RFR25

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RFR25

  • Rank
    Member

Profile Information

  • Location
    Houston, Texas
  1. Good evening I know you! I am not sure I will have to run it again, but I think in the Documents & Settings\ Compaq Owner\Application Data like I said I do not have any issues I just thought it strange to have all of these files pertaining to protection & the porn pass stuff. I will try and run Spybot again this evening and let you know for sure, I need to go order my AV from Kaspersky since my SM7 has quit working, meant to do it yesterday even before I discovered the other not working. RFR
  2. Good morning I don’t think I have a problem since HJThis helped me get rid of the Internet Speed Monitor stuff, more of a question or two. I noticed again yesterday and when I ran Sbybot the first time a couple of weeks that it checks all theses files on my computer. What gets me is the names of some of these files Zlob Porn Pass Zlob Porn Mag pass Spyware Sheriff Spyware Night Gain Gator Vario Antivirus Cyber defender Spy Arsenal Kill & Clean Malware Wipe ETC. Now the main sites I really go to are Model Mayhem, Bikernet.com, Paid Models, My Space (my nieces are on there) I do go to others as well but have been for years. I do not go anywhere where there is porn so I am a little surprised by the first two...just remembered I do work with enteretainers so I may have gone to one of their sites. As for the others HJThis had me download several programs while he was helping me, however I believe theses files were there prior, what the hell are they? I ran Spybot, Ad Aware, Super AntiSpyware and a few others yesterday and had no issues were found. I did notice my System Mechanic 7 Antivirus will no longer open, even if I reload it. I am in the process of buying Kaspersky Antivirus but was going to get the CD version. I may need to expidite that? Thanks for your time RFR
  3. You had me try searching for that Ecurit folder earlier but I went back and looked again and still nothing was there I have a display tune & a help folder. Maybe SM7 actually killed it? I will let you know after I run the SM7 virus scan if it show up again. I have done everything on your earlier message except the IE-Spyad step, just ran out of steam when I got in from work this morning. I will do it first thing tomorrow as well as check out the prevention site you mentioned. She seems to be working fine? Thanks again for your help! Hope you had a great Thanksgiving! RFR
  4. The one w32 virus shows up according to the logs in C\douments\compaq owners\application\ecurit\spool sv.exe I was unable to locate that folder in the previous steps and just now they go from Display Tune to Help A Search of Files & Folder with hidden files does not locate it either
  5. Me again I ran Super AntiSpyware in SafeMode first on just the external hard drive and it found 1 item attached log below, not sure how it got on the G drive. Then I ran it again on C, D & G nothing. Rebooted ran Ad Aware which found nothing. Is there anything else you would like to see? If not I think she is OK with the exception of the one item I mentioned in the about reply about the w32 virus in case there is anything specific I should do for it? Now I plan on removing SM7 and possibly just load their pop up blocker I do want to se if Internet Explorer has one on it. I want to get a better antivirus program, firewall etc any recommendations will be appreciated. I plan on being a lot more proactive in my system defenses! I understand Sbybot is suppose to be a good program but do not want to run programs that conflict with each other. Also it gives me messages about registry changes and allowing, I guess it is safe to assume never allow any changes unless I have just loaded some new software or updates? And finally how do I keep the ISM off off here in the future or do all the steps we have taken assist in that with regular updates on software programs? Thank You again for all of your assistance! RFR SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/21/2007 at 03:19 PM Application Version : 3.9.1008 Core Rules Database Version : 3347 Trace Rules Database Version: 1348 Scan type : Complete Scan Total Scan Time : 00:05:13 Memory items scanned : 167 Memory threats detected : 0 Registry items scanned : 6366 Registry threats detected : 0 File items scanned : 28 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
  6. Good Morning! OK here is what is going on, first thing when I got up BEFORE finishing the last steps you sent I checked my e-mail and then went to the Model Mayhem site to check a message and just to be sure no pop ups existed before logging on here to check for your reply. I then went and preformed all the latest recommendations. While the computer was removing the restore points but not right away I got a System Mechanic pop up for a "virus blocked" w32\download2.cmz Please tell me I was not TOO stupid by not checking and doing these last steps first! I just wanted to be sure nothing strange happened before reporting back. This is the same one SM would keep telling me about prior and the alerts would grow in number all the way up to 9 on one alert. I am not sure where it comes from? Here is a HiJack log just in case. I am going to go now and run the Super AntiSpyware with my external hard drive plugged in this time. So I may not be back for 30 minutes to an hour, I know this because I had to stay here while it scanned this morning, because I forgot to change my screen saver times and did not want it coming on and interfering with the scan. Other then this one item she seems fine! RFR Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:52:38 PM, on 11/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\1 - Ad Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gateway\EzTune\DTSRVC.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\MySoftware\MyInvoices\tracker.exe C:\Program Files\Gateway\EzTune\DTHtml.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe C:\1- SuperAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [system Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\1- SuperAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O20 - Winlogon Notify: !SASWinLogon - C:\1- SuperAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\1 - Ad Aware\aawservice.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 8107 bytes
  7. Here are the logs & a couple of questions only because it is 6:20 Am and I have had about 15 hours sleep since Saturday because of this virus, in deleting the folders I also deleted a folder called QdrDrive that you did not have listed I hope that was OK? Then it is C:\Documents & Settings\Compaq Owners\Application Data where I was looking for the ECURIT folder correct? It was not there but just checking? One other thing when I ran the Super AntiSpyware I did not have the external hard drive plugged in with all of my photos on it as I had needed that port yesterday. Do I need to run the scan again with it is plugged in just to be safe? I only saw it scan C & D but it did not appear to try any of the other 10 listed drives. And finally while not knowing for sure yet and a just a little leery about turning it off for the night, but I think you Kicked it’s ######!!! I will no for sure later but I need to get a few hours sleep. And should it be gone and whenever you have the time could you tell me which of all of these programs do you recommend I keep besides Hijack This, Ad Aware, Super AntiSpyware? I have downloaded quite a few and anything I should get in place of the System Mechanic 7 Do they have uninstallers on the ones I do not need? Thanks again for all the help & I will get back with you in a few hours. RFR ___________________________________________________________________________________________________ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/21/2007 at 05:19 AM Application Version : 3.9.1008 Core Rules Database Version : 3347 Trace Rules Database Version: 1348 Scan type : Complete Scan Total Scan Time : 00:36:04 Memory items scanned : 176 Memory threats detected : 0 Registry items scanned : 6374 Registry threats detected : 31 File items scanned : 29574 File threats detected : 18 Trojan.Downloader-Gen/QDRModule [QdrModule9] C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE Adware.ClickSpring [srro] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ECURIT~1\SPOOLSV.EXE C:\DOCUME~1\COMPAQ~1\APPLIC~1\ECURIT~1\SPOOLSV.EXE HKLM\Software\Classes\CLSID\{B8ABA54B-3481-187A-D229-31E679F10EC6} HKCR\CLSID\{B8ABA54B-3481-187A-D229-31E679F10EC6} HKCR\CLSID\{B8ABA54B-3481-187A-D229-31E679F10EC6}\InprocServer32 HKCR\CLSID\{B8ABA54B-3481-187A-D229-31E679F10EC6}\InprocServer32#ThreadingModel HKCR\CLSID\{B8ABA54B-3481-187A-D229-31E679F10EC6}\Programmable HKCR\CLSID\{B8ABA54B-3481-187A-D229-31E679F10EC6}\TypeLib C:\WINDOWS\SYSTEM32\JHWFKNU.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8ABA54B-3481-187A-D229-31E679F10EC6} C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\ECURIT~1\SPOOLSV.EXE C:\Program Files\Common Files\PPPATC~1\RGSVR3~1.EXE Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E} HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E} HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}#AppID HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\Implemented Categories HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\InprocServer32 HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\InprocServer32#ThreadingModel HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\ProgID HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\TypeLib HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\VersionIndependentProgID C:\PROGRAM FILES\QDRDRIVE\QDRDRIVE8.DLL HKLM\Software\Classes\CLSID\{875A1348-7674-42aa-ADAC-B4F36A004A2D} HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D} HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D} HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}#AppID HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\InprocServer32 HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\InprocServer32#ThreadingModel HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\ProgID HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\TypeLib HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D} HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} Adware.ClickSpring/Outer Info Network C:\Program Files\Outerinfo\FF\chrome.manifest C:\Program Files\Outerinfo\FF\components\FF.dll C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\Outerinfo\FF\components C:\Program Files\Outerinfo\FF\install.rdf C:\Program Files\Outerinfo\FF C:\Program Files\Outerinfo\Terms.rtf C:\Program Files\Outerinfo C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Outerinfo Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\WAPISVSU32.EXE _______________________________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:11:24 AM, on 11/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\1 - Ad Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gateway\EzTune\DTSRVC.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MySoftware\MyInvoices\tracker.exe C:\Program Files\Gateway\EzTune\DTHtml.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe C:\1- SuperAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [system Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\1- SuperAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O20 - Winlogon Notify: !SASWinLogon - C:\1- SuperAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\1 - Ad Aware\aawservice.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 8100 bytes
  8. Going to go give it a try just thought I would Update you on the latest events, other then being annoying nothing has not gotten out of hand until now! I always check my e-mail messages when I get in from work just now while on My Space a ISM window poped up EXCEPT it would not close!! Each time I hit the close button in the corner another window would open. Just wanted you to know about this quirk for any future folks you help. Thanks for sticking with me on this! Here I go to give your latest steps a try. Thanks
  9. Don't look like it is going to happen, when I copy and paste the link nothing. When I type outerinfo.com in the address bar & hit enter nothing. When I use a search like Google for Outerinfo right as it loads the results page and before I can click on their link a Internet Speed Monitor window opens beside the result page and no link that goes straight to Outerinfo works, others that may go to a forum site do though. I have tried several times and the same result each time. Just tried MS Live Search and the same results, you can go to any link on the page that does not go to outerinfo.com
  10. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:31 AM, on 11/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\1 - Ad Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gateway\EzTune\DTSRVC.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\MySoftware\MyInvoices\tracker.exe C:\Program Files\Gateway\EzTune\DTHtml.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\QdrModule\QdrModule9.exe C:\Program Files\Common Files\?ppPatch\r?gsvr32.exe C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe C:\Program Files\QdrPack\QdrPack9.exe C:\DOCUME~1\COMPAQ~1\APPLIC~1\ECURIT~1\spoolsv.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll O2 - BHO: (no name) - {B8ABA54B-3481-187A-D229-31E679F10EC6} - C:\WINDOWS\system32\jhwfknu.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" O4 - HKCU\..\Run: [Ysqxvmkn] "C:\Program Files\Common Files\?ppPatch\r?gsvr32.exe" O4 - HKCU\..\Run: [system Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe" O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe" O4 - HKCU\..\Run: [srro] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\ECURIT~1\spoolsv.exe" -vt yazb O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\1 - Ad Aware\aawservice.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 8705 bytes
  11. Good Morning & Thanks for all of your time! I am assuming my infection is not as bad as some since I did not have to run the Combofix which is OK with me if I can still get it out of here. I do not have any of these files Qdrmodule, QdrPack & QdrDrive showing up in the add/remove screen, the folders just show up in the Promgam Files folder. I also have a QdrModule9.exe & QdrPack9.exe showing up in Windows Task Manager And so far the link again this morning just pops up however the MS action flag in the right corner does nothing. I let it set for a few minutes earlier this morning, does it take a while to load? Can you just post the link & I can copy it? Thanks, Richard
  12. I got this pop up right as Java exited to the Read Me file, which is an ISM pop up on the tool bar http://zhydropilar.net?tk=102&down=true I am assuming you mean in the last part of the message Control Panel>Add/Remove as I do not have a Software Icon to go to in CP? None of the Oin files appear in add/remove so I guess I need to download the uninstall. I do have Qdrmodule, QdrPack & QdrDrive in Program Files Just tried the Uninstall link, it is dead. It brought up a window, however nothing loaded. I will try it again.
  13. Here you go I did not realize the one scan would take so long. Scan mode: Full Scan time: 00:26:57 Number of objects scanned: 299426 Number of infections found: 11 Critical: 10 Privacy Objects: 1 Infections deleted: 11 Total infections quarantined: 0 Total infections ignored by scanner: 0 __________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:44:24 PM, on 11/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\1 - Ad Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gateway\EzTune\DTSRVC.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\MySoftware\MyInvoices\tracker.exe C:\Program Files\Gateway\EzTune\DTHtml.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\QdrModule\QdrModule9.exe C:\Program Files\Common Files\?ppPatch\r?gsvr32.exe C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe C:\Program Files\QdrPack\QdrPack9.exe C:\DOCUME~1\COMPAQ~1\APPLIC~1\ECURIT~1\spoolsv.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll O2 - BHO: (no name) - {B8ABA54B-3481-187A-D229-31E679F10EC6} - C:\WINDOWS\system32\jhwfknu.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" O4 - HKCU\..\Run: [Ysqxvmkn] "C:\Program Files\Common Files\?ppPatch\r?gsvr32.exe" O4 - HKCU\..\Run: [system Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe" O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe" O4 - HKCU\..\Run: [srro] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\ECURIT~1\spoolsv.exe" -vt yazb O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\1SPYBO~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\1 - Ad Aware\aawservice.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 8490 bytes _________________________________________ SDFix: Version 1.115 Run by Compaq_Owner on Mon 11/19/2007 at 05:41 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\126.TMP - Deleted C:\127.TMP - Deleted C:\12D.TMP - Deleted C:\12F.TMP - Deleted C:\WINDOWS\b143.exe - Deleted C:\WINDOWS\mrofinu72.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 17:48:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F03\4&3b20567a&0\LogConf] "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,.. "BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{059276EE-4027-461F-8E11-8F020F21B14A}] "DhcpRetryStatus"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNP0F03\4&3b20567a&0\LogConf] "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,.. "BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink" "C:\\Tax Information 05\\TurboTax Deluxe 2006\\32bit\\ttax.exe"="C:\\Tax Information 05\\TurboTax Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\\Tax Information 05\\TurboTax Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Tax Information 05\\TurboTax Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager" "C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewallr" "C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirusr" "C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirusr Email Protection" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 3 Sep 2006 213 A.SHR --- "C:\BOOT.BAK" Sat 2 Sep 2006 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS" Thu 1 Nov 2007 230,400 ..SHR --- "C:\Program Files\Common Files\Ã ppPatch\r?gsvr32.exe" Fri 16 Nov 2007 71,680 ..SHR --- "C:\Documents and Settings\Compaq_Owner\Application Data\?ecurity\spoolsv.exe" Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT9.tmp" Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BITA.tmp" Finished! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, November 19, 2007 7:43:22 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/11/2007 Kaspersky Anti-Virus database records: 462014 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ N:\ Scan Statistics: Total number of scanned objects: 101535 Number of viruses found: 9 Number of infected objects: 15 Number of suspicious objects: 2 Duration of the scan process: 01:31:49 Infected Object Name / Virus Name / Last Action C:\117.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\117.tmp NSIS: infected - 1 skipped C:\125.tmp Infected: Trojan-Downloader.Win32.Small.gll skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\Compaq_Owner\Application Data\Ñ•ecurity\spoolsv.exe Object is locked skipped C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\LightScribe\log\log1120.txt Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012007111920071120\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9EB9.tmp Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9F3C.tmp Object is locked skipped C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\L0000027.FCS Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\main.log Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\Compaq Connections\6750491\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\iolo\System Mechanic Professional 7\SystemAnalyzer.log Object is locked skipped C:\Program Files\Outerinfo\FF\components\FF.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped C:\SDFix\backups\backups.zip/backups/b143.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{36EC0028-8B85-4538-BB29-A461B426C5A6}\RP213\A0042863.exe Infected: not-a-virus:AdWare.Win32.Agent.tj skipped C:\System Volume Information\_restore{36EC0028-8B85-4538-BB29-A461B426C5A6}\RP213\A0044246.exe Infected: Trojan-Downloader.Win32.Agent.fcp skipped C:\System Volume Information\_restore{36EC0028-8B85-4538-BB29-A461B426C5A6}\RP213\A0044308.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped C:\System Volume Information\_restore{36EC0028-8B85-4538-BB29-A461B426C5A6}\RP213\A0044317.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped C:\System Volume Information\_restore{36EC0028-8B85-4538-BB29-A461B426C5A6}\RP213\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{FA92A243-ADA5-4B5F-B06B-1AD916E3AA18}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\jhwfknu.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.
  14. Here is the Ad Aware log as well as the Hijack This log. Question sir prior to the AA scan I installed a external hard drive and moved all of my photograpghy images to it, I do freelance work for motorcycle magazines and such and wanted to secure them in case I screw something up! Do I need to scan that drive as well? It should be all just images Jpeg, maybe some Gif too, I will go ahead and scan it just in case you need it. Also I did not delete the suff Ad Aware found, I just ran the log since I was not sure if you needed to see what as reappeared since I deleted them yesterday? Thank You for your help!!! Richard Sorry! I missed the part in your reply where it said that the HiJack logs are easier to work with when Ad Aware has done its job. I did not realize it did not list the viruses. I am redoing my first screw up! And will readd the logs when completed. __________________________________________________________________________________________________________________________
  15. I posted for help on some photo related sites prior to learning of this site and several people recommended downloading Ad Aware, Spybot, AVG & SmitfraudFix not realizing at the time that they would not cure this issue. AVG found some items but slowed my system to a stop and I do not think could have removed this pest either. I ran Ad Aware & it found several objects, ran Spybot afterwards, it found 2 objects a win32.small.azi & statcounter. So I ran AA again and it found an additional object Win32.trojajandownloader.ag? Restarted computer this time no objects located by Ad Aware and at first there were no pop ups or redirects I did get a virus intercept from System Mechanic win32.download2.cmz which I guess deleted it? I have also ran Smitfraud Fix and seem to have gotten rid of everything but this which keeps coming back. So far when doing searches on the net I am taken to either your site or one other where it seems that you have asked the person to send you a copy of the HiJack report so I am unsure if these people just tried running the Combofix & had problems are that is the proper place to start? I have downloaded the Combofix to my desktop but sure as heck do not want to make any mistakes! Any specfic thing I should do or just continue to check some more of the posts here, do not want to waste anyone's time. Thanks, RFR Wierd it has not poped up once since I logged onto this site, it must be scared!