Virus infected Cannot access local disk or programs files LOG included

  1. 01-07-2008  #1
    Wormzer
    Wormzer is offline Newbie

    Angry Virus infected Cannot access local disk or programs files LOG included

    Hello,

    Frustrated is an understatement. I noticed I had a virus today and took the normal steps to rid my system of it, superantispyware and avast. I think I got the virus but my system is locked up. I cannot access my local disk, my task manager, or my program files via start menu. Next to my clock in the bottom right hand corner it says VIRUS ALERT! Even my lcd on my keyboard says VIRUS ALERT. If anyone can help it would be a godsend. I need to get back to work asap. Here is my hijackthis log. Any advice on how to get access to my systems functions would be great.

    Thanks in advance! Brady

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:35: VIRUS ALERT!, on 6/30/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\WindowZones\WindowZones.sys
    C:\Program Files\WindowZones\WindowZones.sys
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashLogV.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [{6D-D0-0A-A1-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
    O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinpmdt.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [4416d00e] rundll32.exe "C:\WINDOWS\system32\mrkgqbav.dll",b
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Vygrevar] "C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\M?crosoft\??chost.exe"
    O4 - HKCU\..\Run: [Ogatphze] C:\WINDOWS\system32\s?stem\?hkntfs.exe
    O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\SMBOLS~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: StockTicker.lnk = C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
    O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1181618822718
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181618800218
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O21 - SSODL: qegbdmwf - {3EF16161-CAFF-443F-AEC6-3B9D351983BE} - C:\WINDOWS\qegbdmwf.dll (file missing)
    O21 - SSODL: pntqkflv - {40D7C957-79E4-49B5-B716-DB199AE1F385} - C:\WINDOWS\pntqkflv.dll (file missing)
    O21 - SSODL: VolumeAlrt - {8025750f-634b-4d91-89e9-b4e9430de583} - C:\WINDOWS\Resources\VolumeAlrt.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iaymktux.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteke.html

    --
    End of file - 12577 bytes
  2. 01-07-2008  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Since you have been able to post a log, I will assume you may be able to navigate to and run the scan tool below. Tell us what you can and can't do [can you bring up the 'Task Manager' and then run File>New Task (Run)].


    Perform as much of the following steps as is possible:


    Download ComboFix from one of the following links below:

    Here or Here to your Desktop.


    **Note: If you already have Combofix, delete previous copy(s) and download the latest version. It is important that it is saved directly to your desktop**

    Combofix will disconnect your machine from the Internet and restore connections before it completes its run. If Combofix terminates prematurely and breaks the Internet connections, they can be restored manually by rebooting the machine. Note: If you have an "always on" connection (DSL/cable), unplug the cable from the modem before running Combofix. Do not reconnect before Combofix has finished its scan.
    • Very Important! Temporarily disable your:
      • anti-virus,
      • script blocking and
      • any anti-malware real-time protection
      before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
    • Click on this link to see a list of programs that should be disabled. The list is not all-inclusive. If yours is not listed and you don't know how to disable it, please ask.

    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    ComboFix SHOULD NOT be used unless requested by a forum helper.
  3. 03-07-2008  #3
    Wormzer
    Wormzer is offline Newbie
    "Since you have been able to post a log, I will assume you may be able to navigate to and run the scan tool below. Tell us what you can and can't do [can you bring up the 'Task Manager' and then run File>New Task (Run)]."

    Ok, I followed the directions to the T but am getting an error message while trying to run combofix. I cannot bring up my taskmanager, program files, or local drives. When I try to run combofix from my desktop it gives me this error.

    "C:.......\desktop\combofix.exe is not a valid win32 application"

    When I try to open combofix directly via my downloads box in firefox it gives me an option to open as a link, and asks me to launch application. It also gives a warning about malicious software.

    As of right now I am still severly infested but my firewall and antivirus is keeping my system workable. I would like to reformat and start over but I need to access my program files to back them up.

    I will be including a superantispyware log and an updated hijackthis log. Any assistance would be much appreciated.

    Thanks, Brady

    PS> I still have Virus Alert next to my clock at the bottom of my screen. This overall is what is driving me the most mad! lol Thanks again guys


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

    Generated 11/11/2007 at 02:06 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3265
    Trace Rules Database Version: 1276

    Scan type : Complete Scan
    Total Scan Time : 13:03:46

    Memory items scanned : 538
    Memory threats detected : 0
    Registry items scanned : 6323
    Registry threats detected : 0
    File items scanned : 161645
    File threats detected : 184

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-techtarget.hitbox[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@pro-market[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.adtrak[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CAPJFI0D.txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CA0982Q8.txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@edge.ru4[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@advertising[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@roiservice[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@imrworldwide[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlyuodpelq.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@dealtime[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.espn.adsonar[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.cpmstar[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-dig.hitbox[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[6].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media.adrevolver[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bs.serving-sys[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[3].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjl4clcjgeo.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[5].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.adbrite[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@clicktorrent[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-youtube.hitbox[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[10].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@questionmarket[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[3].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@findwhat[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stats.becu[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[9].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tremor.adbureau[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tracking.offerstrategy[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www6.addfreestats[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@toseeka[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@revenue[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[11].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@inteletrack[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@login.tracking101[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stats2.reliablestats[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjkoend5ikq.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@mystat.synch[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@realmedia[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tacoda[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@podshow.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver5.teracent[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.revsci[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tribalfusion[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bluestreak[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@data2.perf.overture[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-bestbuy.hitbox[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.monster[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statcounter[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@beachcamera.122.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlicpajcfq.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@2o7[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@specificclick[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[7].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@cf-db01.clickfacts[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@zedo[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-kodak.hitbox[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-maniatv.hitbox[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@yadro[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.entrepreneur[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@apmebf[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.xctrk[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hawaiianairlines.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@fastclick[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adsby.zwoops[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-olympus.hitbox[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adlegend[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@classifiedventures1.112.2 o7[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.adreactor[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adtech[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wbl4egc5shp.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@banner.adtrgt[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[8].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@eyewonder[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atlas.entrepreneur[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@interclick[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@revsci[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@buycom.122.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atdmt[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@collective-media[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@anat.tacoda[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.ringro[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.bridgetrack[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[5].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adbrite[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@nextag[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tracking.pulse360[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adinterax[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statse.webtrendslive[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjmiknd5gho.stats.esomniture[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@webstat[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.entrepreneur[3].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adopt.specificclick[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@3.adbrite[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hitbox[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@burstnet[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adrevolver[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@trafficmp[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media.adrevolver[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@precisionclick[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.pointroll[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wfl4qidzmfo.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@mediaplex[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@casalemedia[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.burstnet[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CA43CFQL.txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@counter.hitslink[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@heavycom.122.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@partner2profit[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@overture[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlyamdpogo.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur.122.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@track.bestbuy[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@prnewswire.122.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.k8l[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@doubleclick[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ad.yieldmanager[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@perf.overture[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@livemercial.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@anad.tacoda[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@serving-sys[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ecnext.advertserve[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjkyuncjmhp.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CAPX1WSI.txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@azjmp[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@enhance[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adecn[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@postclicktracking[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.3dstats[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media6degrees[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indiads[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@primedia.us.intellitxt[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.easyad[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@freecodesource.advertserv e[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads3.blastro[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-findlaw.hitbox[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@usatoday1.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www2.addfreestats[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stat.dealtime[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@richmedia.yahoo[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.burstbeacon[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@xiti[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads2.blastro[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.social.trikepilot[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@toplist[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@smileycentral[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[4].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.weatherflow[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wclyuidzicp.stats.esomniture[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statsgod[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adopt.euroclick[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hotlog[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.joinaxxess[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@analytics.sourcetool[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@brightcove.112.2o7[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[4].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-myspaceinc.hitbox[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@exitexchange[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@reduxads.valuead[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indexstats[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indextools[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@social.trikepilot[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.raintraffic[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ad.yieldmanager[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adrevolver[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atlas.entrepreneur[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bs.serving-sys[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@burstnet[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@realmedia[2].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@serving-sys[1].txt
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.adtrak[2].txt

    Adware.k8l
    C:\PROGRAM FILES\COMMON FILES\RTEKE.HTML

    Unclassified.Unknown Origin/System
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP239\A0031632.DLL

    Trojan.ZQuest-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP245\A0033778.EXE

    Trojan.Downloader-Gen/RetAd
    C:\WINDOWS\RETADPU1000106.EXE


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49: VIRUS ALERT!, on 7/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\WindowZones\WindowZones.sys
    C:\Program Files\WindowZones\WindowZones.sys
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\sprof\sprof.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
    O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll (file missing)
    O2 - BHO: (no name) - {C9873CCE-8350-4DC6-8622-312F75CE3BE7} - C:\WINDOWS\system32\geBRiGVO.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [{6D-D0-0A-A1-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
    O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinpmdt.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe
    O4 - HKLM\..\Run: [4416d00e] rundll32.exe "C:\WINDOWS\system32\okxyjegs.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Vygrevar] "C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\M?crosoft\??chost.exe"
    O4 - HKCU\..\Run: [Ogatphze] C:\WINDOWS\system32\s?stem\?hkntfs.exe
    O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\SMBOLS~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: StockTicker.lnk = C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
    O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1181618822718
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181618800218
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O20 - Winlogon Notify: tuvttst - tuvttst.dll (file missing)
    O21 - SSODL: qegbdmwf - {3EF16161-CAFF-443F-AEC6-3B9D351983BE} - C:\WINDOWS\qegbdmwf.dll (file missing)
    O21 - SSODL: pntqkflv - {40D7C957-79E4-49B5-B716-DB199AE1F385} - C:\WINDOWS\pntqkflv.dll (file missing)
    O21 - SSODL: PreBootCheck - {c82935d4-5c0b-47df-ae71-e41aebcdc3ff} - C:\WINDOWS\Resources\MonCheck.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iaymktux.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteke.html

    --
  4. 04-07-2008  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    When I try to open combofix directly via my downloads box in firefox it gives me an option to open as a link, and asks me to launch application. It also gives a warning about malicious software.
    That is normal. Pursue that course of action and see what you get.


    SuperAntiSpyware did not pick up anything consequential or necessarily a currently active threat (cookies and restore points).
  5. 04-07-2008  #5
    Wormzer
    Wormzer is offline Newbie
    Combofix still does not load once I click. Any suggestions? If I would like to do a format and restore what are the steps to saving all my drivers?
  6. 07-07-2008  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Sorry for my absence - was away for the weekend.

    If I would like to do a format and restore what are the steps to saving all my drivers?
    It is not customary nor practical to backup 'drivers' as these are generally available from installation disks and/or from the Internet.

    It is user files that need to be backed up - generally to a USB device such as 'memory stick' or external USB drive or burnt to a CD/DVD. Even that is likely difficult given your current state. In your case, it may be better to acquire a new hard drive, do a clean install (with your vendor provided XP installation disk or recovery disk) , and then 'slave' your old drive or put it into an external USB enclosure to locate and retrieve all your files of interest. Or, have a local vendor do it.


    Here are some general guidelines:

    When Should I Format, How Should I Reinstall
    When should I re-format? How should I reinstall? Security - dslreports.com

    For more specific guidance, suggest you go over to our 'XP forum' providing specs and vendor info pertaining to your PC.



    There may be other things that can be tried, if one of the following is determined to be possible:
    • Booting to SAFE MODE (tapping the F8 during the boot process).
    • Searching for a file of interest in Normal or Safe Mode:


      Use <Windows+F KEYS> and paste each FULL FILENAME Search PATH line (where available).
      -NOTE-----> Windows KEY is located on the left between the <Ctrl and Alt KEYS>.

      Additionally and in this manner, can you locate a file named?:
      %SystemRoot%\system32\restore\rstrui.exe

    • Does the <Ctrl><Alt><Delete> key sequence bring up the 'Task Manager'?
+ Reply to Thread
« [RESOLVED] Popups CID | Yikes! Safe Mode totally inoperable »