Hijackthis log file

Topic:Hijackthis log file - isamu8760

Remainpoint:0

barrytibbles Gender

PostTime:12/16/2008 11:53:54 AM

Top

Level:

Professional point:

Experience:

Thread:

292

Post:

962

Total online time:

Joined date:

4/28/2007 11:08:00 PM

Last Visit:

12/17/2008 12:44:40 AM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

Hello. I just joined the site and unfortunatly my first post is get a log file checked. I just ran Hijackthis and here's the log file. Can anyone tell me what needs to go? Much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:28 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\rnbahlvg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ssoxyggr.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://home.ep.microsoft.com/NT/ASPX/msrdp.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2729.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\rnbahlvg.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9076 bytes


equi	PostTime:12/16/2008 8:01:24 PM	Point:0 \| # 1
Level: 13 Professional point: 0 Experience: 1814 Thread: 120 Post: 400 Total online time: 1814M Joined date: 4/20/2007 10:24:00 PM Last Visit: 12/16/2008 11:58:28 PM Status:	Thanks for your reply. Here are the three log files requested. What are the next steps? Thanks. COMBOFIX LOG: ComboFix 07-09-26 - Compaq_Owner 2007-09-25 19:00:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.174 [GMT -7:00] Running from: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\USNYLOMD\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data.\winantispyware 2007 C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 Free C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007\Logs\update.log C:\Program Files\Common Files\winantispyware 2007 C:\Program Files\Common Files\winantispyware 2007\err.log C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe C:\Temp\fse C:\WINDOWS\cookies.ini C:\WINDOWS\system32\drivers\fopn.sys C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\f02WtR\f02WtR1065.exe C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\mlkkj.bak1 C:\WINDOWS\system32\mlkkj.bak2 C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\nnnmmjk.dll C:\WINDOWS\system32\odrtxocx.exe C:\WINDOWS\system32\paopylvj.exe C:\WINDOWS\system32\qrorvche.exe C:\WINDOWS\system32\rnbahlvg.exe C:\WINDOWS\system32\winbl32.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_FOPN -------\ApiMon -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))) . 2007-09-25 18:59 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-25 18:58 84,032 --a------ C:\WINDOWS\system32\mblkwggp.dll 2007-09-23 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-09-17 22:13 <DIR> d-------- C:\Temp 2007-09-13 18:25 <DIR> d-------- C:\Program Files\iTunes 2007-09-13 18:25 <DIR> d-------- C:\Program Files\iPod 2007-09-13 18:22 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-24 22:40 --------- d-------- C:\Program Files\Trend Micro 2007-09-24 22:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-23 09:39 --------- d-------- C:\Program Files\Google 2007-09-03 16:16 --------- d-------- C:\Program Files\CaseLogistix Web Client Controls 2007-08-25 15:37 --------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM 2005-09-30 05:19:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-03-12 23:27] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 02:04] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 01:59] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 05:02] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-12 23:41] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 06:43] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 09:22] "URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 12:29] "PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 05:13] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 07:54] "SoundMan"="SOUNDMAN.EXE" [2005-04-06 18:57 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-06 18:53 C:\WINDOWS\ALCWZRD.EXE] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55] "SearchIndexer"="C:\WINDOWS\system32\mblkwggp.dll" [2007-09-25 18:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-03-12 23:51:52] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-23 09:38:38] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe [2005-12-19 12:59:28] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-03-12 23:51:52] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-23 09:38:38] R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe R2 TRIXIDKP;TRIXIDKP;\??\C:\WINDOWS\system32\trixidkp.qio [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{946850c5-1e27-11d9-baf0-806d6172696f}] AutoRun\command- D:\setup.exe . Contents of the 'Scheduled Tasks' folder "2007-09-14 01:22:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-03-13 07:11:56 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-25 19:07:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-09-25 19:08:43 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-25 19:08 . --- E O F --- SUPERANTISPYWARE SCAN LOG: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/25/2007 at 07:29 PM Application Version : 3.9.1008 Core Rules Database Version : 3313 Trace Rules Database Version: 1316 Scan type : Complete Scan Total Scan Time : 00:11:23 Memory items scanned : 413 Memory threats detected : 0 Registry items scanned : 6130 Registry threats detected : 0 File items scanned : 34257 File threats detected : 58 Adware.Tracking Cookie C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@publishers.clickbooth[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go.winantispyware[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@imrworldwide[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@screensavers[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go.winantivirus[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.screensavers[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@optimizer.intermarkmedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.techguy[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.sphere[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediatraffic[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@drivecleaner[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-pcsecurityshield.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adcentriconline[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.winantiviruspro[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@winantivirus[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@enhance[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.winantispyware[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@goclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@windowsmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@invokemedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@winantispyware[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-dig.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@login.revenueloop[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpvfeed[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sexbuddies[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.as4x.tmcs[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@edge.ru4[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@winantivirus[2].txt HIJACKTHIS LOG RUN AFTER THE ABOVE 2 APPLICATION SCANS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:24:14 PM, on 9/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Internet Security\ISSVC.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mblkwggp.dll",sitypnow O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://home.ep.microsoft.com/NT/ASPX/msrdp.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2729.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 9427 bytes


maxman847	PostTime:12/16/2008 10:22:02 PM	Point:0 \| # 2
Level: 1 Professional point: 81 Experience: 32 Thread: 281 Post: 990 Total online time: 32M Joined date: 4/29/2007 12:22:00 AM Last Visit: 12/17/2008 12:54:30 AM Status:	Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Ugrading Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 2 . Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. How are things on the PC now?


richmail1357	PostTime:12/17/2008 12:12:51 AM	Point:0 \| # 3
Level: 1 Professional point: 61 Experience: 1 Thread: 293 Post: 955 Total online time: 1M Joined date: 4/28/2007 11:12:00 PM Last Visit: 12/16/2008 11:25:56 PM Status:	Welcome to Pc-onlinehelp! NOTE: If you have downloaded ComboFix previously please delete that version and download it again! Download this file : http://download.bleepingcomputer.com...a/ComboFix.exe Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log Note: Do not mouseclick combofix's window while its running. That may cause it to stall ===================== Download Superantispyware (SAS) free home version http://www.superantispyware.com/supe...freevspro.html Install it and double-click the icon on your desktop to run it. It will ask if you want to update the program definitions, click Yes. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others as they were. o Click the Close button to leave the control center screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click Yes. To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. Click close and close again to exit the program. Please paste that information here for me regardless of what it finds with a new HijackThis log. This will take some time!!!!!!!!

Sorry, you are not login, click here to login