Dedicated Member
Not unless you want to buy that anti-virus program, it deleted what it found.
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Also I need a new hijackthis log each time you post unless instructed otherwisw please. Thanks.
Elite Member
you;re early today..
1)this is the uninstall log
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Elements 2.0
Adobe Reader 7.0
Adobe Stock Photos 1.0
AM-DeadLink 3.1
ArcSoft Picture Software
Ashampoo Movie Shrink & Burn 2.21
AVG Free Edition
Azureus
BearFlix
BookWorm Deluxe
CCleaner (remove only)
Coloreal
CoreVorbis Audio Decoder (remove only)
Digital Camera Driver
DivX Web Player
ESET Online Scanner
FlashGet(JetCar)
Fx Video Converter
getPlus(R)_ocx
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Digital Imaging Album Printing 1.0
HP Driver Diagnostics
hp instant support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
iconBackup v1.0 (remove only)
Inactive HP Printer Drivers (Remove only)
Inactive HP ScanJet Drivers (Remove only)
Insaniquarium Deluxe 1.0
Insaniquarium Patch Installer 1.2
Intel(R) Extreme Graphics Driver
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 3
Kaspersky Online Scanner
KBD
Macromedia Shockwave Player
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Encarta Encyclopedia Standard - WE 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Small Business
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Murasu Anjal 2.0.2
Musicmatch® Jukebox
nero
NoAdware v4.0
NVIDIA Windows 2000/XP Display Drivers
OneStep Search 1.0 build 146
PC-Doctor for Windows
PDF Password Cracker Enterprise v3.0
Pdf995
PDFCreator
PdfEdit995
Peggle Deluxe 1.0
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RecordNow
RecordNow Update Manager
Registry Mechanic 5.2
RelevantKnowledge
Rhapsody Player Engine
S3Display
S3Gamma2
S3Info2
S3Overlay
SA21xx Device Manager
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Shareaza PRO 3.0.0.0
Shockwave
ShowBiz
Signature995
Simple Backup for My Pictures
SopCast 2.0.4
SopCore 1.1.2
SoundTaxi 1.2.0
Space Rocks
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
StartUp Manager
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
Torrent Harvester
Tweak UI
Uniblue Registry Booster
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
USB Storage RW
VeryPDF PDF2Word v3.0
VideoLAN VLC media player 0.8.6b
Virtual BassLine 3
VirtualDJ Plugin Wizard
Vista Start Menu
WildTangent Channel Manager
Windows Defender Signatures
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Messenger
Zoundry Blog Writer
this is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:20 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.plal.com/images/brick.jpg
O24 - Desktop Component 1: (no name) - http://www.indianchild.com/images/tree_01.gif
O24 - Desktop Component 2: (no name) - http://imgi.maps.yahoo.com/mapimage?...pCSirH73a_Sf6p
O24 - Desktop Component 3: (no name) - http://cguesthouse.homestead.com/fil...QS_main_bg.jpg
O24 - Desktop Component 4: (no name) - http://www.theweathernetwork.com/com...ground1024.gif
O24 - Desktop Component 5: (no name) - https://secure4.worldweb.com/Activit...son_tours3.gif
O24 - Desktop Component 6: (no name) - http://www.vancouvertrolley.com/images/bg.gif
--
End of file - 7325 bytes
so, if i want to install the NOD32 antivirus, is it a good antivirus?? if i do install it, must i uninstall my AVG antivirus??
Dedicated Member
From add/remove program uninstall this adware:
RelevantKnowledge
Reboot your PC
Run hijackthis and click on "scan system only" button and put checks next to these:
O24 - Desktop Component 0: (no name) - http://www.plal.com/images/brick.jpg
O24 - Desktop Component 1: (no name) - http://www.indianchild.com/images/tree_01.gif
O24 - Desktop Component 2: (no name) - http://imgi.maps.yahoo.com/mapimage?...pCSirH73a_Sf6p
O24 - Desktop Component 3: (no name) - http://cguesthouse.homestead.com/fil...QS_main_bg.jpg
O24 - Desktop Component 4: (no name) - http://www.theweathernetwork.com/com...ground1024.gif
O24 - Desktop Component 5: (no name) - https://secure4.worldweb.com/Activit...son_tours3.gif
O24 - Desktop Component 6: (no name) - http://www.vancouvertrolley.com/images/bg.gif
Please close ALL browser windows (including this one).
Everything closed out but hijackthis and click on "fix checked"
Reboot your PC
How are things doing now?
Elite Member
This is my new hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:03 AM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6439 bytes
2) I keep on getting this pop up (http://popunder.paypopup.com/close.php)
3) i still have this problem. when i save a link to the desktop, then i try to double click on it, it opens the internet explorer but it wont load no matter how long i leave it like that. when i click the STOP button, it says res://C:\WINDOWS\system32\shdoclc.dll/navcancl.htm. This problem is also the same when i recieve a link from my friend on msn messenger, then i click it, it will give me the same problem. so i cant open the link. I have to open the link manually by copying and pasting on the address bar.
Dedicated Member
OK let's break out the big guns.
If you have previously downloaded ComboFix,please delete that version now.
Now download ComboFix and save to your desktop:
Note:
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners now
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
New hijackthis log like this:
Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.
Elite Member
neal, before you post the latest thread, i got this virus alert
Elite Member
this is the combofix log
ComboFix 08-01-29.3 - Owner 2008-01-29 13:17:33.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.
2008-01-29 13:34 . 2008-01-29 13:34 <DIR> d-------- C:\temp\tn3
2008-01-29 13:32 . 2008-01-29 13:32 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-28 09:45 . 2008-01-28 13:26 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-27 18:24 . 2008-01-28 09:03 <DIR> d-------- C:\Program Files\BitComet
2008-01-26 13:18 . 2008-01-26 23:02 <DIR> d-------- C:\Program Files\OneStepSearch
2008-01-25 18:43 . 2008-01-25 18:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-24 16:50 . 2008-01-24 16:51 <DIR> d-------- C:\Program Files\DAP
2008-01-22 12:43 . 2008-01-22 20:04 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-01-21 19:42 . 2008-01-22 20:04 <DIR> d-------- C:\WINDOWS\system32\ctf
2008-01-21 17:00 . 2008-01-21 17:00 86,144 --a------ C:\WINDOWS\system32\drivers\nwlnkipxx.sys
2008-01-21 11:49 . 2008-01-21 16:41 <DIR> d-------- C:\Program Files\PDF Password Cracker Enterprise v3.0
2008-01-21 11:49 . 2008-01-21 16:42 440 --a------ C:\WINDOWS\crackpdf.INI
2008-01-20 22:35 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-20 20:25 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-01-20 20:25 . 2008-01-20 20:25 14,290 --a------ C:\Program Files\settings.dat
2008-01-20 20:24 . 2008-01-20 20:27 <DIR> d-------- C:\Program Files\PDFCreator
2008-01-20 20:24 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-01-20 20:24 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-01-20 20:18 . 2008-01-20 20:18 <DIR> d-------- C:\Program Files\Zoundry Blog Writer
2008-01-19 18:34 . 2008-01-19 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-19 16:03 . 2008-01-21 15:06 <DIR> d-------- C:\Program Files\BookWorm Deluxe
2008-01-19 14:41 . 2008-01-19 18:46 <DIR> d-------- C:\Program Files\MSN Games
2008-01-17 09:32 . 2008-01-17 09:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\aignes
2008-01-17 09:31 . 2008-01-17 09:31 <DIR> d-------- C:\Program Files\AM-DeadLink
2008-01-16 22:59 . 2008-01-16 22:59 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-16 22:58 . 2008-01-16 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-16 14:20 . 2008-01-16 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-16 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 22:50 . 2008-01-15 22:50 <DIR> d-------- C:\Documents and Settings\Owner\Display Pictures
2008-01-14 11:06 . 2008-01-15 13:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 11:06 . 2008-01-14 11:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-14 11:06 . 2008-01-14 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 11:05 . 2008-01-14 11:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 13:17 . 2008-01-13 13:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-10 20:21 . 2008-01-19 16:05 <DIR> d-------- C:\Program Files\PopCap Games
2008-01-10 20:21 . 2008-01-10 20:21 0 --a------ C:\WINDOWS\popcreg.dat
2008-01-10 20:21 . 2008-01-10 20:21 0 --a------ C:\WINDOWS\popcinfot.dat
2008-01-09 23:01 . 2008-01-09 23:01 <DIR> d-------- C:\Program Files\Torrent Harvester
2008-01-06 20:00 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-06 20:00 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-06 20:00 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-01-06 20:00 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-01-06 20:00 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-12-31 19:03 . 2008-01-29 12:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 19:03 . 2007-12-31 19:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 18:43 . 2007-12-31 18:43 32 --a------ C:\WINDOWS\SAGE.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-29 04:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-01-28 12:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-26 06:32 --------- d-----w C:\Program Files\FlashGet
2008-01-22 13:38 --------- d-----w C:\Program Files\NoAdware4
2008-01-22 04:08 --------- d-----w C:\Program Files\Azureus
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-21 08:32 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-01-20 12:26 --------- d-----w C:\Program Files\SpywareGuard
2008-01-19 09:48 --------- d-----w C:\Documents and Settings\compaq\Application Data\AVG7
2008-01-19 06:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-01-16 05:45 --------- d-----w C:\Program Files\Java
2008-01-13 12:32 --------- d-----w C:\Program Files\Coloreal
2007-12-27 13:08 --------- d-----w C:\Program Files\DK
2007-12-27 13:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-23 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2007-12-23 11:59 --------- d-----w C:\Program Files\Ashampoo
2007-12-21 12:03 77,840 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-19 06:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 05:58 --------- d-----w C:\Program Files\YoGen Vocal Remover 3.1.0
2007-12-19 05:26 --------- d-----w C:\Program Files\Doblon
2007-12-19 05:22 --------- d-----w C:\Program Files\Fx Video Converter
2007-12-18 15:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Download Manager
2007-12-18 10:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2007-12-18 09:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 09:47 --------- d-----w C:\Program Files\Windows Live
2007-12-15 09:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-15 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-15 06:35 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-15 06:35 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-12-11 10:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Doblon
2007-12-08 01:23 --------- d-----w C:\Program Files\MSN Messenger
2007-12-07 04:49 --------- d-----w C:\Program Files\DivX
2007-12-07 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoGen
2007-12-06 11:36 --------- d-----w C:\Program Files\VBL3
2007-12-05 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-12-04 02:57 --------- d-----w C:\Program Files\01-mp3search
2007-12-01 05:16 --------- d-----w C:\Program Files\iconBackup v1.0
2007-11-30 05:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-22 00:07 32,632 ----a-w C:\Program Files\media player.asf
2006-06-03 01:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-03-11 05:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-03-05 11:21 444,537 --sha-w C:\WINDOWS\system32\gjkkj.bak1
2007-04-01 07:39 461,800 --sha-w C:\WINDOWS\system32\gjkkj.bak2
2007-04-01 10:39 461,038 --sha-w C:\WINDOWS\system32\gjkkj.ini2
.
Code:<pre> ----a-w 260,096 2008-01-24 05:49:15 C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\VMware.New All .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2008-01-21 12:32 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.ex e" [2008-01-21 12:33 406528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2008-01-21 12:33 219136]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-23 10:31 126976 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Silent Service]
--a------ 2002-06-18 20:24 32768 C:\Windows\system32\HpSrvUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpScannerFirstBoot]
--a------ 2001-12-13 19:24 20480 c:\hp\drivers\scanners\scannerfb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
--a------ 2002-10-25 15:33 69632 C:\Program Files\USB Storage RW\shwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LCIDCHNG]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mercora]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-07-31 19:28 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 17:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2002-06-18 07:01 155648 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-02 17:29 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Quick Access]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPodService"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"UStorage Server Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"OneStep Search Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AlcxMonitor"=ALCXMNTR.EXE
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINT SETP.EXE /IMEName
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScIn st.exe /SYNC
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG. EXE
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\ TINTSETP.EXE /SYNC
S3 DCamUSBPremier;USB Video Camera;C:\WINDOWS\system32\Drivers\mpixvid.sys [2004-07-01 02:03]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{21086163-69c9-11dc-aa21-000c760025ce}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 13:55:00 C:\WINDOWS\Tasks\LiveUpdate.job"
- C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE
"2007-03-05 12:50:01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 13:34:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
************************************************** ************************
.
Completion time: 2008-01-29 13:46:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 05:46:11
ComboFix2.txt 2008-01-13 06:33:15
2) this is the newly renamed hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:02 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Foolyou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6468 bytes
3) while it was scanning, the combofix said that i didnt have the job.dox then it rebooted my PC. whats this??
4) Also, what does this mean "WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED". this was taken from the combofix log that was produced
Last edited by ramesh help; 29-01-2008 at 07:03 AM.
Dedicated Member
Google it and do some research.3) while it was scanning, the combofix said that i didnt have the job.dox then it rebooted my PC. whats this??
4) Also, what does this mean "WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED". this was taken from the combofix log that was produced
going to crack sites is what keeps you getting infected!!!
Uninstall this from add/remove also please and reboot after
OneStep Search 1.0 build 146
Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD CODE
Code:File:: C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\nwlnkipxx.sys C:\WINDOWS\crackpdf.INI C:\WINDOWS\iun6002.exe C:\WINDOWS\system32\gjkkj.bak1 C:\WINDOWS\system32\gjkkj.bak2 C:\WINDOWS\system32\gjkkj.ini2 Driver:: core.cache.dsk nwlnkipxx.sys Folder:: C:\Program Files\OneStepSearch C:\Program Files\PDF Password Cracker Enterprise v3.0 RenV:: a-w 260,096 C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\VMware.New All .exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OneStep Search Service"=- [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{21086163-69c9-11dc-aa21-000c760025ce}]
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
Elite Member
this time it manage to delete something... what was the CFScript that you asked me to put into the combofix? is it to modify the settings?? what i did was, that i draged the notepad file into the combofix and it started by its self. but happened was that my computer made 2 "beep sounds" i have never heard this beep sound before. after that the combofix comtinued the scan. after that it started to delete files, and this is the report
ComboFix 08-01-29.3 - Owner 2008-01-30 13:05:17.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\crackpdf.INI
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nwlnkipxx.sys
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\gjkkj.bak2
C:\WINDOWS\system32\gjkkj.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nwlnkipxx.sys
C:\Program Files\OneStepSearch
C:\Program Files\OneStepSearch\OneStepSearch_deleted_\onestep .dll
C:\Program Files\OneStepSearch\OneStepSearch_deleted_\onestep .exe
C:\Program Files\OneStepSearch\OneStepSearch_deleted_\uninsta ll.exe
C:\Program Files\PDF Password Cracker Enterprise v3.0
C:\Program Files\PDF Password Cracker Enterprise v3.0\cimage.dll
C:\Program Files\PDF Password Cracker Enterprise v3.0\compress.ini
C:\Program Files\PDF Password Cracker Enterprise v3.0\crackpdf-000.png
C:\Program Files\PDF Password Cracker Enterprise v3.0\crackpdf-001.png
C:\Program Files\PDF Password Cracker Enterprise v3.0\crackpdf-002.png
C:\Program Files\PDF Password Cracker Enterprise v3.0\crackpdf.exe
C:\Program Files\PDF Password Cracker Enterprise v3.0\crackpdf.log
C:\Program Files\PDF Password Cracker Enterprise v3.0\crackpdf.url
C:\Program Files\PDF Password Cracker Enterprise v3.0\help.htm
C:\Program Files\PDF Password Cracker Enterprise v3.0\password.dic
C:\Program Files\PDF Password Cracker Enterprise v3.0\remopt.dll
C:\Program Files\PDF Password Cracker Enterprise v3.0\SkinMagic.dll
C:\Program Files\PDF Password Cracker Enterprise v3.0\unins000.dat
C:\Program Files\PDF Password Cracker Enterprise v3.0\unins000.exe
C:\Program Files\PDF Password Cracker Enterprise v3.0\xpgrean.smf
C:\temp\tn3
C:\WINDOWS\crackpdf.INI
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nwlnkipxx.sys
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\gjkkj.bak2
C:\WINDOWS\system32\gjkkj.ini2
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-28 09:45 . 2008-01-28 13:26 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-27 18:24 . 2008-01-28 09:03 <DIR> d-------- C:\Program Files\BitComet
2008-01-25 18:43 . 2008-01-25 18:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-24 16:50 . 2008-01-24 16:51 <DIR> d-------- C:\Program Files\DAP
2008-01-22 12:43 . 2008-01-22 20:04 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-01-21 19:42 . 2008-01-22 20:04 <DIR> d-------- C:\WINDOWS\system32\ctf
2008-01-20 22:35 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-20 20:25 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-01-20 20:25 . 2008-01-20 20:25 14,290 --a------ C:\Program Files\settings.dat
2008-01-20 20:24 . 2008-01-20 20:27 <DIR> d-------- C:\Program Files\PDFCreator
2008-01-20 20:24 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-01-20 20:24 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-01-20 20:18 . 2008-01-20 20:18 <DIR> d-------- C:\Program Files\Zoundry Blog Writer
2008-01-19 18:34 . 2008-01-19 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-19 16:03 . 2008-01-21 15:06 <DIR> d-------- C:\Program Files\BookWorm Deluxe
2008-01-19 14:41 . 2008-01-19 18:46 <DIR> d-------- C:\Program Files\MSN Games
2008-01-17 09:32 . 2008-01-17 09:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\aignes
2008-01-17 09:31 . 2008-01-17 09:31 <DIR> d-------- C:\Program Files\AM-DeadLink
2008-01-16 22:58 . 2008-01-16 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-16 14:20 . 2008-01-16 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-16 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 22:50 . 2008-01-15 22:50 <DIR> d-------- C:\Documents and Settings\Owner\Display Pictures
2008-01-14 11:06 . 2008-01-15 13:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 11:06 . 2008-01-14 11:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-14 11:06 . 2008-01-14 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 11:05 . 2008-01-14 11:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 13:17 . 2008-01-13 13:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-10 20:21 . 2008-01-19 16:05 <DIR> d-------- C:\Program Files\PopCap Games
2008-01-10 20:21 . 2008-01-10 20:21 0 --a------ C:\WINDOWS\popcreg.dat
2008-01-10 20:21 . 2008-01-10 20:21 0 --a------ C:\WINDOWS\popcinfot.dat
2008-01-09 23:01 . 2008-01-09 23:01 <DIR> d-------- C:\Program Files\Torrent Harvester
2008-01-06 20:00 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-06 20:00 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-06 20:00 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-01-06 20:00 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-06 20:00 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-01-06 20:00 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-12-31 19:03 . 2008-01-30 09:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 19:03 . 2007-12-31 19:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 18:43 . 2007-12-31 18:43 32 --a------ C:\WINDOWS\SAGE.INI
2007-12-27 21:11 . 1994-12-06 07:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2007-12-27 21:08 . 2007-12-27 21:08 <DIR> d-------- C:\Program Files\DK
2007-12-24 13:34 . 2008-01-15 15:16 <DIR> d-------- C:\WINDOWS\wt
2007-12-23 20:00 . 2007-12-23 20:00 <DIR> d-------- C:\WINDOWS\system32\ebay
2007-12-23 20:00 . 2007-12-23 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2007-12-23 19:59 . 2007-12-23 19:59 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-20 18:30 . 2008-01-03 15:02 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-19 13:19 . 2007-12-19 13:22 <DIR> d-------- C:\Program Files\Fx Video Converter
2007-12-19 13:19 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2007-12-19 13:19 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2007-12-19 13:19 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-19 13:19 . 1998-07-29 14:08 363,008 --a------ C:\WINDOWS\system32\BUYB12.dll
2007-12-19 13:19 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\TabCtl32.ocx
2007-12-19 13:19 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2007-12-19 13:19 . 1998-07-29 14:08 46,592 --a------ C:\WINDOWS\system32\buyb12ex.dll
2007-12-19 13:19 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2007-12-19 13:19 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2007-12-19 13:19 . 1998-07-29 14:08 28,160 --a------ C:\WINDOWS\system32\BuyB12Ax.ocx
2007-12-18 14:12 . 2007-12-18 18:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2007-12-18 10:16 . 2007-12-18 23:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Download Manager
2007-12-15 17:47 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-15 17:46 . 2007-12-15 17:46 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-15 14:35 . 2007-12-15 14:35 282,624 -ra------ C:\WINDOWS\Setup1.exe
2007-12-15 14:35 . 2007-12-15 14:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-11 18:30 . 2007-12-11 18:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Doblon
2007-12-11 13:04 . 2007-12-15 12:08 362,496 ---h----- C:\~WRL1818.tmp
2007-12-11 13:04 . 2007-12-15 00:04 325,632 ---h----- C:\~WRL0003.tmp
2007-12-07 13:49 . 2008-01-24 10:23 <DIR> d--h----- C:\New Folder
2007-12-07 12:48 . 2007-12-07 12:49 <DIR> d-------- C:\Program Files\DivX
2007-12-06 22:04 . 2007-12-07 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoGen
2007-12-06 22:02 . 2007-12-19 13:58 <DIR> d-------- C:\Program Files\YoGen Vocal Remover 3.1.0
2007-12-06 19:49 . 2007-12-19 13:26 <DIR> d-------- C:\Program Files\Doblon
2007-12-06 19:36 . 2007-12-06 19:36 <DIR> d-------- C:\Program Files\VBL3
2007-12-06 19:36 . 2005-11-05 21:29 65,536 --a------ C:\WINDOWS\VBLUninstall.exe
2007-12-04 10:36 . 2007-12-04 10:57 <DIR> d-------- C:\Program Files\01-mp3search
2007-12-01 13:16 . 2007-12-01 13:16 <DIR> d-------- C:\Program Files\iconBackup v1.0
2007-12-01 10:25 . 2007-07-09 21:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-29 06:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-29 04:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-01-26 06:32 --------- d-----w C:\Program Files\FlashGet
2008-01-22 13:38 --------- d-----w C:\Program Files\NoAdware4
2008-01-22 04:08 --------- d-----w C:\Program Files\Azureus
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-21 08:32 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-01-20 12:26 --------- d-----w C:\Program Files\SpywareGuard
2008-01-19 09:48 --------- d-----w C:\Documents and Settings\compaq\Application Data\AVG7
2008-01-19 06:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-01-16 05:45 --------- d-----w C:\Program Files\Java
2008-01-13 12:32 --------- d-----w C:\Program Files\Coloreal
2007-12-27 13:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 12:03 77,840 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-19 06:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 09:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 09:47 --------- d-----w C:\Program Files\Windows Live
2007-12-15 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-08 01:23 --------- d-----w C:\Program Files\MSN Messenger
2007-12-05 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-30 05:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-22 00:07 32,632 ----a-w C:\Program Files\media player.asf
2007-10-25 02:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-23 09:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-06-03 01:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-03-11 05:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2008-01-21 12:32 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.ex e" [2008-01-21 12:33 406528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2008-01-21 12:33 219136]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-23 10:31 126976 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Silent Service]
--a------ 2002-06-18 20:24 32768 C:\Windows\system32\HpSrvUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpScannerFirstBoot]
--a------ 2001-12-13 19:24 20480 c:\hp\drivers\scanners\scannerfb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
--a------ 2002-10-25 15:33 69632 C:\Program Files\USB Storage RW\shwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LCIDCHNG]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mercora]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-07-31 19:28 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 17:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2002-06-18 07:01 155648 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-02 17:29 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Quick Access]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPodService"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"UStorage Server Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AlcxMonitor"=ALCXMNTR.EXE
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINT SETP.EXE /IMEName
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScIn st.exe /SYNC
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG. EXE
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\ TINTSETP.EXE /SYNC
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\dr ivers\SndTDriverV32.sys [2006-08-11 16:56]
S1 nwlnkipxx;nwlnkipxx;C:\WINDOWS\system32\drivers\nw lnkipxx.sys []
S3 DCamUSBPremier;USB Video Camera;C:\WINDOWS\system32\Drivers\mpixvid.sys [2004-07-01 02:03]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 Slnt7554;USB Soft Modem Driver;C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-04 13:41]
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{21086163-69c9-11dc-aa21-000c760025ce}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 13:55:00 C:\WINDOWS\Tasks\LiveUpdate.job"
- C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE
"2007-03-05 12:50:01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 13:24:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
************************************************** ************************
.
Completion time: 2008-01-30 13:37:40 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-01-30 05:37:33
ComboFix2.txt 2008-01-29 05:46:18
ComboFix3.txt 2008-01-13 06:33:15
2) this is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:48 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Foolyou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6501 bytes
Dedicated Member
You did good!!
Go here to learn how to show hidden files/folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Re-hide after we are done
Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:
C:\WINDOWS\.jagex_cache_32
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
If that one is to busy here is another option:
http://virusscan.jotti.org
And
http://www.kaspersky.com/scanforvirus.html
Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.
When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
And post a new HJT log also..
