} = Trend Micro Antifraud Toolbar : C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WINCINEMAMGR "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS2 C:\WINDOWS\system32\ps2.exe
PHIME2002ASync C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
MSPY2002 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
KBD C:\HP\KBD\KBD.EXE
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IgfxTray C:\WINDOWS\system32\igfxtray.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
HPHUPD05 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 C:\WINDOWS\System32\hphmon05.exe
HP Software Update "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
Home Theater SchSvr "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
AlcxMonitor ALCXMNTR.EXE
AGRSMMSG AGRSMMSG.exe
Acrobat Assistant 7.0 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Acme.PCHButton C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
Simp C:\Program Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-MSN.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 3


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 16/04/2006 6:44:25 AM
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby malohroqui » April 15th, 2006, 11:36 pm

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, April 16, 2006 12:47:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 15/04/2006
Kaspersky Anti-Virus database records: 188284
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 91232
Number of viruses found: 11
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:52:27

Infected Object Name / Virus Name / Last Action
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp ZIP: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp ZIP: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp ZIP: infected - 5 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp CryptFF.b: infected - 5 skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP30\A0004876.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\WINDOWS\cpu.exe/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\WINDOWS\cpu.exe Embedded EXE: infected - 1 skipped
C:\WINDOWS\cpu.exe PECompact: infected - 1 skipped
C:\WINDOWS\cpu.exe PecBundle: infected - 1 skipped
C:\WINDOWS\cpu.exe PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\system32\winbrume.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
D:\WINDOWS\SYSTEM\dialersetup\EasyDates_au-uninstall.exe Infected: not-a-virus:Dialer.Win32.gen skipped
D:\Downloads\Adobe CS2 SUITE\ADOBE PHOTOSHOP CS2 VS9\Goodies\PROGRAMS & EXTRA STUFF\WinZip 9.0.6224-SR1.zip/WinZip 9.0.6224-SR1/WinZip-KEY-GEN.exe Infected: Trojan-Dropper.Win32.Delf.fl skipped
D:\Downloads\Adobe CS2 SUITE\ADOBE PHOTOSHOP CS2 VS9\Goodies\PROGRAMS & EXTRA STUFF\WinZip 9.0.6224-SR1.zip ZIP: infected - 1 skipped

Scan process completed.
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 16th, 2006, 1:41 am

Thanks for posting the logs.

You may want to print this out or copy/paste it into notepad or wordpad for reference during the fix.

Download Killbox. Extract(unzip) it to its own folder. Don't run it yet.

Please disable SpySweeper, as it may interfere with the fix. To disable SpySweeper:
  • Open SpySweeper
  • Click Options then Program Options. Uncheck "Load at Windows startup".
  • Click Shields and uncheck all there.
  • Uncheck "Home Page Shield".
  • Uncheck "Automaticly restore default without notifiction".
  • Close SpySweeper
Once your log is clean you can re-enable SpySweeper.

Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender

Once your log is clean you can re-enable Windows Defender Real Time Protection.

Run and scan with HijackThis. With all browsers and windows closed, place a check beside the following and fix:

O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


Run Killbox. Put a check next to "Delete on Reboot", then copy this line in "Full Path of File to Delete" box:

C:\WINDOWS\system32\winbrume.dll

Click the red and white "X". Answer No when it asks you to reboot.

Do the same for the following files:

C:\Program Files\Adobe\Adobe Photoshop CS2\Goodies\PROGRAMS & EXTRA STUFF\WinZip 9.0.6224-SR1.zip
D:\Downloads\Adobe CS2 SUITE\ADOBE PHOTOSHOP CS2 VS9\Goodies\PROGRAMS & EXTRA STUFF\WinZip 9.0.6224-SR1.zip
C:\WINDOWS\cpu.exe
D:\WINDOWS\SYSTEM\dialersetup\EasyDates_au-uninstall.exe


You can reboot after you have entered the last file.

Once back in Windows do another Kaspersky scan and post that log along with a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby malohroqui » April 16th, 2006, 6:49 am

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, April 16, 2006 8:16:34 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/04/2006
Kaspersky Anti-Virus database records: 188322
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 91135
Number of viruses found: 11
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 01:46:16

Infected Object Name / Virus Name / Last Action
C:\!KillBox\cpu.exe/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\!KillBox\cpu.exe Embedded EXE: infected - 1 skipped
C:\!KillBox\cpu.exe PECompact: infected - 1 skipped
C:\!KillBox\cpu.exe PecBundle: infected - 1 skipped
C:\!KillBox\cpu.exe PE_Patch.PECompact: infected - 1 skipped
C:\!KillBox\EasyDates_au-uninstall.exe Infected: not-a-virus:Dialer.Win32.gen skipped
C:\!KillBox\WinZip 9.0.6224-SR1.zip/WinZip 9.0.6224-SR1/WinZip-KEY-GEN.exe Infected: Trojan-Dropper.Win32.Delf.fl skipped
C:\!KillBox\WinZip 9.0.6224-SR1.zip ZIP: infected - 1 skipped
C:\Program Files\HijackThis\backups\backup-20060416-162514-695.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp ZIP: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp ZIP: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp ZIP: infected - 5 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp CryptFF.b: infected - 5 skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP30\A0004876.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004918.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004923.exe/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004923.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004923.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004923.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004923.exe PE_Patch.PECompact: infected - 1 skipped
D:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP31\A0004924.exe Infected: not-a-virus:Dialer.Win32.gen skipped

Scan process completed.
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby malohroqui » April 16th, 2006, 6:51 am

Logfile of HijackThis v1.99.1
Scan saved at 8:50:41 PM, on 16/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRAM FILES\SECWAY\SIMPLITE-MSN 2.1.7 BETA 4\SIMPLITE-MSN.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRAM FILES\UPDATES FROM HP\137903\PROGRAM\BACKWEB-137903.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-MSN.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1441344750
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/M ... loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 16th, 2006, 11:55 am

Thanks for posting the logs.

You can delete this folder:

C:\!KillBox

Empty Trend Micro's Quarrantine as well.

Your logs are clean! How is the computer behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby malohroqui » April 16th, 2006, 4:36 pm

i'm glad you can read all that, because i thought the kapersky scan said i had 37 viruses!
hopefully things are back to normal, it's too soon to tell but i'll let you know.
i appreciate your help, and i'm sorry for being impatient. usually i can figure out how to get rid of viruses by myself, so i wasn't comfortable being out of control in this instance.
i'll scan my computer with pc-cillin, adaware, defender and spybot then get back to you to let you know.
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 16th, 2006, 4:42 pm

Kaspersky was detecting the backups that are made by Killbox. Along the bad files Trend had quarrantined. The others are backups in your System Restore Points which we will clean out now :)

Now that your computer is clean, its a good time to reset your System Restore point. This will ensure a clean backup to fall upon if you ever need it. To do this:
  • Right-click My Computer, and then click Properties.
  • Click the System Restore tab.
  • Check the "Turn off System Restore" or "Turn off System Restore on all drives"

Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

You seem to have a good variety of protective programs installed. A Firewall as well.

Might want to check out these links How'd I get Infected and Understanding Spyware as well, some good information for you.

Other than that... remember to keep Windows and your protection programs updated.... and scan often :)

Let me know if any of the scans you do pick up anything major.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby malohroqui » April 16th, 2006, 5:20 pm

i scanned with spybot and found Windows.ActiveDesktop again!
so i havent cleared my restore points yet.
i went into the registry to delete it manually but it didnt seem to be there at the location spybot told me it was.
there must be a way to get rid of it. surely i can delete it without doing scans for 2 days beforehand!
i'll post another hijackthis! log.
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware