IE is being prevented from opening

Customer

• June 11, 2021 10:33

here u goo

=D

 

Owner - 06-09-20 18:53:20.28 Service Pack 2

ComboFix 06.09.14 - Running from: C:\Documents and Settings\Owner\Desktop

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Program Files\Common Files\WNSXS~1

C:\QooBox\Purity\Program Files\Common Files\WNSXS~1\W?nSxS

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-08-20 to 2006-09-20 ))))))))))))))))))))))))))))))))))

 

 

2006-09-06 13:13 21,312 --a------ C:\WINDOWS\choice.exe

2006-09-06 12:53 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL

2006-08-26 15:36 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2006-08-23 07:30 139,264 --a------ C:\WINDOWS\SYSTEM32\cuct.dll

2006-08-23 00:31 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll

2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\SYSTEM32\ieframe.dll

2006-08-23 00:31 457,728 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll

2006-08-23 00:31 175,616 --------- C:\WINDOWS\SYSTEM32\ieui.dll

2006-08-23 00:18 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe

2006-08-23 00:13 11,776 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe

2006-08-23 00:11 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe

2006-08-23 00:10 61,440 --------- C:\WINDOWS\SYSTEM32\icardie.dll

2006-08-23 00:09 262,656 --------- C:\WINDOWS\SYSTEM32\iertutil.dll

2006-08-22 23:36 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

Rootkit driver pe386 is present. A rootkit scan is required

Rootkit driver msguard is present. A rootkit scan is required

Rootkit driver lzx32 is present. A rootkit scan is required

 

2006-09-20 18:50 -------- d-------- C:\Program Files\Mozilla Firefox

2006-09-20 14:35 -------- d-a------ C:\Program Files\Common Files

2006-09-16 09:34 -------- d-------- C:\Program Files\SpywareGuard

2006-09-14 20:16 -------- d-------- C:\Program Files\SpywareBlaster

2006-09-12 18:48 -------- d-------- C:\Program Files\Lexmark 4200 Series

2006-09-12 17:15 -------- d-------- C:\Program Files\Plaxo

2006-09-09 16:59 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-09-09 16:48 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-09-09 16:47 -------- d-------- C:\Program Files\Microsoft.NET

2006-09-09 16:47 -------- d-------- C:\Program Files\Microsoft Office

2006-09-09 16:37 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft

2006-09-06 13:30 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2

2006-09-06 09:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7

2006-09-05 22:50 -------- d-------- C:\Program Files\Windows Defender

2006-09-05 18:32 -------- d-------- C:\Program Files\Internet Explorer

2006-09-05 17:21 -------- d-------- C:\Program Files\Adobe

2006-09-05 10:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Opera

2006-08-27 13:52 -------- d-------- C:\Program Files\QuickTime

2006-08-26 15:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\Transparent

2006-08-26 15:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\InstallShield Installation Information

2006-08-23 09:28 -------- d-------- C:\Program Files\VMware

2006-08-23 07:50 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft

2006-08-23 07:31 2 --a------ C:\WINDOWS\SYSTEM32\wnscpit.exe

2006-08-23 07:25 -------- d-------- C:\Program Files\Lavasoft

2006-08-23 00:31 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll

2006-08-23 00:31 225792 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll

2006-08-23 00:31 152064 --a------ C:\WINDOWS\SYSTEM32\msls31.dll

2006-08-23 00:18 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll

2006-08-23 00:17 40448 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll

2006-08-23 00:17 105472 --a------ C:\WINDOWS\SYSTEM32\url.dll

2006-08-23 00:17 100352 --a------ C:\WINDOWS\SYSTEM32\occache.dll

2006-08-23 00:16 16896 --a------ C:\WINDOWS\SYSTEM32\corpol.dll

2006-08-23 00:14 378368 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll

2006-08-23 00:14 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll

2006-08-23 00:13 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll

2006-08-23 00:13 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll

2006-08-23 00:13 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe

2006-08-23 00:13 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll

2006-08-23 00:13 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll

2006-08-23 00:13 122880 --a------ C:\WINDOWS\SYSTEM32\advpack.dll

2006-08-23 00:10 35328 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll

2006-08-23 00:07 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe

2006-08-22 23:37 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll

2006-08-22 23:30 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll

2006-08-20 23:11 -------- d-------- C:\Program Files\Wizet

2006-08-20 14:18 -------- d-------- C:\Program Files\Comprehensive Review for NCLEX-PN, 2e

2006-08-18 09:20 -------- d-------- C:\Program Files\Common Files\Adobe

2006-08-16 18:11 -------- d-------- C:\Program Files\Shareaza

2006-08-10 19:46 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

2006-08-10 08:25 777472 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

2006-08-10 08:25 27904 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7rsxp.sys

2006-08-06 21:54 278045 --a------ C:\WINDOWS\SYSTEM32\{C5771B73-0306-460C-BF21-AE8A825A986C}.exe

2006-08-06 21:05 -------- d-------- C:\Program Files\Google

2006-08-06 20:34 -------- d-------- C:\Program Files\DivX

2006-08-04 11:37 73728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll

2006-08-04 11:37 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll

2006-08-01 21:33 -------- d-------- C:\Program Files\MTV Networks

2006-08-01 21:16 -------- d-------- C:\Program Files\Windows Media Player

2006-07-27 10:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe

2006-07-26 22:05 3596288 --a--c--- C:\WINDOWS\SYSTEM32\qt-dx331.dll

2006-07-26 22:05 20640 --------- C:\WINDOWS\SYSTEM32\drivers\pxhelp20.sys

2006-07-26 22:05 109568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe

2006-07-26 22:05 108544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe

2006-07-21 19:58 -------- d--h----- C:\Program Files\Uninstall Information

2006-07-17 19:35 1386496 --a------ C:\WINDOWS\SYSTEM32\msvbvm60.dll

2006-07-17 19:26 737280 --a------ C:\WINDOWS\iun6002.exe

2006-07-14 11:52 121856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll

2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll

2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll

2006-07-03 17:40 761856 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll

2006-07-03 17:40 620180 --a------ C:\WINDOWS\SYSTEM32\DivX.dll

2006-06-29 08:05 26112 --------- C:\WINDOWS\SYSTEM32\idndl.dll

2006-06-29 08:05 23552 --------- C:\WINDOWS\SYSTEM32\normaliz.dll

2006-06-28 17:59 24576 --------- C:\WINDOWS\SYSTEM32\nlsdl.dll

2006-06-21 06:49 53248 --a------ C:\WINDOWS\SYSTEM32\dpuGUI10.dll

2006-06-21 06:43 520192 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe

2006-06-21 06:42 200704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll

2006-06-21 06:42 1044480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll

2006-06-21 06:34 593920 --a--c--- C:\WINDOWS\SYSTEM32\dpuGUI11.dll

2006-06-21 06:34 57344 --a------ C:\WINDOWS\SYSTEM32\dpv11.dll

2006-06-21 06:34 344064 --a------ C:\WINDOWS\SYSTEM32\dpus11.dll

2006-06-21 06:34 294912 --a------ C:\WINDOWS\SYSTEM32\dpu11.dll

2006-06-21 06:34 294912 --a------ C:\WINDOWS\SYSTEM32\dpu10.dll

2006-06-21 06:33 12288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll

2006-06-21 06:33 118784 --a------ C:\WINDOWS\SYSTEM32\DivXCodecUpdateChecker.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Ugkqkdrl"="C:\\WINDOWS\\system32\\m?dtc.exe"

"!1_ProcessGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

"KBD"="C:\\HP\\KBD\\KBD.EXE"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"PS2"="C:\\WINDOWS\\system32\\ps2.exe"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

"win32bit"="C:\\WINDOWS\\system32\\win32bit.exe"

"!1_pgaccount"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""

"Lexmark 4200 Series"="\"C:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe\""

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

"iexplorer"="C:\\WINDOWS\\system32\\iexplorer.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

"SMSS"="C:\\WINDOWS\\system\\SMSS.EXE"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,00

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

 

Completion time: Wed 09/20/2006 18:58:44.76

ComboFix.txt

ComboFix2.txt

ComboFix3.txt

0

• 

  Customer

  • June 11, 2021 10:33

  
  

  Download GMER from here:

  http://www.gmer.net/files.php

   

  Unzip it to desktop.

   

  Open the program and click on the Rootkit tab.

  Make sure all the boxes on the right of the screen are checked, apart from ‘Show All’.

  Click on Scan. When It scans, Please do a hard shutdown by shutting de computer down via the power button! this is very important!

   

  After that, boot your pc again and don't interrupt the diskcontrol. After that, post a new hijackthis log here with a new report from combofix.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Download GMER from here:

  http://www.gmer.net/files.php

   

  Unzip it to desktop.

   

  Open the program and click on the Rootkit tab.

  Make sure all the boxes on the right of the screen are checked, apart from ‘Show All’.

  Click on Scan. When It scans, Please do a hard shutdown by shutting de computer down via the power button! this is very important!

   

  After that, boot your pc again and don't interrupt the diskcontrol. After that, post a new hijackthis log here with a new report from combofix.

  
  

   

   

  so by hard shutdown

  thats pressing the power button and holding it til it closes?

  i switched the power button so it would hibernate with one push

  but i can still shut it down if i hold it, it shut down before hibernating, would that change anything?

   

  its like * push*

  windows is hibernating, then it saves but halfway it can close if i hold the button, just asking if that woukd mess it up

  0
• 

  Customer

  • June 11, 2021 10:33

  Otherwise cut off the power, if you aren't sure if it will shut down or hibernate.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Click on Scan. When It scans, Please do a hard shutdown by shutting de computer down via the power button! this is very important!

  
  

  Please read carefully. When it scans, turn off the power, then: power on ... ...

  0
• 

  Customer

  • June 11, 2021 10:33

  ok so after i scan i shutdown then reboot and i think i got the rest

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Please read carefully. When it scans, turn off the power, then: power on ... ...

  
  

  ok

  so i download gmer.zip

  unzip to desktop

  load it up and press scan

  then i shutdown and reopen the computer right?

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  ok

  so i download gmer.zip

  unzip to desktop

  load it up and press scan, when it scans, i shutdown the computer by cutting off the power?

  
  

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  
  

  good

  befcuase i dont see a diskcntrl

  so im going to retry i guess

  =P

  0
• 

  Customer

  • June 11, 2021 10:33

  No, If you don't see a diskcontrol it's fine too. And please watch your grammar.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  does it matter if i do combofix then hijackthis?

   

  Logfile of HijackThis v1.99.1

  Scan saved at 19:06, on 06-09-21

  Platform: Windows XP SP2 (WinNT 5.01.2600)

  MSIE: Internet Explorer v7.00 (7.00.5700.0006)

   

  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\Program Files\Windows Defender\MsMpEng.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\LEXBCES.EXE

  C:\WINDOWS\system32\spoolsv.exe

  C:\WINDOWS\system32\LEXPPS.EXE

  C:\WINDOWS\Explorer.EXE

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  C:\Program Files\ProcessGuard\dcsuserprot.exe

  C:\WINDOWS\System32\svchost.exe

  C:\windows\system\hpsysdrv.exe

  C:\HP\KBD\KBD.EXE

  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  C:\Program Files\ProcessGuard\pgaccount.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

  C:\Program Files\Windows Defender\MSASCui.exe

  C:\WINDOWS\system32\ctfmon.exe

  C:\WINDOWS\system32\m?dtc.exe

  C:\Program Files\ProcessGuard\procguard.exe

  C:\Program Files\SpywareGuard\sgmain.exe

  C:\WINDOWS\system32\conime.exe

  C:\Program Files\SpywareGuard\sgbhp.exe

  C:\Program Files\Mozilla Firefox\firefox.exe

  C:\HijackThis\slobknb.exe

   

  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

  O2 - BHO: (no name) - {09F3973D-4FC2-514F-A2EE-564E4758F9FB} - C:\WINDOWS\system32\cuct.dll

  O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

  O2 - BHO: (no name) - {4CDEA735-62F2-697E-8FD8-1063706FD4C8} - C:\WINDOWS\system32\cuct.dll

  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O2 - BHO: (no name) - {82C69EA8-4809-0088-6D57-587E77C228F7} - C:\WINDOWS\system32\rpk.dll (file missing)

  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

  O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

  O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

  O4 - HKLM\..\Run: [win32bit] C:\WINDOWS\system32\win32bit.exe

  O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"

  O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe

  O4 - HKLM\..\RunServices: [sMSS] C:\WINDOWS\system\SMSS.EXE

  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

  O4 - HKCU\..\Run: [ugkqkdrl] C:\WINDOWS\system32\m?dtc.exe

  O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize

  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

  O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  O9 - Extra button: AOL Instant Messenger - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)

  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O11 - Options group: [iNTERNATIONAL] International*

  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -

  O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}

  O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}

  O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}

  O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}

  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe

  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

   

   

   

   

   

   

   

   

   

   

   

   

   

  Owner - 06-09-21 19:07:30.03 Service Pack 2

  ComboFix 06.09.14 - Running from: C:\Documents and Settings\Owner\Desktop

   

  (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

   

   

   

  ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

   

  Folders Quarantined:

   

  C:\QooBox\Purity\Program Files\Common Files\WNSXS~1

  C:\QooBox\Purity\Program Files\Common Files\WNSXS~1\W?nSxS

   

   

  ((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))

   

   

  2006-09-06 13:13 21,312 --a------ C:\WINDOWS\choice.exe

  2006-09-06 12:53 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL

  2006-08-26 15:36 86,016 --a------ C:\WINDOWS\unvise32qt.exe

  2006-08-23 07:30 139,264 --a------ C:\WINDOWS\SYSTEM32\cuct.dll

  2006-08-23 00:31 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll

  2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\SYSTEM32\ieframe.dll

  2006-08-23 00:31 457,728 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll

  2006-08-23 00:31 175,616 --------- C:\WINDOWS\SYSTEM32\ieui.dll

  2006-08-23 00:18 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe

  2006-08-23 00:13 11,776 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe

  2006-08-23 00:11 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe

  2006-08-23 00:10 61,440 --------- C:\WINDOWS\SYSTEM32\icardie.dll

  2006-08-23 00:09 262,656 --------- C:\WINDOWS\SYSTEM32\iertutil.dll

  2006-08-22 23:36 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll

   

   

  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

   

  Rootkit driver pe386 is present. A rootkit scan is required

  Rootkit driver msguard is present. A rootkit scan is required

  Rootkit driver lzx32 is present. A rootkit scan is required

   

  2006-09-21 19:01 -------- d-------- C:\Program Files\Mozilla Firefox

  2006-09-20 14:35 -------- d-a------ C:\Program Files\Common Files

  2006-09-16 09:34 -------- d-------- C:\Program Files\SpywareGuard

  2006-09-14 20:16 -------- d-------- C:\Program Files\SpywareBlaster

  2006-09-12 18:48 -------- d-------- C:\Program Files\Lexmark 4200 Series

  2006-09-12 17:15 -------- d-------- C:\Program Files\Plaxo

  2006-09-09 16:59 -------- d--h----- C:\Program Files\InstallShield Installation Information

  2006-09-09 16:48 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

  2006-09-09 16:47 -------- d-------- C:\Program Files\Microsoft.NET

  2006-09-09 16:47 -------- d-------- C:\Program Files\Microsoft Office

  2006-09-09 16:37 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft

  2006-09-06 13:30 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2

  2006-09-06 09:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7

  2006-09-05 22:50 -------- d-------- C:\Program Files\Windows Defender

  2006-09-05 18:32 -------- d-------- C:\Program Files\Internet Explorer

  2006-09-05 17:21 -------- d-------- C:\Program Files\Adobe

  2006-09-05 10:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Opera

  2006-08-27 13:52 -------- d-------- C:\Program Files\QuickTime

  2006-08-26 15:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\Transparent

  2006-08-26 15:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\InstallShield Installation Information

  2006-08-23 09:28 -------- d-------- C:\Program Files\VMware

  2006-08-23 07:50 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft

  2006-08-23 07:31 2 --a------ C:\WINDOWS\SYSTEM32\wnscpit.exe

  2006-08-23 07:25 -------- d-------- C:\Program Files\Lavasoft

  2006-08-23 00:31 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll

  2006-08-23 00:31 225792 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll

  2006-08-23 00:31 152064 --a------ C:\WINDOWS\SYSTEM32\msls31.dll

  2006-08-23 00:18 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll

  2006-08-23 00:17 40448 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll

  2006-08-23 00:17 105472 --a------ C:\WINDOWS\SYSTEM32\url.dll

  2006-08-23 00:17 100352 --a------ C:\WINDOWS\SYSTEM32\occache.dll

  2006-08-23 00:16 16896 --a------ C:\WINDOWS\SYSTEM32\corpol.dll

  2006-08-23 00:14 378368 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll

  2006-08-23 00:14 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll

  2006-08-23 00:13 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll

  2006-08-23 00:13 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll

  2006-08-23 00:13 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe

  2006-08-23 00:13 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll

  2006-08-23 00:13 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll

  2006-08-23 00:13 122880 --a------ C:\WINDOWS\SYSTEM32\advpack.dll

  2006-08-23 00:10 35328 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll

  2006-08-23 00:07 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe

  2006-08-22 23:37 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll

  2006-08-22 23:30 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll

  2006-08-20 23:11 -------- d-------- C:\Program Files\Wizet

  2006-08-20 14:18 -------- d-------- C:\Program Files\Comprehensive Review for NCLEX-PN, 2e

  2006-08-18 09:20 -------- d-------- C:\Program Files\Common Files\Adobe

  2006-08-16 18:11 -------- d-------- C:\Program Files\Shareaza

  2006-08-10 19:46 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

  2006-08-10 08:25 777472 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

  2006-08-10 08:25 27904 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7rsxp.sys

  2006-08-06 21:54 278045 --a------ C:\WINDOWS\SYSTEM32\{C5771B73-0306-460C-BF21-AE8A825A986C}.exe

  2006-08-06 21:05 -------- d-------- C:\Program Files\Google

  2006-08-06 20:34 -------- d-------- C:\Program Files\DivX

  2006-08-04 11:37 73728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll

  2006-08-04 11:37 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll

  2006-08-01 21:33 -------- d-------- C:\Program Files\MTV Networks

  2006-08-01 21:16 -------- d-------- C:\Program Files\Windows Media Player

  2006-07-27 10:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe

  2006-07-26 22:05 3596288 --a--c--- C:\WINDOWS\SYSTEM32\qt-dx331.dll

  2006-07-26 22:05 20640 --------- C:\WINDOWS\SYSTEM32\drivers\pxhelp20.sys

  2006-07-26 22:05 109568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe

  2006-07-26 22:05 108544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe

  2006-07-21 19:58 -------- d--h----- C:\Program Files\Uninstall Information

  2006-07-17 19:35 1386496 --a------ C:\WINDOWS\SYSTEM32\msvbvm60.dll

  2006-07-17 19:26 737280 --a------ C:\WINDOWS\iun6002.exe

  2006-07-14 11:52 121856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll

  2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll

  2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll

  2006-07-03 17:40 761856 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll

  2006-07-03 17:40 620180 --a------ C:\WINDOWS\SYSTEM32\DivX.dll

  2006-06-29 08:05 26112 --------- C:\WINDOWS\SYSTEM32\idndl.dll

  2006-06-29 08:05 23552 --------- C:\WINDOWS\SYSTEM32\normaliz.dll

  2006-06-28 17:59 24576 --------- C:\WINDOWS\SYSTEM32\nlsdl.dll

  2006-06-21 06:49 53248 --a------ C:\WINDOWS\SYSTEM32\dpuGUI10.dll

  2006-06-21 06:43 520192 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe

  2006-06-21 06:42 200704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll

  2006-06-21 06:42 1044480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll

  2006-06-21 06:34 593920 --a--c--- C:\WINDOWS\SYSTEM32\dpuGUI11.dll

  2006-06-21 06:34 57344 --a------ C:\WINDOWS\SYSTEM32\dpv11.dll

  2006-06-21 06:34 344064 --a------ C:\WINDOWS\SYSTEM32\dpus11.dll

  2006-06-21 06:34 294912 --a------ C:\WINDOWS\SYSTEM32\dpu11.dll

  2006-06-21 06:34 294912 --a------ C:\WINDOWS\SYSTEM32\dpu10.dll

  2006-06-21 06:33 12288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll

  2006-06-21 06:33 118784 --a------ C:\WINDOWS\SYSTEM32\DivXCodecUpdateChecker.exe

   

   

  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

   

  *Note* empty entries are not shown

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"

  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

  "Ugkqkdrl"="C:\\WINDOWS\\system32\\m?dtc.exe"

  "!1_ProcessGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize"

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

  "KBD"="C:\\HP\\KBD\\KBD.EXE"

  "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

  "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

  "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

  "PS2"="C:\\WINDOWS\\system32\\ps2.exe"

  "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

  "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

  "win32bit"="C:\\WINDOWS\\system32\\win32bit.exe"

  "!1_pgaccount"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""

  "Lexmark 4200 Series"="\"C:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe\""

  "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

  "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

  "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

  "iexplorer"="C:\\WINDOWS\\system32\\iexplorer.exe"

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

  "SMSS"="C:\\WINDOWS\\system\\SMSS.EXE"

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

  "DeskHtmlVersion"=dword:00000110

  "DeskHtmlMinorVersion"=dword:00000005

  "Settings"=dword:00000001

  "GeneralFlags"=dword:00000005

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

  "Source"="About:Home"

  "SubscribedURL"="About:Home"

  "FriendlyName"="My Current Home Page"

  "Flags"=dword:00000002

  "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\

  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

  "CurrentState"=hex:04,00,00,40

  "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

  ff,ff,04,00,00,00

  "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

  00,00,01,00,00,00

   

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

   

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

  "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

  "{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

  "NoDriveTypeAutoRun"=dword:00000091

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

  "dontdisplaylastusername"=dword:00000000

  "legalnoticecaption"=""

  "legalnoticetext"=""

  "shutdownwithoutlogon"=dword:00000001

  "undockwithoutlogon"=dword:00000001

   

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

  "NoDriveTypeAutoRun"=dword:00000091

   

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

  "NoDriveTypeAutoRun"=dword:00000091

   

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

  "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

  "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

  "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

  "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

  "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

   

   

  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

  securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

   

   

  Contents of the 'Scheduled Tasks' folder

  C:\WINDOWS\tasks\MP Scheduled Scan.job

   

  Completion time: 06-09-21 19:13:03.90

  ComboFix.txt

  ComboFix2.txt

  ComboFix3.txt

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Go to start > controlpanel > software > add/remove programs and uninstall next if present:

   

  Oin

  Yazzle by Oin

  Purityscan by Oin

  Snowballwars by Oin

  Cowabanga by OIN

  or anything similar with Oin in it.

   

  If OIN not listed, download and run this uninstaller.

   

  Did you completely shut down your computer when gmer did scan your computer? I think you just shut down your computer via start===>shutdown and that way it won't work.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Go to start > controlpanel > software > add/remove programs and uninstall next if present:

   

  Oin

  Yazzle by Oin

  Purityscan by Oin

  Snowballwars by Oin

  Cowabanga by OIN

  or anything similar with Oin in it.

   

  If OIN not listed, download and run this uninstaller.

   

  Did you completely shut down your computer when gmer did scan your computer? I think you just shut down your computer via start===>shutdown and that way it won't work.

  
  

   

   

  the first time i had it running for 5mins

  then i shut it down as soon as u wrote i had to shut it down while scanning

  the 2nd time i retried i waited 1min then shut it down while scanning

   

  and if thats not the answer

  i pulled the plug both times

  =P

  because you told me to do hard shutdown

  and i dont do start > shutdown

  because it takes 20mins+ to shutdown -_-

   

  there is also this !update.exe thing that keeps making my anti virus go off every time i start up the comp, i hope that is related to this

  =P

  0
• 

  Customer

  • June 11, 2021 10:33

  Ok can you show me a new log from combofix?

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Ok can you show me a new log from combofix?

  
  

  as in do it again?

  im going to unistall the OIN first if you dont mind

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  as in do it again?

  im going to unistall the OIN first if you dont mind

  
  

  Yes go ahead. After that make a new scan with combofix.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Yes go ahead. After that make a new scan with combofix.

  
  

   

  finished unistalled and did combofix

   

   

  Owner - 06-09-22 17:16:29.48 Service Pack 2

  ComboFix 06.09.14 - Running from: C:\Documents and Settings\Owner\Desktop

   

  (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

   

   

   

  ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

   

  Folders Quarantined:

   

  C:\QooBox\Purity\Program Files\Common Files\WNSXS~1

  C:\QooBox\Purity\Program Files\Common Files\WNSXS~1\W?nSxS

   

   

  ((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))

   

   

  2006-09-06 13:13 21,312 --a------ C:\WINDOWS\choice.exe

  2006-09-06 12:53 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL

  2006-08-26 15:36 86,016 --a------ C:\WINDOWS\unvise32qt.exe

  2006-08-23 00:31 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll

  2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\SYSTEM32\ieframe.dll

  2006-08-23 00:31 457,728 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll

  2006-08-23 00:31 175,616 --------- C:\WINDOWS\SYSTEM32\ieui.dll

  2006-08-23 00:18 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe

  2006-08-23 00:13 11,776 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe

  2006-08-23 00:11 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe

  2006-08-23 00:10 61,440 --------- C:\WINDOWS\SYSTEM32\icardie.dll

  2006-08-23 00:09 262,656 --------- C:\WINDOWS\SYSTEM32\iertutil.dll

  2006-08-22 23:36 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll

   

   

  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

   

  Rootkit driver pe386 is present. A rootkit scan is required

  Rootkit driver msguard is present. A rootkit scan is required

  Rootkit driver lzx32 is present. A rootkit scan is required

   

  2006-09-22 17:13 -------- d-------- C:\Program Files\Mozilla Firefox

  2006-09-21 20:35 -------- d-------- C:\Program Files\SpywareGuard

  2006-09-21 19:20 -------- d-------- C:\Program Files\SpywareBlaster

  2006-09-20 14:35 -------- d-a------ C:\Program Files\Common Files

  2006-09-12 18:48 -------- d-------- C:\Program Files\Lexmark 4200 Series

  2006-09-12 17:15 -------- d-------- C:\Program Files\Plaxo

  2006-09-09 16:59 -------- d--h----- C:\Program Files\InstallShield Installation Information

  2006-09-09 16:48 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

  2006-09-09 16:47 -------- d-------- C:\Program Files\Microsoft.NET

  2006-09-09 16:47 -------- d-------- C:\Program Files\Microsoft Office

  2006-09-09 16:37 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft

  2006-09-06 13:30 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2

  2006-09-06 09:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7

  2006-09-05 22:50 -------- d-------- C:\Program Files\Windows Defender

  2006-09-05 18:32 -------- d-------- C:\Program Files\Internet Explorer

  2006-09-05 17:21 -------- d-------- C:\Program Files\Adobe

  2006-09-05 10:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Opera

  2006-08-27 13:52 -------- d-------- C:\Program Files\QuickTime

  2006-08-26 15:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\Transparent

  2006-08-26 15:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\InstallShield Installation Information

  2006-08-23 09:28 -------- d-------- C:\Program Files\VMware

  2006-08-23 07:50 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft

  2006-08-23 07:25 -------- d-------- C:\Program Files\Lavasoft

  2006-08-23 00:31 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll

  2006-08-23 00:31 225792 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll

  2006-08-23 00:31 152064 --a------ C:\WINDOWS\SYSTEM32\msls31.dll

  2006-08-23 00:18 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll

  2006-08-23 00:17 40448 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll

  2006-08-23 00:17 105472 --a------ C:\WINDOWS\SYSTEM32\url.dll

  2006-08-23 00:17 100352 --a------ C:\WINDOWS\SYSTEM32\occache.dll

  2006-08-23 00:16 16896 --a------ C:\WINDOWS\SYSTEM32\corpol.dll

  2006-08-23 00:14 378368 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll

  2006-08-23 00:14 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll

  2006-08-23 00:13 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll

  2006-08-23 00:13 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll

  2006-08-23 00:13 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe

  2006-08-23 00:13 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll

  2006-08-23 00:13 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll

  2006-08-23 00:13 122880 --a------ C:\WINDOWS\SYSTEM32\advpack.dll

  2006-08-23 00:10 35328 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll

  2006-08-23 00:07 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe

  2006-08-22 23:37 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll

  2006-08-22 23:30 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll

  2006-08-20 23:11 -------- d-------- C:\Program Files\Wizet

  2006-08-20 14:18 -------- d-------- C:\Program Files\Comprehensive Review for NCLEX-PN, 2e

  2006-08-18 09:20 -------- d-------- C:\Program Files\Common Files\Adobe

  2006-08-16 18:11 -------- d-------- C:\Program Files\Shareaza

  2006-08-10 19:46 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

  2006-08-10 08:25 777472 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

  2006-08-10 08:25 27904 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7rsxp.sys

  2006-08-06 21:54 278045 --a------ C:\WINDOWS\SYSTEM32\{C5771B73-0306-460C-BF21-AE8A825A986C}.exe

  2006-08-06 21:05 -------- d-------- C:\Program Files\Google

  2006-08-06 20:34 -------- d-------- C:\Program Files\DivX

  2006-08-04 11:37 73728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll

  2006-08-04 11:37 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll

  2006-08-01 21:33 -------- d-------- C:\Program Files\MTV Networks

  2006-08-01 21:16 -------- d-------- C:\Program Files\Windows Media Player

  2006-07-27 10:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe

  2006-07-26 22:05 3596288 --a--c--- C:\WINDOWS\SYSTEM32\qt-dx331.dll

  2006-07-26 22:05 20640 --------- C:\WINDOWS\SYSTEM32\drivers\pxhelp20.sys

  2006-07-26 22:05 109568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe

  2006-07-26 22:05 108544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe

  2006-07-17 19:35 1386496 --a------ C:\WINDOWS\SYSTEM32\msvbvm60.dll

  2006-07-17 19:26 737280 --a------ C:\WINDOWS\iun6002.exe

  2006-07-14 11:52 121856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll

  2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll

  2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll

  2006-07-03 17:40 761856 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll

  2006-07-03 17:40 620180 --a------ C:\WINDOWS\SYSTEM32\DivX.dll

  2006-06-29 08:05 26112 --------- C:\WINDOWS\SYSTEM32\idndl.dll

  2006-06-29 08:05 23552 --------- C:\WINDOWS\SYSTEM32\normaliz.dll

  2006-06-28 17:59 24576 --------- C:\WINDOWS\SYSTEM32\nlsdl.dll

   

   

  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

   

  *Note* empty entries are not shown

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"

  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

  "!1_ProcessGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize"

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

  "KBD"="C:\\HP\\KBD\\KBD.EXE"

  "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

  "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

  "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

  "PS2"="C:\\WINDOWS\\system32\\ps2.exe"

  "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

  "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

  "win32bit"="C:\\WINDOWS\\system32\\win32bit.exe"

  "!1_pgaccount"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""

  "Lexmark 4200 Series"="\"C:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe\""

  "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

  "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

  "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

  "iexplorer"="C:\\WINDOWS\\system32\\iexplorer.exe"

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

  "SMSS"="C:\\WINDOWS\\system\\SMSS.EXE"

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

  "DeskHtmlVersion"=dword:00000110

  "DeskHtmlMinorVersion"=dword:00000005

  "Settings"=dword:00000001

  "GeneralFlags"=dword:00000005

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

  "Source"="About:Home"

  "SubscribedURL"="About:Home"

  "FriendlyName"="My Current Home Page"

  "Flags"=dword:00000002

  "Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\

  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

  "CurrentState"=hex:04,00,00,40

  "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

  ff,ff,04,00,00,00

  "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

  00,00,01,00,00,00

   

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

   

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

  "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

  "{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

  "NoDriveTypeAutoRun"=dword:00000091

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

  "dontdisplaylastusername"=dword:00000000

  "legalnoticecaption"=""

  "legalnoticetext"=""

  "shutdownwithoutlogon"=dword:00000001

  "undockwithoutlogon"=dword:00000001

   

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

  "NoDriveTypeAutoRun"=dword:00000091

   

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

  "NoDriveTypeAutoRun"=dword:00000091

   

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

  "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

  "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

  "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

  "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

  "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

   

   

  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

  securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

   

   

  Contents of the 'Scheduled Tasks' folder

  C:\WINDOWS\tasks\MP Scheduled Scan.job

   

  Completion time: 06-09-22 17:27:49.43

  ComboFix.txt

  ComboFix2.txt

  ComboFix3.txt

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Ok...Scan again with gmer but let it scan this time and post the report of it here with a new hijackthis log.

  
  

  so just let it run w/o shutdown?

  i dont want to make any dumb moves

  0
• 

  Customer

  • June 11, 2021 10:33

  Ok...Scan again with gmer but let it scan this time and post the report of it here with a new hijackthis log.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  do u know how long this will go for? and will this have a log that i should post along with hijackthis?

   

  also

  when i ran this

  my cookies were deleted, i dont have a problem, but i wonder if thats normal

  0
• 

  Customer

  • June 11, 2021 10:33

  Indeed, just a normal scan and post me the report here.

  0
• 

  Customer

  • June 11, 2021 10:33

  Please just do the scan and when it finished post the log here with a new hijackthis log. It won't take forever.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  scanning as we speak

  ignore the cookies thing

  i didnt remember i clicked "clear all" on firefox

  =P

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  finished the complete scan and a new hijackthis log

   

   

  Logfile of HijackThis v1.99.1

  Scan saved at 19:03, on 06-09-24

  Platform: Windows XP SP2 (WinNT 5.01.2600)

  MSIE: Internet Explorer v7.00 (7.00.5700.0006)

   

  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\Program Files\Windows Defender\MsMpEng.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\LEXBCES.EXE

  C:\WINDOWS\system32\spoolsv.exe

  C:\WINDOWS\system32\LEXPPS.EXE

  C:\WINDOWS\Explorer.EXE

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  C:\Program Files\ProcessGuard\dcsuserprot.exe

  C:\WINDOWS\System32\svchost.exe

  C:\windows\system\hpsysdrv.exe

  C:\HP\KBD\KBD.EXE

  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  C:\Program Files\ProcessGuard\pgaccount.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

  C:\Program Files\ProcessGuard\procguard.exe

  C:\Program Files\SpywareGuard\sgmain.exe

  C:\Program Files\SpywareGuard\sgbhp.exe

  C:\Program Files\Mozilla Firefox\firefox.exe

  C:\Program Files\BYOND\bin\byond.exe

  C:\Program Files\Shareaza\Shareaza.exe

  C:\Program Files\BYOND\bin\dreamseeker.exe

  C:\WINDOWS\system32\NOTEPAD.EXE

  C:\HijackThis\slobknb.exe

  C:\WINDOWS\system32\wuauclt.exe

   

  R3 - Default URLSearchHook is missing

  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

  O2 - BHO: (no name) - {09F3973D-4FC2-514F-A2EE-564E4758F9FB} - C:\WINDOWS\system32\cuct.dll (file missing)

  O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O2 - BHO: (no name) - {82C69EA8-4809-0088-6D57-587E77C228F7} - C:\WINDOWS\system32\rpk.dll (file missing)

  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

  O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

  O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

  O4 - HKLM\..\Run: [win32bit] C:\WINDOWS\system32\win32bit.exe

  O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"

  O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe

  O4 - HKLM\..\RunServices: [sMSS] C:\WINDOWS\system\SMSS.EXE

  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

  O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize

  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

  O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  O9 - Extra button: AOL Instant Messenger - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)

  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O11 - Options group: [iNTERNATIONAL] International*

  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -

  O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}

  O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}

  O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}

  O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}

  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe

  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  1. Please download The Avenger by Swandog46 to your Desktop.

  
  
  • Click on Avenger.zip to open the file
    
    
  
  
  • Extract avenger.exe to your desktop
    
    
  
  

  
  

  2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

   

  Drivers to unload:

  pe386

  
  

  Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

   

  3. Now, start The Avenger program by clicking on its icon on your desktop.

  
  
  • Under "Script file to execute" choose "Input Script Manually".
    
    
  
  
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    
    
  
  
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    
    
  
  
  • Click Done
    
    
  
  
  • Now click on the Green Light to begin execution of the script
    
    
  
  
  • Answer "Yes" twice when prompted.
    
    
  
  

  
  

  4. The Avenger will automatically do the following:

  
  
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    
    
  
  
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
    
    
  
  
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    
    
  
  
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    
    
  
  

  
  

  5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

  
  
  • Open HiJackThis
    
    
  
  
  • Click on the "Config..." button on the bottom right
    
    
  
  
  • Click on the tab "Misc Tools"
    
    
  
  
  • Click on "Open ADS Spy.."
    
    
  
  
  • Click on "Scan"
    
    
  
  
  • Click on "Save Log..."
    
    
  
  
  • Copy and paste the List from the notepad into your next post
    
    
  
  

  
  

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  doesnt look good

  =P

   

  Logfile of The Avenger version 1, by Swandog46

  Running from registry key:

  \Registry\Machine\System\CurrentControlSet\Services\auhpuwqp

   

  *******************

   

  Script file located at: \??\C:\WINDOWS\system32\naptqftr.txt

  Script file opened successfully.

   

  Script file read successfully

   

  Backups directory opened successfully at C:\Avenger

   

  *******************

   

  Beginning to process script file:

   

   

   

  Registry key \Registry\Machine\System\CurrentControlSet\Services\pe386 not found!

  Unload of driver pe386 failed!

   

  Could not process line:

  pe386

  Status: 0xc0000034

   

   

  Completed script processing.

   

  *******************

   

  Finished! Terminate.

   

   

   

   

  about the ADS spy stuff

  i scanned and pressed save log

  where do i find this log?

  or did u mean a new HJT log, the last step took a lil thinking to do, but now it sounds like i did something wrong

  >.> im no genius T_T

   

  i feel like going back to step 1 and starting it allll over

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Download and Save blacklight to your desktop.

  F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml

  Double-click blbeta.exe then accept the agreement.

  click > scan then > next,

  You'll see a list of all items found.

  Don't choose for rename yet! I want to see the log first, because legit items can also be present there...

  There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

  Post the contents of the log in your next reply.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  i got 2 of em

  i didnt fully scan the first one

  for some reason that didnt pass my short term memory finish line -_-

   

   

  09/26/06 17:27:58 [info]: BlackLight Engine 1.0.46 initialized

  09/26/06 17:27:58 [info]: OS: 5.1 build 2600 (Service Pack 2)

  09/26/06 17:27:58 [Note]: 7019 4

  09/26/06 17:27:58 [Note]: 7005 0

  09/26/06 17:28:03 [Note]: 7006 0

  09/26/06 17:28:04 [Note]: 7011 1056

  09/26/06 17:28:04 [Note]: 7027 13

  09/26/06 17:28:04 [Note]: 7027 3

  09/26/06 17:28:04 [Note]: 7027 0

  09/26/06 17:28:08 [Note]: 7026 0

  09/26/06 17:28:08 [Note]: 7026 0

   

   

  09/26/06 17:28:56 [info]: BlackLight Engine 1.0.46 initialized

  09/26/06 17:28:56 [info]: OS: 5.1 build 2600 (Service Pack 2)

  09/26/06 17:28:56 [Note]: 7019 4

  09/26/06 17:28:56 [Note]: 7005 0

  09/26/06 17:28:59 [Note]: 7006 0

  09/26/06 17:28:59 [Note]: 7011 1056

  09/26/06 17:29:00 [Note]: 7026 0

  09/26/06 17:29:01 [Note]: 7026 0

  09/26/06 17:29:22 [Note]: FSRAW library version 1.7.1019

  09/26/06 18:02:57 [Note]: 2000 1006

  09/26/06 18:03:05 [Note]: 7007 0

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  * First download ewido anti-spyware from HERE and save that file to your desktop.

  This is a 30 day trial of the program

  
  
  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
     
     
  
  
  2. Once the setup is complete you will need run ewido and update the definition files.
     
     
  
  
  3. On the main screen select the icon "Update" then select the "Update now" link.
     • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
       
       
     
     
  
  

  
  

  [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

  [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

  [*]Under "Reports"

  
  
  • Select "Automatically generate report after every scan"
    
    
  
  
  • Un-Select "Only if threats were found"
    
    
  
  

  
  

  Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

   

  * If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

  Ad-Aware SE Setup

  Again, do NOT run a scan yet.

   

   

  * Next, please reboot your computer in Safe Mode by doing the following:

  
  
  1. Restart your computer
     
     
  
  
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
     
     
  
  
  3. Instead of Windows loading as normal, a menu should appear
     
     
  
  
  4. Select the first option, to run Windows in Safe Mode.
     
     
  
  

  
  

  * Next, run Ad-aware and perform a full scan. Remove everything found.

  
  
  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
     
     
  
  
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
     
     
  
  
  3. ewido will now begin the scanning process, be patient this may take a little time.
     Once the scan is complete do the following:
     
     
  
  
  4. If you have any infections you will prompted, then select "Apply all actions"
     
     
  
  
  5. Next select the "Reports" icon at the top.
     
     
  
  
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
     
     
  
  

  
  

  * Restart your computer in normal mode.

   

  * Please download ATF Cleaner by Atribune.

  This program is for XP and Windows 2000 only

  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  
  

  
  

  If you use Firefox browser

  Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  

  
  

  If you use Opera browser

  Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  

  
  

  Click Exit on the Main menu to close the program.

  For Technical Support, double-click the e-mail address located at the bottom of each menu.

   

  * Post a new hijackthis log here with the report from ewido.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

   

  Updating Java:

  
  
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
    
    
  
  
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    
    
  
  
  • Click the "Download" button to the right.
    
    
  
  
  • Check the box that says: "Accept License Agreement".
    
    
  
  
  • The page will refresh.
    
    
  
  
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    
    
  
  
  • Close any programs you may have running - especially your web browser.
    
    
  
  
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    
    
  
  
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    
    
  
  
  • Click the Remove or Change/Remove button.
    
    
  
  
  • Repeat as many times as necessary to remove each Java versions.
    
    
  
  
  • Reboot your computer once all Java components are removed.
    
    
  
  
  • Then from your desktop double-click on jre-1_5_0_07-windowsi586-p.exe to install the newest version.
    
    
  
  

  
  

  * Please open hijackthis and put a check next to the following:

   

  R3 - Default URLSearchHook is missing

  O2 - BHO: (no name) - {09F3973D-4FC2-514F-A2EE-564E4758F9FB} - C:\WINDOWS\system32\cuct.dll (file missing)

  O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

  O2 - BHO: (no name) - {82C69EA8-4809-0088-6D57-587E77C228F7} - C:\WINDOWS\system32\rpk.dll (file missing)

  O4 - HKLM\..\Run: [win32bit] C:\WINDOWS\system32\win32bit.exe

  O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe

  O4 - HKLM\..\RunServices: [sMSS] C:\WINDOWS\system\SMSS.EXE

  O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}

  O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}

  O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}

  O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}

  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

   

  * After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

   

  * After that, post a new hijackthis log here with a new report from combofix.

  0
• 

  Customer

  • June 11, 2021 10:33

  
  

  Logfile of HijackThis v1.99.1

  Scan saved at 19:55, on 06-09-27

  Platform: Windows XP SP2 (WinNT 5.01.2600)

  MSIE: Internet Explorer v7.00 (7.00.5700.0006)

   

  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\Program Files\Windows Defender\MsMpEng.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\LEXBCES.EXE

  C:\WINDOWS\system32\spoolsv.exe

  C:\WINDOWS\system32\LEXPPS.EXE

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

  C:\WINDOWS\Explorer.EXE

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  C:\Program Files\ProcessGuard\dcsuserprot.exe

  C:\Program Files\ewido anti-spyware 4.0\guard.exe

  C:\WINDOWS\System32\svchost.exe

  C:\windows\system\hpsysdrv.exe

  C:\HP\KBD\KBD.EXE

  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  C:\Program Files\ProcessGuard\pgaccount.exe

  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

  C:\Program Files\Windows Defender\MSASCui.exe

  C:\Program Files\ProcessGuard\procguard.exe

  C:\Program Files\SpywareGuard\sgmain.exe

  C:\Program Files\SpywareGuard\sgbhp.exe

  C:\Program Files\Mozilla Firefox\firefox.exe

  C:\WINDOWS\system32\NOTEPAD.EXE

  C:\HijackThis\slobknb.exe

  C:\Program Files\Shareaza\Shareaza.exe

   

  R3 - Default URLSearchHook is missing

  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

  O2 - BHO: (no name) - {09F3973D-4FC2-514F-A2EE-564E4758F9FB} - C:\WINDOWS\system32\cuct.dll (file missing)

  O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O2 - BHO: (no name) - {82C69EA8-4809-0088-6D57-587E77C228F7} - C:\WINDOWS\system32\rpk.dll (file missing)

  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

  O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

  O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

  O4 - HKLM\..\Run: [win32bit] C:\WINDOWS\system32\win32bit.exe

  O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"

  O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe

  O4 - HKLM\..\RunServices: [sMSS] C:\WINDOWS\system\SMSS.EXE

  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

  O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize

  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  O9 - Extra button: AOL Instant Messenger - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)

  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O11 - Options group: [iNTERNATIONAL] International*

  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -

  O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}

  O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}

  O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}

  O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}

  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

  O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe

  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

  O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\DOCUME~1\Owner\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe

  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

   

   

   

   

   

   

   

   

  EWIDO SCAN( i used to have it, older version >.> looks upgraded like hell 0.o)

   

  ---------------------------------------------------------

  ewido anti-spyware - Scan Report

  ---------------------------------------------------------

   

  + Created at: 19:43 06-09-27

   

  + Scan result:

   

   

   

  C:\WINDOWS\SYSTEM32\{C5771B73-0306-460C-BF21-AE8A825A986C}.exe -> Adware.Casino : Cleaned with backup (quarantined).

  HKLM\SOFTWARE\Classes\CLSID\{860c2f6b-ca82-4282-9187-beccbb66f0af} -> Adware.Generic : Cleaned with backup (quarantined).

  HKLM\SOFTWARE\Classes\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d} -> Adware.Generic : Cleaned with backup (quarantined).

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup (quarantined).

  HKU\S-1-5-21-2154702590-3133978997-4149289120-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{860C2F6B-CA82-4282-9187-BECCBB66F0AF} -> Adware.Generic : Cleaned with backup (quarantined).

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).

  HKU\S-1-5-21-2154702590-3133978997-4149289120-1003\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).

  C:\Documents and Settings\Default User\Cookies\owner@cliks[6].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).

  C:\Documents and Settings\Default User\Cookies\owner@cliks[8].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).

  C:\Documents and Settings\Owner\Cookies\owner@cliks[6].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).

  C:\Documents and Settings\Owner\Cookies\owner@cliks[8].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).

  C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\owner@cliks[6].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).

  C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\owner@cliks[8].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).

  C:\Documents and Settings\Default User\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).

  C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).

   

   

  ::Report end

  0

Please sign in to leave a comment.