hey guys just trying to clean up my computer.. i ranned hijackthis and got this... any help would be appreciated,,,,, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:51 AM, on 9/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Twain\Twain.exe C:\Documents and Settings\HP_Administrator\Application Data\SpeedRunner\SpeedRunner.exe C:\Program Files\GetModule\GetModule23.exe C:\Program Files\GetPack\GetPack21.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\explorer.exe C:\HP\KBD\KBD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{90ac6768-4f1b-7f21-546d-1345e34c9c80}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\iobgfvcumspnj.dll" DllStub O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\HP_Administrator\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe" O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe" O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AdwareProMFCT] C:\Program Files\AdwarePro\AdwarePro.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 8254 bytes
Hey tony909 You are indeed infected. Follow the instructions below to help clean up. Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Then post a new HijackThis log. Best Regards
hey i just finishing running combofix and the log shows the following.... ComboFix 08-09-13.03 - Administrator 2008-09-13 13:25:36.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.322 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\combo-fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt C:\Program Files\Common Files\Yazzle1554OinAdmin.exe C:\Program Files\Common Files\Yazzle1554OinUninstaller.exe C:\Program Files\GetModule C:\Program Files\GetModule\dicik.gz C:\Program Files\GetModule\GetModule23.exe C:\Program Files\GetModule\kwdik.gz C:\Program Files\GetModule\ozadik.gz C:\Program Files\iCheck C:\Program Files\iCheck\iCheck.exe C:\Program Files\iCheck\Uninstall.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\WINDOWS\BM8b41974a.txt C:\WINDOWS\BM8b41974a.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bhyksqow.dll C:\WINDOWS\system32\htpammox.ini C:\WINDOWS\system32\iifCTLFu.dll C:\WINDOWS\system32\oqymxkkf.dll C:\WINDOWS\system32\qkethgyi.dll C:\WINDOWS\system32\qoMeBqRj.dll C:\WINDOWS\system32\uFLTCfii.ini C:\WINDOWS\system32\uFLTCfii.ini2 C:\WINDOWS\system32\urqQiJBR.dll C:\WINDOWS\system32\vtsabx.dll C:\WINDOWS\system32\xommapth.dll C:\WINDOWS\system32\xqjxpnya.dll C:\WINDOWS\system32\yqqaolqp.dll C:\WINDOWS\system32\zznodp.dll C:\WINDOWS\wnsxs~1 C:\WINDOWS\wnsxs~1\ntvdm.exe C:\WINDOWS\wnsxs~1\W?nSxS\ C:\Documents and Settings\HP_Administrator\My Documents\YSTEM3~1\w?aclt.exe . . . . failed to delete C:\Program Files\Common Files\icroso~1.net\t?skmgr.exe . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 ))))))))))))))))))))))))))))))) . 2008-09-13 13:12 . 2008-09-13 13:14 <DIR> d-------- C:\Program Files\XoftSpySE 2008-09-13 12:47 . 2008-09-13 12:47 294 --ahs---- C:\WINDOWS\system32\iyghtekq.ini 2008-09-13 07:32 . 2008-09-13 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-09-13 06:55 . 2008-09-13 06:55 253,440 --a------ C:\WINDOWS\system32\ssqQkIXp.dll.vir 2008-09-13 06:51 . 2008-09-13 06:51 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET 2008-09-13 06:50 . 2008-09-13 06:50 229,533 --a------ C:\WINDOWS\system32\01257aad.exe 2008-09-13 06:50 . 2008-09-13 06:50 215,329 --a------ C:\WINDOWS\system32\01259cac.exe 2008-09-13 06:50 . 2008-09-13 06:50 144,749 --a------ C:\WINDOWS\system32\01255b8c.exe 2008-09-13 06:50 . 2008-09-13 07:01 96,556 --a------ C:\WINDOWS\stfMeane72.exe 2008-09-13 06:50 . 2008-09-13 06:50 87,116 --a------ C:\WINDOWS\system32\0125a96d.exe 2008-09-13 01:35 . 2008-09-13 01:35 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-09-13 01:34 . 2008-09-13 01:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-13 01:30 . 2008-09-13 12:38 6,144 --a------ C:\WINDOWS\system32\karina.dat.vir 2008-09-13 01:28 . 2008-09-13 01:28 32,768 --a------ C:\tsdi.exe 2008-09-13 01:28 . 2008-09-13 01:28 29,184 --a------ C:\bcje.exe 2008-09-13 01:28 . 2008-09-13 01:28 16,896 --a------ C:\sjle.exe 2008-09-13 01:28 . 2008-09-13 01:28 14,336 --a------ C:\jhvwffvh.exe 2008-09-13 01:28 . 2008-09-13 01:28 6,876 --a------ C:\iojxqrrr.exe 2008-09-13 01:27 . 2008-09-13 01:27 65,536 --a------ C:\tpynsmfc.exe 2008-09-13 01:27 . 2008-09-13 01:27 41,472 --a------ C:\R8VE.exe 2008-09-13 01:27 . 2008-09-13 01:27 7,532 --a------ C:\CFy.exe 2008-09-13 01:17 . 2008-09-13 07:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-09-13 00:54 . 2008-09-13 00:54 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-13 00:24 . 2004-08-10 05:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2008-09-13 00:24 . 2004-08-10 05:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys 2008-09-12 20:44 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-12 20:30 . 2008-09-13 00:38 <DIR> d-------- C:\Program Files\AdwarePro 2008-09-12 20:23 . 2008-09-12 20:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-12 20:23 . 2008-09-13 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-12 20:03 . 2008-09-12 20:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software 2008-09-12 19:56 . 2008-09-12 19:57 <DIR> d-------- C:\Program Files\Trojan Remover 2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software 2008-09-12 19:56 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-09-12 19:56 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-09-12 19:56 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-09-12 19:56 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-09-12 19:56 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-09-12 19:51 . 2008-09-12 19:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-09-12 19:46 . 2008-09-13 01:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6 2008-09-12 19:40 . 2008-09-12 19:40 4,286 --a------ C:\WINDOWS\system32\Jamster.ico 2008-09-12 18:05 . 2008-09-12 18:05 15,883 --a------ C:\WINDOWS\kawituzaqi.ban 2008-09-12 18:04 . 2008-09-12 18:04 <DIR> d-------- C:\Program Files\OINAnalytics 2008-09-07 20:27 . 2008-09-07 20:27 19,519 --a------ C:\WINDOWS\urobyhi.pif 2008-09-07 20:27 . 2008-09-07 20:27 19,028 --a------ C:\Documents and Settings\All Users\Application Data\ajaleg.vbs 2008-09-07 20:27 . 2008-09-07 20:27 16,966 --a------ C:\WINDOWS\system32\avunyr.bin 2008-09-07 20:27 . 2008-09-07 20:27 15,422 --a------ C:\Documents and Settings\All Users\Application Data\yqujelimi.dll 2008-09-07 20:27 . 2008-09-07 20:27 14,658 --a------ C:\Documents and Settings\All Users\Application Data\iwaxowifuh.vbs 2008-09-07 20:27 . 2008-09-07 20:27 13,859 --a------ C:\WINDOWS\inijoxupap._sy 2008-09-07 20:27 . 2008-09-07 20:27 12,650 --a------ C:\WINDOWS\ucov.exe 2008-09-07 20:27 . 2008-09-07 20:27 11,391 --a------ C:\Documents and Settings\HP_Administrator\Application Data\fyxavebuvy.dll 2008-09-07 20:27 . 2008-09-07 20:27 11,345 --a------ C:\WINDOWS\golibocy.dat 2008-09-07 20:27 . 2008-09-07 20:27 10,671 --a------ C:\WINDOWS\system32\yhubusofus.scr 2008-09-07 20:27 . 2008-09-07 20:27 10,552 --a------ C:\Documents and Settings\HP_Administrator\Application Data\ajiduhe.sys 2008-09-07 20:27 . 2008-09-07 20:27 10,364 --a------ C:\Documents and Settings\All Users\Application Data\urexobasyf.vbs 2008-09-07 20:27 . 2008-09-07 20:27 10,064 --a------ C:\WINDOWS\evusoqyva.scr 2008-09-07 20:19 . 2008-09-07 20:19 0 --a------ C:\WINDOWS\system32\U3L35MEA.exe.a_a 2008-09-07 19:51 . 2008-09-07 19:51 71,723 --a------ C:\WINDOWS\system32\nbxfuajcvm.exe 2008-09-07 19:30 . 2008-09-07 19:30 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-09-07 19:20 . 2008-09-12 20:12 71,992 --a------ C:\WINDOWS\system32\winivstr.exe.vir 2008-09-07 19:19 . 2008-09-13 01:30 9,216 --a------ C:\WINDOWS\system32\buritos.exe.vir 2008-09-07 19:19 . 2008-09-13 01:30 9,216 --a------ C:\WINDOWS\buritos.exe.vir 2008-09-06 20:29 . 2008-09-06 20:29 <DIR> d-------- C:\WINDOWS\qkzk 2008-09-06 20:29 . 2008-09-12 21:08 <DIR> d-------- C:\Program Files\Common Files\qkzk 2008-09-06 20:19 . 2008-09-12 20:26 <DIR> d-------- C:\Program Files\VnrBlock 2008-09-06 19:49 . 2008-09-13 00:56 <DIR> d-------- C:\Program Files\Twain 2008-09-06 19:49 . 2008-09-12 19:56 1,962 --a------ C:\WINDOWS\default.htm.vir 2008-09-06 19:44 . 2008-09-06 19:44 <DIR> d-------- C:\Program Files\Webtools 2008-09-06 19:39 . 2008-09-12 20:06 <DIR> d-------- C:\Program Files\Mjcore 2008-09-06 19:35 . 2008-09-06 19:35 <DIR> d-------- C:\Program Files\uTorrent 2008-09-06 19:34 . 2008-09-12 19:50 8,704 --a------ C:\WINDOWS\system32\smwin32.dll 2008-09-06 19:33 . 2008-09-06 19:33 210,097 --a------ C:\WINDOWS\00963b59.exe 2008-09-06 19:33 . 2008-09-06 19:33 85,008 --a------ C:\WINDOWS\system32\uesiuqcr.exe.vir 2008-09-06 19:33 . 2008-09-12 19:50 15,360 --a------ C:\WINDOWS\system32\getsn32.dll.vir 2008-09-06 19:29 . 2008-09-12 23:11 80,898 --a------ C:\WINDOWS\system32\U3L35MEA.exe 2008-09-06 19:16 . 2008-09-06 19:15 29,824 --a------ C:\WINDOWS\system32\jBT0sE1U.exe 2008-09-06 19:16 . 2008-09-06 19:16 0 --a------ C:\WINDOWS\system32\jBT0sE1U.exe.a_a 2008-09-04 17:02 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-08-30 23:34 . 2008-08-30 23:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback 2008-08-28 02:22 . 2008-08-28 02:22 166,400 --a------ C:\WINDOWS\system32\iobgfvcumspnj.dll 2008-08-27 19:09 . 2008-08-27 19:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP 2008-08-27 17:33 . 2008-08-27 17:33 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData 2008-08-26 18:35 . 2008-08-26 18:35 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\funkitron 2008-08-26 09:36 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2008-08-25 21:30 . 2008-08-25 21:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MySpace 2008-08-25 21:06 . 2008-08-25 21:06 1,833 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL479AA-ABA a1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium 4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK 2008-08-25 21:05 . 2004-10-25 15:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE 2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS 2008-08-25 21:04 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec 2008-08-25 21:04 . 2005-09-16 23:06 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView 2008-08-25 21:04 . 2005-09-16 23:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit 2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2008-08-25 21:04 . 2008-09-13 00:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator 2008-08-25 21:03 . 2005-09-16 23:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2008-08-25 21:03 . 2005-09-16 23:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2008-08-25 21:03 . 2005-09-16 23:06 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView 2008-08-25 21:03 . 2005-09-16 23:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit 2008-08-25 21:03 . 2005-09-16 23:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer 2008-08-25 20:30 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-08-25 20:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-25 19:58 . 2008-09-13 07:03 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache 2008-08-25 18:45 . 2008-08-25 18:45 <DIR> d-------- C:\Program Files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 19:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-13 09:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-13 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-09-13 07:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-08 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-04 23:58 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 00:35 --------- d-----w C:\Program Files\WildTangent 2008-08-26 04:05 --------- d-----w C:\Program Files\Easy Internet signup 2008-08-25 16:39 --------- d-----w C:\Program Files\Incomplete 2008-08-25 16:38 --------- d-----w C:\Program Files\LimeWire 2008-08-24 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater . ((((((((((((((((((((((((((((( snapshot@2008-09-13_ 1.07.25.57 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-13 08:35:45 42,248 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll + 2008-09-13 08:35:45 27,912 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll + 2008-09-13 08:35:45 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll + 2008-09-13 08:35:45 83,296 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}] 2008-09-11 12:48 229376 --a------ C:\Program Files\OINAnalytics\OINAnalytics.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 114688] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 48752] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 98304] "{90ac6768-4f1b-7f21-546d-1345e34c9c80}"="C:\WINDOWS\system32\iobgfvcumspnj.dll" [2008-08-28 166400] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-10 158208] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 C:\WINDOWS\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Odkkwrax"="C:\Program Files\Common Files\?icrosoft.NET\t?skmgr.exe" [?] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] --a------ 2008-08-19 20:08 914512 C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{9213bb08-8c1e-46ec-861c-e9d1a08fe6b9} - C:\WINDOWS\system32\zznodp.dll BHO-{925FBA44-5610-49DF-A05A-CFE64C6CF227} - C:\WINDOWS\system32\iifCTLFu.dll BHO-{AC32B632-77A9-2020-FB4D-0BA2E1C94E92} - (no file) BHO-{c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file) BHO-{D7336D32-62F7-43B5-8B8C-3963C72CA498} - C:\WINDOWS\system32\qoMeBqRj.dll BHO-{f1a8d27e-29ed-474b-b8a3-57f623b8afac} - (no file) HKLM-Run-8872a4d6 - C:\WINDOWS\system32\qkethgyi.dll HKLM-Run-SSC_UserPrompt - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe HKLM-Run-IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exe HKLM-Run-URLLSTCK.exe - c:\Program Files\Norton Internet Security\UrlLstCk.exe HKLM-Run-BM8b41974a - C:\WINDOWS\system32\yqqaolqp.dll HKLM-Run-buritos - buritos.exe HKU-Default-Run-Scbu - C:\WINDOWS\WNSXS~1\ntvdm.exe HKU-Default-Run-GetModule23 - C:\Program Files\GetModule\GetModule23.exe ShellExecuteHooks-{D7336D32-62F7-43B5-8B8C-3963C72CA498} - C:\WINDOWS\system32\qoMeBqRj.dll Notify-qoMeBqRj - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\x3efexyh.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-13 13:31:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-09-13 13:34:54 - machine was rebooted [HP_Administrator] ComboFix-quarantined-files.txt 2008-09-13 20:34:48 ComboFix2.txt 2008-09-13 08:07:52 Pre-Run: 173,579,247,616 bytes free Post-Run: 173,051,834,368 bytes free 291
Hey tony909 Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. *********************************************************** Before scanning with Superantispyware, let us first make the job easier. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. Open Notepad and copy/paste the text in the code box below into it: Code: KILLALL:: Driver:: Beep 103C_HP_CPC_EL479AA-ABAa1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK ComputerINC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK File:: C:\WINDOWS\system32\ssqQkIXp.dll.vir C:\WINDOWS\system32\iyghtekq.ini C:\WINDOWS\system32\01257aad.exe C:\WINDOWS\system32\01259cac.exe C:\WINDOWS\system32\01255b8c.exe C:\WINDOWS\stfMeane72.exe C:\WINDOWS\system32\0125a96d.exe C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP C:\WINDOWS\system32\karina.dat.vir C:\tsdi.exe C:\bcje.exe C:\sjle.exe C:\jhvwffvh.exe C:\iojxqrrr.exe C:\tpynsmfc.exe C:\R8VE.exe C:\CFy.exe C:\WINDOWS\urobyhi.pif C:\Documents and Settings\All Users\Application Data\ajaleg.vbs C:\WINDOWS\system32\avunyr.bin C:\Documents and Settings\All Users\Application Data\yqujelimi.dll C:\Documents and Settings\All Users\Application Data\iwaxowifuh.vbs C:\WINDOWS\inijoxupap._sy C:\WINDOWS\ucov.exe C:\WINDOWS\golibocy.dat C:\WINDOWS\system32\yhubusofus.scr C:\Documents and Settings\HP_Administrator\Application Data\ajiduhe.sys C:\Documents and Settings\All Users\Application Data\urexobasyf.vbs C:\WINDOWS\system32\dllcache\beep.sys C:\WINDOWS\system32\drivers\beep.sys C:\WINDOWS\evusoqyva.scr C:\WINDOWS\system32\U3L35MEA.exe.a_a C:\WINDOWS\system32\nbxfuajcvm.exe C:\WINDOWS\system32\ZoneAlarmIconUS.ico C:\WINDOWS\system32\winivstr.exe.vir C:\WINDOWS\system32\buritos.exe.vir C:\WINDOWS\buritos.exe.vir C:\WINDOWS\default.htm.vir C:\WINDOWS\system32\smwin32.dll C:\WINDOWS\00963b59.exe C:\WINDOWS\system32\uesiuqcr.exe.vir C:\WINDOWS\system32\getsn32.dll.vir C:\WINDOWS\system32\U3L35MEA.exe C:\WINDOWS\system32\jBT0sE1U.exe C:\WINDOWS\system32\jBT0sE1U.exe.a_a C:\WINDOWS\system32\msonpmon.dll C:\WINDOWS\system32\iobgfvcumspnj.dll C:\WINDOWS\system32\drivers\103C_HP_CPC_EL479AA-ABAa1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK ComputerINC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK Folder:: C:\Program Files\Common Files\?icrosoft.NET C:\Program Files\AdwarePro C:\WINDOWS\qkzk C:\Program Files\Common Files\qkzk C:\Program Files\VnrBlock C:\Program Files\Twain C:\Program Files\Webtools C:\Program Files\Mjcore Save this as CFScript.txt in the same folder as ComboFix. Then drag the CFScript.txt into Combo-Fix.exe. This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt). Do not click on the ComoboFix window, as it may cause it to stall. *********************************************************** Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards
heres the combo fix log... ComboFix 08-09-13.05 - HP_Administrator 2008-09-14 11:03:45.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.249 [GMT -7:00] Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe Command switches used :: C:\ComboFix\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bcje.exe C:\CFy.exe C:\Documents and Settings\All Users\Application Data\ajaleg.vbs C:\Documents and Settings\All Users\Application Data\iwaxowifuh.vbs C:\Documents and Settings\All Users\Application Data\urexobasyf.vbs C:\Documents and Settings\All Users\Application Data\yqujelimi.dll C:\Documents and Settings\HP_Administrator\Application Data\ajiduhe.sys C:\Program Files\AdwarePro C:\Program Files\AdwarePro\engine.dat.tmp C:\Program Files\AdwarePro\SchedulePlan.txt C:\Program Files\Common Files\qkzk C:\Program Files\Common Files\qkzk\qkzka.lck C:\Program Files\Common Files\qkzk\qkzkd\class-barrel C:\Program Files\Common Files\qkzk\qkzkh C:\Program Files\Common Files\qkzk\qkzkl.lck C:\Program Files\Common Files\qkzk\qkzkm.lck C:\Program Files\Mjcore C:\Program Files\Twain C:\Program Files\VnrBlock C:\Program Files\VnrBlock\xtarga.gz C:\Program Files\Webtools C:\R8VE.exe C:\sjle.exe C:\tpynsmfc.exe C:\WINDOWS\00963b59.exe C:\WINDOWS\buritos.exe.vir C:\WINDOWS\default.htm.vir C:\WINDOWS\evusoqyva.scr C:\WINDOWS\golibocy.dat C:\WINDOWS\inijoxupap._sy C:\WINDOWS\qkzk C:\WINDOWS\qkzk\qkzk.dat C:\WINDOWS\qkzk\wu C:\WINDOWS\stfMeane72.exe C:\WINDOWS\system32\01255b8c.exe C:\WINDOWS\system32\01257aad.exe C:\WINDOWS\system32\01259cac.exe C:\WINDOWS\system32\0125a96d.exe C:\WINDOWS\system32\avunyr.bin C:\WINDOWS\system32\buritos.exe.vir C:\WINDOWS\system32\dllcache\beep.sys C:\WINDOWS\system32\drivers\beep.sys C:\WINDOWS\system32\getsn32.dll.vir C:\WINDOWS\system32\iobgfvcumspnj.dll C:\WINDOWS\system32\iyghtekq.ini C:\WINDOWS\system32\jBT0sE1U.exe C:\WINDOWS\system32\jBT0sE1U.exe.a_a C:\WINDOWS\system32\karina.dat.vir C:\WINDOWS\system32\msonpmon.dll C:\WINDOWS\system32\nbxfuajcvm.exe C:\WINDOWS\system32\smwin32.dll C:\WINDOWS\system32\ssqQkIXp.dll.vir C:\WINDOWS\system32\U3L35MEA.exe C:\WINDOWS\system32\U3L35MEA.exe.a_a C:\WINDOWS\system32\uesiuqcr.exe.vir C:\WINDOWS\system32\winivstr.exe.vir C:\WINDOWS\system32\yhubusofus.scr C:\WINDOWS\system32\ZoneAlarmIconUS.ico C:\WINDOWS\ucov.exe C:\WINDOWS\urobyhi.pif J:\autorun.inf shell\open\default=1C:\Program Files\Common Files\icroso~1.net\t?skmgr.exe C:\Documents and Settings\HP_Administrator\My Documents\YSTEM3~1\w?aclt.exe . . . . failed to delete C:\Program Files\Common Files\icroso~1.net\t?skmgr.exe . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BEEP -------\Service_Beep ((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-14 10:46 . 2008-09-14 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-14 10:45 . 2008-09-14 10:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-14 10:45 . 2008-09-14 10:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2008-09-13 23:45 . 2008-09-13 23:45 21,504 --a------ C:\WINDOWS\system32\judgjrin32.dll 2008-09-13 23:31 . 2008-09-13 23:31 21,504 --a------ C:\WINDOWS\system32\judgjrin.dll 2008-09-13 15:09 . 2008-09-13 15:09 326,656 --a------ C:\WINDOWS\system32\khfcaBqQ.dll 2008-09-13 14:51 . 2008-09-13 16:19 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-09-13 14:51 . 2008-09-13 16:19 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-09-13 14:25 . 2008-09-13 23:25 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-09-13 14:20 . 2008-09-13 14:20 <DIR> d-------- C:\1628ba 2008-09-13 14:20 . 2008-09-13 14:20 <DIR> d-------- C:\15fbfd 2008-09-13 14:19 . 2008-09-13 14:19 <DIR> d-------- C:\158fb6 2008-09-13 14:19 . 2008-09-13 14:19 133,248 --a------ C:\WINDOWS\system32\drivers\ethzfczr.sys 2008-09-13 14:18 . 2008-09-13 14:18 34,816 --a------ C:\ueqf.exe 2008-09-13 14:18 . 2008-09-13 14:18 10,000 --a------ C:\WINDOWS\system32\gjm86akm34.dll 2008-09-13 14:18 . 2008-09-13 14:18 2 --a------ C:\-2005752711 2008-09-13 14:17 . 2004-08-10 12:00 8,704 --a------ C:\WINDOWS\system32\reset5e.dll 2008-09-13 14:17 . 2008-09-13 14:17 7,532 --a------ C:\uxs.exe 2008-09-13 13:12 . 2008-09-13 13:54 <DIR> d-------- C:\Program Files\XoftSpySE 2008-09-13 07:32 . 2008-09-13 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-09-13 06:51 . 2008-09-13 06:51 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET 2008-09-13 01:35 . 2008-09-13 01:35 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-09-13 01:34 . 2008-09-13 01:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-13 01:17 . 2008-09-13 07:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-09-13 00:54 . 2008-09-13 00:54 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-12 20:44 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-12 20:23 . 2008-09-12 20:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-12 20:23 . 2008-09-13 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-12 20:03 . 2008-09-12 20:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software 2008-09-12 19:56 . 2008-09-12 19:57 <DIR> d-------- C:\Program Files\Trojan Remover 2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software 2008-09-12 19:56 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-09-12 19:56 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-09-12 19:56 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-09-12 19:56 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-09-12 19:56 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-09-12 19:51 . 2008-09-12 19:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-09-12 19:46 . 2008-09-13 01:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6 2008-09-12 19:40 . 2008-09-12 19:40 4,286 --a------ C:\WINDOWS\system32\Jamster.ico 2008-09-12 18:05 . 2008-09-12 18:05 15,883 --a------ C:\WINDOWS\kawituzaqi.ban 2008-09-12 18:04 . 2008-09-12 18:04 <DIR> d-------- C:\Program Files\OINAnalytics 2008-09-07 20:27 . 2008-09-07 20:27 11,391 --a------ C:\Documents and Settings\HP_Administrator\Application Data\fyxavebuvy.dll 2008-09-06 19:35 . 2008-09-06 19:35 <DIR> d-------- C:\Program Files\uTorrent 2008-08-30 23:34 . 2008-08-30 23:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback 2008-08-27 19:09 . 2008-08-27 19:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP 2008-08-27 17:33 . 2008-08-27 17:33 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData 2008-08-26 18:35 . 2008-08-26 18:35 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\funkitron 2008-08-26 09:36 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2008-08-25 21:30 . 2008-08-25 21:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MySpace 2008-08-25 21:06 . 2008-08-25 21:06 1,833 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL479AA-ABA a1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium 4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK 2008-08-25 21:05 . 2004-10-25 15:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE 2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS 2008-08-25 21:04 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec 2008-08-25 21:04 . 2005-09-16 23:06 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView 2008-08-25 21:04 . 2005-09-16 23:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit 2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2008-08-25 21:04 . 2008-09-13 13:44 <DIR> d-------- C:\Documents and Settings\HP_Administrator 2008-08-25 21:03 . 2005-09-16 23:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2008-08-25 20:30 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-08-25 20:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-25 19:58 . 2008-09-14 11:09 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache 2008-08-25 18:45 . 2008-08-25 18:45 <DIR> d-------- C:\Program Files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-13 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-09-13 23:19 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-09-13 23:19 --------- d-----w C:\Program Files\Symantec 2008-09-13 20:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-13 20:43 --------- d-----w C:\Program Files\Easy Internet signup 2008-09-13 19:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-13 07:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-08 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-04 23:58 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 00:35 --------- d-----w C:\Program Files\WildTangent 2008-08-25 16:39 --------- d-----w C:\Program Files\Incomplete 2008-08-25 16:38 --------- d-----w C:\Program Files\LimeWire 2008-08-24 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater . ((((((((((((((((((((((((((((( snapshot_2008-09-14_ 0.15.30.12 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-14 17:45:51 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-09-14 17:45:51 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}] 2008-09-11 12:48 229376 --a------ C:\Program Files\OINAnalytics\OINAnalytics.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C897D}] 2008-09-13 14:18 10000 --a------ C:\WINDOWS\system32\gjm86akm34.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 114688] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 84640] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 98304] "URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [BU] "BM8b41974a"="C:\WINDOWS\system32\yqqaolqp.dll" [BU] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248] "8872a4d6"="C:\WINDOWS\system32\fgfsqjjb.dll" [BU] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 C:\WINDOWS\system32\HdAShCut.exe] "buritos"="buritos.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Odkkwrax"="C:\Program Files\Common Files\?icrosoft.NET\t?skmgr.exe" [?] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{C5BF49A2-94F3-42BD-F434-3604812C897D}"= "C:\WINDOWS\system32\gjm86akm34.dll" [2008-09-13 10000] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjhee] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\judgjrin] 2008-09-13 23:45 21504 C:\WINDOWS\system32\judgjrin32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMeBqRj] [BU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fos65.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] --a------ 2008-08-19 20:08 914512 C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= S1 ethzfczr;ethzfczr;C:\WINDOWS\system32\drivers\ethzfczr.sys [2008-09-13 133248] S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{3E502482-11F4-4DF7-AA3C-16A34D78FD3C} - (no file) BHO-{5D3DC08D-381D-42CE-8562-5F627626C2D9} - (no file) BHO-{9213bb08-8c1e-46ec-861c-e9d1a08fe6b9} - (no file) BHO-{925FBA44-5610-49DF-A05A-CFE64C6CF227} - (no file) BHO-{AC32B632-77A9-2020-FB4D-0BA2E1C94E92} - (no file) BHO-{c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file) BHO-{D7336D32-62F7-43B5-8B8C-3963C72CA498} - (no file) BHO-{f1a8d27e-29ed-474b-b8a3-57f623b8afac} - (no file) HKLM-Run-{90ac6768-4f1b-7f21-546d-1345e34c9c80} - C:\WINDOWS\system32\iobgfvcumspnj.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 11:09:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\judgjrin32.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-09-14 11:12:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-14 18:12:17 ComboFix2.txt 2008-09-14 07:15:58 ComboFix3.txt 2008-09-13 20:34:55 ComboFix4.txt 2008-09-13 08:07:52 Pre-Run: 173,628,141,568 bytes free Post-Run: 173,617,635,328 bytes free 305
heres the superantispyware log... i ranned it in safemode, but it did not make a log.. so i ranned it again in normal starup and got this log.... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/14/2008 at 01:57 PM Application Version : 4.21.1004 Core Rules Database Version : 3566 Trace Rules Database Version: 1554 Scan type : Complete Scan Total Scan Time : 00:59:50 Memory items scanned : 393 Memory threats detected : 1 Registry items scanned : 6253 Registry threats detected : 12 File items scanned : 98905 File threats detected : 19 Rootkit.Dropper/BotNet C:\WINDOWS\SYSTEM32\JUDGJRIN32.DLL C:\WINDOWS\SYSTEM32\JUDGJRIN32.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\judgjrin C:\WINDOWS\SYSTEM32\JUDGJRIN.DLL Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C897D} Rootkit.Dopper/ETH HKLM\System\ControlSet001\Services\ethzfczr C:\WINDOWS\SYSTEM32\DRIVERS\ETHZFCZR.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_ethzfczr HKLM\System\ControlSet003\Services\ethzfczr HKLM\System\ControlSet003\Enum\Root\LEGACY_ethzfczr HKLM\System\CurrentControlSet\Services\ethzfczr HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ethzfczr Adware.Tracking Cookie C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt Trojan.FakeAlert/Desktop HKU\S-1-5-21-1316273570-1447017622-1403318424-1008\CONTROL PANEL\DESKTOP#WALLPAPER HKU\S-1-5-21-1316273570-1447017622-1403318424-1008\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER HKU\S-1-5-21-1316273570-1447017622-1403318424-1008\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER Trojan.Unclassified/Buritos HKLM\Software\Microsoft\Windows\CurrentVersion\Run#buritos [ buritos.exe ] Adware.ClickSpring C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\?YSTEM32\W?ACLT.EXE C:\PROGRAM FILES\COMMON FILES\?ICROSOFT.NET\T?SKMGR.EXE Trojan.Dropper/Gen-Packed C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\SPEEDRUNNER\SRUNINSTALL.EXE.VIR Adware.Unknown Origin C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\QKZK\QKZKD\CLASS-BARREL.VIR Adware.ClickSpring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1554OINADMIN.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1554OINUNINSTALLER.EXE.VIR Adware.AdSponsor/ISM-GetModule C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETMODULE\GETMODULE20.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETMODULE\GETMODULE21.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETMODULE\GETMODULE23.EXE.VIR Adware.AdSponsor/ISM-GetPack C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETPACK\GETPACK21.EXE.VIR Adware.AdSponsor/ISM C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ICHECK\ICHECK.EXE.VIR NotHarmful.Sysinternals Bluescreen Screen Saver C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BLPHCG8JJ0E585.SCR.VIR Trojan.Downloader-Gen/Win C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KARINA.DAT.VIR.VIR Trojan.Unclassified/Uesiuqcr C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UESIUQCR.EXE.VIR.VIR Adware.ClickSpring/Outerinfo C:\QOOBOX\QUARANTINE\C\WINDOWS\WNSXS~1\NTVDM.EXE.VIR
Goody.... the malware's getting destroyed. Now, post a new HijackThis log, and tell me what problems you have left. Best Regards
my computer is working great now,, looks like its all cleaned up, i installed a fresh copy or norton antivirus 07 and it finished up the job.... Thanks a lot for your help, appreciate it......
