Sorry to bother you with another of these threads but I was told to make a new thread and hope someone helps. Anyway, after trying multitudes of 'fixes' and 'removers' and attempting a manual deletion my desktop is still ridden with slowness and now the none of the browsers will function. Here's the HijackThis log; _____________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:57, on 2008-09-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\CF20878.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CF20878.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.frontiernet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VimicroMonitorSnapshotVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [xrt_Shell] C:\Documents and Settings\HP_Administrator\xrt_xsyb.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.1.0.2016 (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 11131 bytes _____________________ Thanks for the help. I've been trying to get this thing removed for the past two and a half days.
Hi Masamunec Hope you'll be patient with me as it's all standard procedure. I have to ask you a few questions before I can begin. What fixes and removers have you tried? How will the browsers not function? Are there any other symptons like task manager or control panel not working? Best Regards
If I wasn't patient I'd have thrown my computer out the window or put my fists through the drywall. Well, I tried the manual removal here. I've tried the automated stuff with Spyhunter, SUPERAntispyware, Malwarebytes. Yeah, I got desperate. I tried a bit of what was suggested in the "Joke-Bluescreen virus" thread as well that COMODO BOclean thing. Not sure if it's found anything or not. As far as the browsers not working; At first it was slow, then when I found out that it was due to this XP Antivirus thing I started looking into ways to remove it. Then I noticed that downloads and links to things that would fix it were blocked. So I had to use my laptop to get things to my desktop, and that's actually what I'm posting with on here. I'd rather not enter my room of what is now a room of disappointment and epic failure. I've also tried to delete those shlwapi and wininet dlls but the fuckers are write protected or in use. Probably both. Anyway, I tried to find the processes in the taskmgr but to no avail. I used that task.exe or something or other to get the 'full list' of processes, even the ones not usually shown. Other than one "ohjgin" or something like it and a few unnamed processes there was nothing else. Wasn't really sure about the command to end those processes so I decided not to screw with it.
Sorry, forgot some stuff. The taskmanager always worked. But the 'antivirusvirus' did stop me from accessing all the tabs on the display window and deleted all of my system recovery points. :/ I'm even further annoyed. It seems that I'm stricken with hiccups as well now.
Hey Masamunec Breathe it deeply, hold it, and then swallow. Wait for a little whle more before breathing out. It always helped with my hiccups. Sounds like a bad malware. Lets fix it. Please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. If there are any problems at all with Combofix running, PLEASE TELL ME!!!!! Best Regards
Well, here's the log. ComboFix 08-09-16.05 - HP_Administrator 2008-09-17 9:33:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1125 [GMT -5:00] Running from: C:\Documents and Settings\HP_Administrator\My Documents\Combo-Fix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\BReWErS.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssserf.dll C:\WINDOWS\system32\tdssservers.dat D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))) . 2008-09-16 08:03 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL 2008-09-16 08:03 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE 2008-09-16 08:03 . 2004-08-09 23:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb 2008-09-16 08:02 . 2008-09-16 08:02 <DIR> d-------- C:\Program Files\Comodo 2008-09-16 08:02 . 2008-09-16 08:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC427 2008-09-16 08:02 . 2008-09-17 09:29 11,196 --a------ C:\WINDOWS\BOC427.INI 2008-09-16 07:49 . 2008-09-16 07:51 <DIR> d-------- C:\ComboFix 2008-09-16 07:47 . 2008-09-16 07:47 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-15 15:23 . 2008-09-15 22:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-15 15:23 . 2008-09-15 15:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2008-09-15 15:23 . 2008-09-15 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-15 15:00 . 2008-09-15 15:00 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes 2008-09-15 14:59 . 2008-09-15 15:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-15 14:59 . 2008-09-15 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-15 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-15 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-14 19:23 . 2008-09-14 19:23 161 --a------ C:\Documents and Settings\HP_Administrator\xrt_log.dat 2008-09-14 18:25 . 2008-09-14 20:05 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-09-14 15:57 . 2008-09-14 15:57 39,424 --a------ C:\Documents and Settings\HP_Administrator\xrt_xsyb.exe 2008-09-14 09:50 . 2008-09-14 18:45 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\~0 2008-09-04 05:59 . 2008-09-04 05:59 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-09-03 21:54 . 2008-09-03 21:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools 2008-09-03 21:47 . 2008-09-03 21:48 <DIR> d-------- C:\WINDOWS\daemon 2008-09-02 21:36 . 2008-09-05 18:24 <DIR> d-------- C:\Program Files\Oxin's Style! 2008-09-02 15:18 . 2008-09-02 15:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\XRay Engine 2008-09-01 10:53 . 2008-09-01 10:53 <DIR> d-------- C:\WINDOWS\Logs 2008-09-01 10:44 . 2008-09-02 18:47 <DIR> d-------- C:\Program Files\GSC World Publishing 2008-09-01 05:57 . 2008-09-01 05:57 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys 2008-09-01 05:57 . 2008-09-01 05:57 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe 2008-08-21 13:19 . 2008-08-21 13:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-19 13:13 . 2008-08-19 13:18 <DIR> d-------- C:\Program Files\Codemasters . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-15 20:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-15 11:16 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-09-15 11:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AVG7 2008-09-15 00:59 --------- d-----w C:\Program Files\GemMaster 2008-09-14 21:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Uniblue 2008-09-14 20:57 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-09-14 20:57 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll 2008-09-10 20:51 --------- d-----w C:\Program Files\Lavasoft 2008-09-10 20:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-08 23:46 --------- d-----w C:\Program Files\Steam 2008-09-08 01:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent 2008-09-04 02:54 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-08-23 17:56 --------- d-----w C:\Program Files\Call of Duty 2008-08-23 15:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-23 15:44 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-17 20:59 --------- d-----w C:\Program Files\THQ 2008-08-10 05:55 --------- d-----w C:\Program Files\uTorrent 2008-08-08 06:00 --------- d-----w C:\Program Files\eMule 2008-08-05 21:26 630 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2008-08-03 03:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-03 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-02 14:24 --------- d-----w C:\Program Files\Spyware Doctor 2008-07-23 19:56 --------- d-----w C:\Program Files\Maverick Developments Ltd 2008-07-22 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-17 19:33 --------- d-----w C:\Program Files\Bethesda Softworks 2008-07-17 17:51 557,056 ----a-w C:\Documents and Settings\HP_Administrator\GoToAssist_phone__317_en.exe 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 23:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-06-23 16:12 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-06-23 16:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2008-06-23 16:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-06-23 16:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2008-06-23 16:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-06-23 16:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2008-06-23 16:12 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-06-23 16:11 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2008-06-23 16:11 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2008-06-23 16:11 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2008-06-23 16:11 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 16:11 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2008-06-23 16:11 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2008-06-23 16:11 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2008-06-23 16:11 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 16:11 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-06-23 16:11 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-05-13 23:52 256 ----a-w C:\Documents and Settings\HP_Administrator\pool.bin 2007-12-10 18:36 22,328 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys . ------- Sigcheck ------- 2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe 2008-09-14 15:57 502272 9b1bd82bd0761b5ba986af66d2809c30 C:\WINDOWS\system32\winlogon.exe 2004-08-09 23:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 1077248] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 61440] "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 579584] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 180269] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "VimicroMonitorSnapshotVMUVC"="C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-04-13 114688] "BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 C:\WINDOWS\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe] "nwiz"="nwiz.exe" [2006-01-24 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-07-18 439568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "vidc.mpng"= C:\Program Files\t@b\0.958\686\tabdec.dll "vidc.mvjp"= C:\Program Files\t@b\0.958\686\tabdec.dll "vidc.444p"= C:\Program Files\t@b\0.958\686\tabdec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run] --a------ 2007-11-27 16:23 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 07:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 08:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2005-07-23 00:14 237568 C:\WINDOWS\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-04-01 18:16 1271032 C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Steam\\steamapps\\steamusername\\sin episodes emergence\\SinEpisodes.exe"= "C:\\Program Files\\Call of Duty\\CoDUOMP.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\Program Files\\GSC World Publishing\\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\\bin\\xrEngine.exe"= "C:\\Program Files\\GSC World Publishing\\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\\bin\\dedicated\\xrEngine.exe"= R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-01 2915944] S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ] S3 VMUVC;Vimicro Camera Service VMUVC;C:\WINDOWS\system32\Drivers\VMUVC.sys [2007-09-29 249984] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\WINDOWS\system32\drivers\vvftUVC.sys [2007-06-13 476032] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-HPHUPD08 - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe MSConfigStartUp-SMrhcav2j0e9ej - C:\Program Files\rhcav2j0e9ej\rhcav2j0e9ej.exe MSConfigStartUp-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ogt2yf2o.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - webmail.frontiernet.net FF -: plugin - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ogt2yf2o.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll FF -: plugin - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ogt2yf2o.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-17 09:38:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv] "imagepath"="\systemroot\system32\drivers\TDSSserv.sys" . Completion time: 2008-09-17 9:42:24 ComboFix-quarantined-files.txt 2008-09-17 14:42:21 Pre-Run: 27,681,861,632 bytes free Post-Run: 27,910,561,792 bytes free 281 --- E O F --- 2008-09-10 08:00:49 _+_+_+_+_+_+_+_+_+_+_+_+_+_+_ I noticed that it deleted a few thing. I'm not sure if this is just a problem with the site but my browser was a bit slow when I hit preview. Nah, I'm sure it was just a bit of latency. Other places are running fine. One problem when this thing was going is that the browser would be really slow and clicking on search findings would open a new window or tab... I'll check that now. WUNDERBAR! It doesn't do it anymore that's fantastic! Also, happy to report that the hiccups are gone.
Hey Masamunec Glad to hear that your problems are going away. Please post a new HijackThis log and tell me what problems you have left. Best Regards
Sorry about the delay in responding, I've been a bit busy lately with work and stuff. _+_+_+_+_+_+_ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:30:54 PM, on 9/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.frontiernet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VimicroMonitorSnapshotVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.1.0.2016 (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 9572 bytes _+_+_+_+_+_+_ I hope it got most or all of it.
Hey Masamunec Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries. Code: O15 - Trusted Zone: [url]http://*.trymedia.com[/url] (HKLM) Click on the button Fix checked NOTE:: Close all browsers before fixing anything. Few things to take note of: Your java is outdated. Update it, and then uninstall all previous versions. Update WIndows to service pack 3 and other latest updates. After that, you should be clean! Enjoy! BEst REgards
