Karl`s PC Help Forums

runtime error 9 subscript out of range
kkamshi - 5-2-2008 at 07:12

HEllo i have just recently purchased p2p doctor but after i installed it i realized i could not use it due to this runtime error. please help me i spent 15 dollars on tat program i would hate to put tat to waste
i attached the log file as attachment
i would appreciate reply at post
thank u


kkamshi - 5-2-2008 at 07:22

HEllo i have just recently purchased p2p doctor but after i installed it i realized i could not use it due to this runtime error. please help me i spent 15 dollars on tat program i would hate to put tat to waste
i attached the log file as attachment
i would appreciate reply at post or email thank u


kkamshi - 5-2-2008 at 07:24

forgot the post
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:18 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSehomeehtray.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWinampwinampa.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe
C:Program FilesOpenOffice.org 2.3programsoffice.exe
C:Program FilesOpenOffice.org 2.3programsoffice.BIN
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:HPKBDKBD.EXE
C:WINDOWSALCXMNTR.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
c:windowssystemhpsysdrv.exe
C:WINDOWSsystem32conime.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: IP Tool - {2A14C48F-9C74-4e60-A6A1-A5E134D5B436} - C:WINDOWSiptool.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [LSBWatcher] c:hpdrivershplsbwatcherlsburnwatcher.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [IMEKRMIG6.1] C:WINDOWSimeimkr6_1IMEKRMIG.EXE
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [{D4-4D-DA-AD-ZN}] C:windowssystem32dwdsregt.exe CCM001
O4 - HKLM..Run: [kav] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Startup Manager] C:Documents and SettingsCompaq_AdministratorApplication DataSystweakASO 2smstartUp manager.exe
O4 - HKCU..Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [onmuzfirstupdate] C:Program Filesonmuzplusonmuzup.exe
O4 - HKCU..Run: [RegistryCleanFixMFC] C:Program FilesRegistryCleanerregistrycleaner.exe
O4 - HKCU..Run: [DriveDiscoveryMemoryResident] C:Program FilesNotsoSoftwareDriveDiscoveryNSSMR.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:Program FilesOpenOffice.org 2.3programquickstart.exe
O4 - Startup: spysheriff.lnk = ?
O4 - Startup: Think-Adz.lnk = C:WINDOWSsystem32asysgdiz.exe
O4 - Global Startup: Compaq Connections.lnk = C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Add To Compaq Organize... - C:PROGRA~1HEWLET~1COMPAQ~1bin/module.main/favoritesie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {39C23151-5D69-4142-85A2-E0CCBC0A3A9B} (OnmuzWebActiveCtl Control) - http://211.168.120.7/~goldnboy/OnmuzWebActive.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/test/Online.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:WINDOWSsystem32msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:WINDOWSsystem32ITSS.DLL
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:WINDOWSsystem32inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:WINDOWSsystem32urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:WINDOWSsystem32ITSS.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:Program FilesCommon FilesMicrosoft SharedInformation Retrievalmsitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:PROGRA~1COMMON~1MICROS~1WEBCOM~111OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:WINDOWSsystem32mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:WINDOWSsystem32msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:WINDOWSsystem32wiascr.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12913 bytes


LSemmens - 5-2-2008 at 12:31

Hi kkamshi, welcome to KF. The information that you have given may not be enough to allow us to help you unless someone has had experience with that identical program. I am not familiar with "P2P doctor" that is the program that you are asking about, so I can't offer too much help there. Have you tried re-installing it? A subscript error indicates that there may be a programming issue, it may need to be referred back to the company that sold you the software, Have a look on their website for FAQ's and see if there are others with the same issue. Your HJT log shows a couple of things that are flagged as worries. What security are you running, apart from P2P Doctor? Is it all up to date? Are windows Updates turned on?


LSemmens - 5-2-2008 at 12:35

Hi. kkamshi, I've replied to your query elsewhere, in future, it would be prudent to just post your question in one forum as most members do tend to a)check all the fora, anyway and b) it saves confusion in getting multiple, possibly conflicting, replies from different members in different threads.


kkamshi - 5-2-2008 at 22:44

i am running kasperksy anti-virus, adware. and advanced system optimizer


kkamshi - 5-2-2008 at 22:46

even when i try to run a mpg file on winamp or media player the same error occurs


Quaver - 5-2-2008 at 22:58

Why not try emailing P2P Doctor as well?
http://www.p2pdoctor.com/contact_us.htm


kkamshi - 5-2-2008 at 23:05

which logs should i delete?


Pancake - 5-2-2008 at 23:29

You do have some malware that may be causing it....



Please download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as[B] Report.txt [/B]
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this http://www.bleepingcomputer.com/combofix/how-to-use-combofix Information Page

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Caution...Never run and remove files using ComboFix without being supervised by a security analyst


kkamshi - 6-2-2008 at 01:02

But my computer is still havin runtime error problems same as before
thanks fo the help though
here are the new logs

SDFix: Version 1.137

Run by Compaq_Administrator on 02/05/2008 Tue at 04:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:Documents and SettingsCompaq_AdministratorLocal SettingsTempaax24.tmp.exe - Deleted
C:Documents and SettingsCompaq_AdministratorStart MenuProgramsStartupThink-Adz.lnk - Deleted
C:WINDOWSsystem32msnav32.ax - Deleted
C:WINDOWSsystem32zxdnt3d.cfg - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:43:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart Menu2Programs\xb67ex42724xc1cc]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,..

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStartMenu2Programs\xb67ex42724xc1cc\xb67ex42724xc1ccxaff1]
"Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,7c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1133580026\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1133580026\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1133580026\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1133580026\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\1139962237\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1139962237\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1139962237\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1139962237\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\BugsSvr.exe"="C:\WINDOWS\system32\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe:*:Enabled:μTorrent"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BugsCorp\BugsAppPlayer\bin\BugsSvr.exe"="C:\Program Files\BugsCorp\BugsAppPlayer\bin\BugsSvr.exe:*:Enabled:P3AoDSvr Module"
"C:\WINDOWS\system32\p3bvsvr.exe"="C:\WINDOWS\system32\p3bvsvr.exe:*:Enabled:Bugs VoD Server"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"

Remaining Files:
---------------

File Backups: - C:SDFixbackupsbackups.zip

Files with Hidden Attributes:

Tue 18 Apr 2006 0 A.SH. --- "C:WINDOWSsystem32wupdmgr.tmp"
Fri 2 Dec 2005 4,348 A.SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Mon 20 Feb 2006 1,242 A..H. --- "C:Program FilesCommon FilesAOLIPHSendIPH.BAK"

Finished!
ComboFix 08-02.05.3 - Compaq_Administrator 2008-02-05 16:55:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.560 [GMT -8:00]
Running from: C:Documents and SettingsCompaq_AdministratorDesktopComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
C:WINDOWSsystem32winpfz32.sys
D:Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-05 16:30 . 2008-02-05 16:30 <DIR> d-------- C:WINDOWSERUNT
2008-02-05 16:05 . 2008-02-05 16:48 <DIR> d-------- C:SDFix
2008-02-05 15:03 . 2008-02-05 15:03 <DIR> d-------- C:Program FilesMicrosoft CAPICOM 2.1.0.2
2008-02-05 14:58 . 2008-02-05 15:05 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorSecurityScans
2008-02-05 14:57 . 2008-02-05 14:57 <DIR> d-------- C:Program FilesMicrosoft Baseline Security Analyzer 2
2008-02-04 22:47 . 2008-02-04 22:47 <DIR> d-------- C:Program FilesTrend Micro
2008-02-04 21:57 . 2008-02-04 22:33 <DIR> d-------- C:Program FilesMadz Software
2008-02-04 21:57 . 2008-02-05 16:49 0 --a------ C:FL.ini
2008-02-04 00:21 . 2008-02-05 15:15 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataFrostWire
2008-02-04 00:20 . 2008-02-04 11:52 <DIR> d-------- C:Program FilesFrostWire
2008-02-04 00:20 . 2008-02-04 00:20 <DIR> d-------- C:Program FilesAskSBar
2008-02-04 00:01 . 2008-02-04 00:01 <DIR> d-------- C:Program FilesNotsoSoftware
2008-02-02 20:47 . 2008-02-05 16:49 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataOpenOffice.org2
2008-02-02 20:43 . 2008-02-04 12:01 <DIR> d-------- C:Program FilesOpenOffice.org 2.3
2008-02-02 20:43 . 2007-09-24 23:31 69,632 --a------ C:WINDOWSsystem32javacpl.cpl
2008-02-02 20:11 . 2008-02-02 20:11 1,666,048 --a------ C:WINDOWSc01.ppt
2008-01-29 13:37 . 2008-01-29 13:37 3,877 --a------ C:WINDOWSassignement1.rtf
2008-01-15 22:44 . 2008-02-04 07:44 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataWinamp
2008-01-15 22:01 . 2008-02-04 07:27 <DIR> d-------- C:divx
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataYahoo!
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataYahoo! Companion
2008-01-07 17:16 . 2008-01-07 17:16 630,784 --a------ C:WINDOWSsystem32divxdec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 00:56 30,111,008 --sha-w C:WINDOWSsystem32driversfidbox.dat
2008-02-06 00:56 1,386,528 --sha-w C:WINDOWSsystem32driversfidbox2.dat
2008-02-06 00:22 407,096 --sha-w C:WINDOWSsystem32driversfidbox.idx
2008-02-06 00:22 130,772 --sha-w C:WINDOWSsystem32driversfidbox2.idx
2008-02-04 20:10 --------- d-----w C:Program FilesWinQual
2008-02-04 20:10 --------- d-----w C:Program FilesWinamp Toolbar
2008-02-04 20:10 --------- d-----w C:Program FilesWinamp
2008-02-04 20:10 --------- d-----w C:Program Files_ffdshow
2008-02-04 20:08 --------- d-----w C:Program FilesWarcraft III
2008-02-04 20:04 --------- d-----w C:Program FilesSteam
2008-02-04 20:03 --------- d-----w C:Program FilesSeaStorm 3D Screensaver
2008-02-04 20:03 --------- d-----w C:Program FilesQuickTime
2008-02-04 20:02 --------- d-----w C:Program FilesQuicken
2008-02-04 20:02 --------- d-----w C:Program FilesPC-Doctor 5 for Windows
2008-02-04 19:58 --------- d-----w C:Program FilesmyLinker
2008-02-04 19:58 --------- d-----w C:Program FilesMSN Encarta Standard
2008-02-04 19:58 --------- d-----w C:Program FilesmIRC
2008-02-04 19:57 --------- d-----w C:Program FilesMicrosoft Works
2008-02-04 19:56 --------- d-----w C:Program FilesMicrosoft Plus! Dancer LE
2008-02-04 19:56 --------- d-----w C:Program FilesMicrosoft Money 2005
2008-02-04 19:55 --------- d-----w C:Program FilesMegauploadToolbar
2008-02-04 19:54 --------- d-----w C:Program FilesiTunes
2008-02-04 19:54 --------- d-----w C:Program FilesiPod
2008-02-04 19:52 --------- d-----w C:Program FilesGemMaster
2008-02-04 19:52 --------- d-----w C:Program FilesEnglishOtto
2008-02-04 19:51 --------- d-----w C:Program FilesEasy Internet signup
2008-02-04 19:51 --------- d-----w C:Program FilesDivX
2008-02-04 19:51 --------- d-----w C:Program FilesCommon FilesPalo Alto Software
2008-02-04 19:50 --------- d---a-w C:Program FilesCommon FilesLightScribe
2008-02-04 19:49 --------- d-----w C:Program FilesCommon FilesAOL
2008-02-04 19:48 --------- d-----w C:Program FilesAOD
2008-02-04 19:48 --------- d-----w C:Program FilesAIM6
2008-02-04 19:47 --------- d-----w C:Program FilesAdvanced System Optimizer
2008-02-04 15:44 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DatauTorrent
2008-02-04 15:39 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataMSNInstaller
2008-02-04 15:39 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataMegauploadToolbar
2008-02-04 15:39 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataMedia Player Classic
2008-02-04 15:38 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataImage Zone Express
2008-02-04 15:32 --------- d-----w C:Documents and SettingsAll UsersApplication DataSTOPzilla!
2008-02-04 15:32 --------- d-----w C:Documents and SettingsAll UsersApplication DataQuickTime
2008-02-03 04:43 --------- d-----w C:Program FilesJava
2008-01-29 21:38 10,066 ----a-w C:Documents and SettingsCompaq_AdministratorApplication Datawklnhst.dat
2008-01-16 04:47 --------- d-----w C:Program FilesYahoo!
2008-01-06 21:31 --------- d-----w C:Program FilesKaspersky Lab
2008-01-04 21:59 524,288 ----a-w C:WINDOWSsystem32DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:WINDOWSsystem32qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:WINDOWSsystem32ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:WINDOWSsystem32libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:WINDOWSsystem32divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:WINDOWSsystem32divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:WINDOWSsystem32dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:WINDOWSsystem32divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:WINDOWSsystem32DivX.dll
2008-01-04 21:57 593,920 ----a-w C:WINDOWSsystem32dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:WINDOWSsystem32dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:WINDOWSsystem32dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:WINDOWSsystem32dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:WINDOWSsystem32dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:WINDOWSsystem32dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:WINDOWSsystem32dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:WINDOWSsystem32DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:WINDOWSsystem32DivXWMPExtType.dll
2007-11-07 09:26 721,920 ----a-w C:WINDOWSsystem32lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:WINDOWSsystem32dllcachelsasrv.dll
2007-11-06 08:10 24 ----a-w C:Documents and SettingsCompaq_Administratormylist.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-02-04 00:20 66912 --a------ C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 12:06 1135968 --a------ C:Program FilesWinamp Toolbarwinamptb.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-04 00:20 267592 --a------ C:Program FilesAskSBarbar1.binASKSBAR.DLL

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOTclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOTclsid{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOTTypeLib{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj]

[HKEY_CLASSES_ROOTclsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:Program FilesWinamp Toolbarwinamptb.dll [2007-10-04 12:06 1135968]
"{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}"= C:WINDOWSiptool.dll [2007-03-27 23:59 233472]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:Program FilesAskSBarbar1.binASKSBAR.DLL [2008-02-04 00:20 267592]

[HKEY_CLASSES_ROOTclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOTclsid{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOTTypeLib{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj]

[HKEY_CLASSES_ROOTclsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-10 11:00 15360]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 15:24 1694208]
"Startup Manager"="C:Documents and SettingsCompaq_AdministratorApplication DataSystweakASO 2smstartUp manager.exe" [ ]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-06-10 17:43 68856]
"Aim6"="" []
"onmuzfirstupdate"="C:Program Filesonmuzplusonmuzup.exe" [ ]
"RegistryCleanFixMFC"="C:Program FilesRegistryCleanerregistrycleaner.exe" [ ]
"DriveDiscoveryMemoryResident"="C:Program FilesNotsoSoftwareDriveDiscoveryNSSMR.exe" [2007-01-30 12:30 462848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="C:WINDOWSehomeehtray.exe" [2004-08-10 18:04 59392]
"PCDrProfiler"="" []
"HPBootOp"="C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" [2005-02-25 21:34 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 01:56 544768 C:WINDOWSsm56hlpr.exe]
"LSBWatcher"="c:hpdrivershplsbwatcherlsburnwatcher.exe" [2005-05-10 16:50 253952]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2005-08-05 08:28 180269]
"IMJPMIG8.1"="C:WINDOWSIMEimjp8_1IMJPMIG.exe" [2004-08-10 04:00 208952]
"IMEKRMIG6.1"="C:WINDOWSimeimkr6_1IMEKRMIG.EXE" [2004-08-10 04:00 44032]
"MSPY2002"="C:WINDOWSsystem32IMEPINTLGNTImScInst.exe" [2004-08-10 04:00 59392]
"{D4-4D-DA-AD-ZN}"="C:windowssystem32dwdsregt.exe" [ ]
"kav"="C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" [2006-03-24 19:09 139367]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [2007-09-26 13:42 267064]
"WinampAgent"="C:Program FilesWinampwinampa.exe" [2007-12-20 07:16 37376]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" [2003-07-15 04:53 34880]

C:Documents and SettingsCompaq_AdministratorStart MenuProgramsStartup
OpenOffice.org 2.3.lnk - C:Program FilesOpenOffice.org 2.3programquickstart.exe [2007-08-17 21:57:56 393216]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Compaq Connections.lnk - C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe [2005-08-05 08:46:22 36903]
Google Updater.lnk - C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe [2007-02-19 21:21:57 124152]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"= C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"= C:WINDOWSResourcesThemesRoyale.theme

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorershellexecutehooks]
"{24282ED1-2289-4AE7-B1B9-88967EB00560}"= C:Program FilesHanmaroMediaRoseAgentShellLauncher.dll [2006-09-25 23:25 122880]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:Program FilesViewpointCommonViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 03:55:01 C:WINDOWSTasksAppleSoftwareUpdate.job"
- C:Program FilesApple Software UpdateSoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:56:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 16:57:11
ComboFix-quarantined-files.txt 2008-02-06 00:56:56
.
2008-01-09 07:56:29 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:42 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsm56hlpr.exe
C:hpdrivershplsbwatcherlsburnwatcher.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWinampwinampa.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNotsoSoftwareDriveDiscoveryNSSMR.exe
C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe
C:Program FilesOpenOffice.org 2.3programsoffice.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesOpenOffice.org 2.3programsoffice.BIN
C:HPKBDKBD.EXE
C:WINDOWSALCXMNTR.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
c:windowssystemhpsysdrv.exe
C:WINDOWSsystem32conime.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: IP Tool - {2A14C48F-9C74-4e60-A6A1-A5E134D5B436} - C:WINDOWSiptool.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [LSBWatcher] c:hpdrivershplsbwatcherlsburnwatcher.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [IMEKRMIG6.1] C:WINDOWSimeimkr6_1IMEKRMIG.EXE
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [{D4-4D-DA-AD-ZN}] C:windowssystem32dwdsregt.exe CCM001
O4 - HKLM..Run: [kav] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Startup Manager] C:Documents and SettingsCompaq_AdministratorApplication DataSystweakASO 2smstartUp manager.exe
O4 - HKCU..Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [onmuzfirstupdate] C:Program Filesonmuzplusonmuzup.exe
O4 - HKCU..Run: [RegistryCleanFixMFC] C:Program FilesRegistryCleanerregistrycleaner.exe
O4 - HKCU..Run: [DriveDiscoveryMemoryResident] C:Program FilesNotsoSoftwareDriveDiscoveryNSSMR.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:Program FilesOpenOffice.org 2.3programquickstart.exe
O4 - Startup: spysheriff.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Add To Compaq Organize... - C:PROGRA~1HEWLET~1COMPAQ~1bin/module.main/favoritesie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {39C23151-5D69-4142-85A2-E0CCBC0A3A9B} (OnmuzWebActiveCtl Control) - http://211.168.120.7/~goldnboy/OnmuzWebActive.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202251726468
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/test/Online.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 10663 bytes
hope u can help me more


Dreamweaver - 6-2-2008 at 01:23

I am merging this with the other post as it's getting rather confusing.

Apologlies to Pancake if this is somewhat confusing.


Pancake - 6-2-2008 at 01:26

Let me know if there is an improvment..



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O4 - Startup: spysheriff.lnk = ?
O4 - Startup: Think-Adz.lnk = C:WINDOWSsystem32asysgdiz.exe

Reboot..

===========================


Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


LSemmens - 6-2-2008 at 14:05

Thankyou for jumping in Pancake, I'll leave kkamshi in your capable hands! FYI kkamshi, Pancake is our resident expert and will help you to resolve the "nasties", once they are fixed, the other items may also be resolved, otherwise we'll keep plugging at it until it is.


kkamshi - 7-2-2008 at 00:12

i cant run the internet scan it says its not able to let me download it and i installed the internet explorer 7.0 and its still not lettin me run the scan any suggestions? is it because i have the anti-virus program on my desktop???i also hav Tor, privoxy for some reason should i delete these. I think they are some kind of cleaner programs but not sure


Pancake - 7-2-2008 at 00:42

It would help if this page stopped scrolling.I cant see the other part of you log..it a pain. Disable your virus program and then try the download again.If you not sure how to disable go here :

http://www.bleepingcomputer.com/forums/topic114351.html


kkamshi - 7-2-2008 at 04:49

SDFix: Version 1.137

Run by Compaq_Administrator on 02/05/2008 Tue at 04:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:Documents and SettingsCompaq_AdministratorLocal SettingsTempaax24.tmp.exe - Deleted
C:Documents and SettingsCompaq_AdministratorStart MenuProgramsStartupThink-Adz.lnk - Deleted
C:WINDOWSsystem32msnav32.ax - Deleted
C:WINDOWSsystem32zxdnt3d.cfg - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:43:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart Menu2Programs\xb67ex42724xc1cc]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,..

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart Menu2Programs\xb67ex42724xc1cc\xb67ex42724xc1ccxaff1]
"Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,7c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1133580026\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1133580026\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1133580026\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1133580026\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\1139962237\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1139962237\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1139962237\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1139962237\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\BugsSvr.exe"="C:\WINDOWS\system32\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe:*:Enabled:μTorrent"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BugsCorp\BugsAppPlayer\bin\BugsSvr.exe"="C:\Program Files\BugsCorp\BugsAppPlayer\bin\BugsSvr.exe:*:Enabled:P3AoDSvr Module"
"C:\WINDOWS\system32\p3bvsvr.exe"="C:\WINDOWS\system32\p3bvsvr.exe:*:Enabled:Bugs VoD Server"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"

Remaining Files:
---------------

File Backups: - C:SDFixbackupsbackups.zip

Files with Hidden Attributes:

Tue 18 Apr 2006 0 A.SH. --- "C:WINDOWSsystem32wupdmgr.tmp"
Fri 2 Dec 2005 4,348 A.SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Mon 20 Feb 2006 1,242 A..H. --- "C:Program FilesCommon FilesAOLIPHSendIPH.BAK"

Finished!


kkamshi - 7-2-2008 at 04:51

sorru wrong log this is the correct one
ComboFix 08-02.05.3 - Compaq_Administrator 2008-02-05 16:55:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.560 [GMT -8:00]
Running from: C:Documents and SettingsCompaq_AdministratorDesktopComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
C:WINDOWSsystem32winpfz32.sys
D:Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-05 16:30 . 2008-02-05 16:30 <DIR> d-------- C:WINDOWSERUNT
2008-02-05 16:05 . 2008-02-05 16:48 <DIR> d-------- C:SDFix
2008-02-05 15:03 . 2008-02-05 15:03 <DIR> d-------- C:Program FilesMicrosoft CAPICOM 2.1.0.2
2008-02-05 14:58 . 2008-02-05 15:05 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorSecurityScans
2008-02-05 14:57 . 2008-02-05 14:57 <DIR> d-------- C:Program FilesMicrosoft Baseline Security Analyzer 2
2008-02-04 22:47 . 2008-02-04 22:47 <DIR> d-------- C:Program FilesTrend Micro
2008-02-04 21:57 . 2008-02-04 22:33 <DIR> d-------- C:Program FilesMadz Software
2008-02-04 21:57 . 2008-02-05 16:49 0 --a------ C:FL.ini
2008-02-04 00:21 . 2008-02-05 15:15 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataFrostWire
2008-02-04 00:20 . 2008-02-04 11:52 <DIR> d-------- C:Program FilesFrostWire
2008-02-04 00:20 . 2008-02-04 00:20 <DIR> d-------- C:Program FilesAskSBar
2008-02-04 00:01 . 2008-02-04 00:01 <DIR> d-------- C:Program FilesNotsoSoftware
2008-02-02 20:47 . 2008-02-05 16:49 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataOpenOffice.org2
2008-02-02 20:43 . 2008-02-04 12:01 <DIR> d-------- C:Program FilesOpenOffice.org 2.3
2008-02-02 20:43 . 2007-09-24 23:31 69,632 --a------ C:WINDOWSsystem32javacpl.cpl
2008-02-02 20:11 . 2008-02-02 20:11 1,666,048 --a------ C:WINDOWSc01.ppt
2008-01-29 13:37 . 2008-01-29 13:37 3,877 --a------ C:WINDOWSassignement1.rtf
2008-01-15 22:44 . 2008-02-04 07:44 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataWinamp
2008-01-15 22:01 . 2008-02-04 07:27 <DIR> d-------- C:divx
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:Documents and SettingsCompaq_AdministratorApplication DataYahoo!
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataYahoo! Companion
2008-01-07 17:16 . 2008-01-07 17:16 630,784 --a------ C:WINDOWSsystem32divxdec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 00:56 30,111,008 --sha-w C:WINDOWSsystem32driversfidbox.dat
2008-02-06 00:56 1,386,528 --sha-w C:WINDOWSsystem32driversfidbox2.dat
2008-02-06 00:22 407,096 --sha-w C:WINDOWSsystem32driversfidbox.idx
2008-02-06 00:22 130,772 --sha-w C:WINDOWSsystem32driversfidbox2.idx
2008-02-04 20:10 --------- d-----w C:Program FilesWinQual
2008-02-04 20:10 --------- d-----w C:Program FilesWinamp Toolbar
2008-02-04 20:10 --------- d-----w C:Program FilesWinamp
2008-02-04 20:10 --------- d-----w C:Program Files_ffdshow
2008-02-04 20:08 --------- d-----w C:Program FilesWarcraft III
2008-02-04 20:04 --------- d-----w C:Program FilesSteam
2008-02-04 20:03 --------- d-----w C:Program FilesSeaStorm 3D Screensaver
2008-02-04 20:03 --------- d-----w C:Program FilesQuickTime
2008-02-04 20:02 --------- d-----w C:Program FilesQuicken
2008-02-04 20:02 --------- d-----w C:Program FilesPC-Doctor 5 for Windows
2008-02-04 19:58 --------- d-----w C:Program FilesmyLinker
2008-02-04 19:58 --------- d-----w C:Program FilesMSN Encarta Standard
2008-02-04 19:58 --------- d-----w C:Program FilesmIRC
2008-02-04 19:57 --------- d-----w C:Program FilesMicrosoft Works
2008-02-04 19:56 --------- d-----w C:Program FilesMicrosoft Plus! Dancer LE
2008-02-04 19:56 --------- d-----w C:Program FilesMicrosoft Money 2005
2008-02-04 19:55 --------- d-----w C:Program FilesMegauploadToolbar
2008-02-04 19:54 --------- d-----w C:Program FilesiTunes
2008-02-04 19:54 --------- d-----w C:Program FilesiPod
2008-02-04 19:52 --------- d-----w C:Program FilesGemMaster
2008-02-04 19:52 --------- d-----w C:Program FilesEnglishOtto
2008-02-04 19:51 --------- d-----w C:Program FilesEasy Internet signup
2008-02-04 19:51 --------- d-----w C:Program FilesDivX
2008-02-04 19:51 --------- d-----w C:Program FilesCommon FilesPalo Alto Software
2008-02-04 19:50 --------- d---a-w C:Program FilesCommon FilesLightScribe
2008-02-04 19:49 --------- d-----w C:Program FilesCommon FilesAOL
2008-02-04 19:48 --------- d-----w C:Program FilesAOD
2008-02-04 19:48 --------- d-----w C:Program FilesAIM6
2008-02-04 19:47 --------- d-----w C:Program FilesAdvanced System Optimizer
2008-02-04 15:44 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DatauTorrent
2008-02-04 15:39 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataMSNInstaller
2008-02-04 15:39 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataMegauploadToolbar
2008-02-04 15:39 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataMedia Player Classic
2008-02-04 15:38 --------- d-----w C:Documents and SettingsCompaq_AdministratorApplication DataImage Zone Express
2008-02-04 15:32 --------- d-----w C:Documents and SettingsAll UsersApplication DataSTOPzilla!
2008-02-04 15:32 --------- d-----w C:Documents and SettingsAll UsersApplication DataQuickTime
2008-02-03 04:43 --------- d-----w C:Program FilesJava
2008-01-29 21:38 10,066 ----a-w C:Documents and SettingsCompaq_AdministratorApplication Datawklnhst.dat
2008-01-16 04:47 --------- d-----w C:Program FilesYahoo!
2008-01-06 21:31 --------- d-----w C:Program FilesKaspersky Lab
2008-01-04 21:59 524,288 ----a-w C:WINDOWSsystem32DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:WINDOWSsystem32qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:WINDOWSsystem32ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:WINDOWSsystem32libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:WINDOWSsystem32divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:WINDOWSsystem32divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:WINDOWSsystem32dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:WINDOWSsystem32divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:WINDOWSsystem32DivX.dll
2008-01-04 21:57 593,920 ----a-w C:WINDOWSsystem32dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:WINDOWSsystem32dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:WINDOWSsystem32dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:WINDOWSsystem32dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:WINDOWSsystem32dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:WINDOWSsystem32dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:WINDOWSsystem32dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:WINDOWSsystem32DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:WINDOWSsystem32DivXWMPExtType.dll
2007-11-07 09:26 721,920 ----a-w C:WINDOWSsystem32lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:WINDOWSsystem32dllcachelsasrv.dll
2007-11-06 08:10 24 ----a-w C:Documents and SettingsCompaq_Administratormylist.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-02-04 00:20 66912 --a------ C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 12:06 1135968 --a------ C:Program FilesWinamp Toolbarwinamptb.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-04 00:20 267592 --a------ C:Program FilesAskSBarbar1.binASKSBAR.DLL

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOTclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOTclsid{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOTTypeLib{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj]

[HKEY_CLASSES_ROOTclsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:Program FilesWinamp Toolbarwinamptb.dll [2007-10-04 12:06 1135968]
"{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}"= C:WINDOWSiptool.dll [2007-03-27 23:59 233472]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:Program FilesAskSBarbar1.binASKSBAR.DLL [2008-02-04 00:20 267592]

[HKEY_CLASSES_ROOTclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOTclsid{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOTTypeLib{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOTIP Tool.IP ToolObj]

[HKEY_CLASSES_ROOTclsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-10 11:00 15360]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 15:24 1694208]
"Startup Manager"="C:Documents and SettingsCompaq_AdministratorApplication DataSystweakASO 2smstartUp manager.exe" [ ]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-06-10 17:43 68856]
"Aim6"="" []
"onmuzfirstupdate"="C:Program Filesonmuzplusonmuzup.exe" [ ]
"RegistryCleanFixMFC"="C:Program FilesRegistryCleanerregistrycleaner.exe" [ ]
"DriveDiscoveryMemoryResident"="C:Program FilesNotsoSoftwareDriveDiscoveryNSSMR.exe" [2007-01-30 12:30 462848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="C:WINDOWSehomeehtray.exe" [2004-08-10 18:04 59392]
"PCDrProfiler"="" []
"HPBootOp"="C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" [2005-02-25 21:34 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 01:56 544768 C:WINDOWSsm56hlpr.exe]
"LSBWatcher"="c:hpdrivershplsbwatcherlsburnwatcher.exe" [2005-05-10 16:50 253952]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2005-08-05 08:28 180269]
"IMJPMIG8.1"="C:WINDOWSIMEimjp8_1IMJPMIG.exe" [2004-08-10 04:00 208952]
"IMEKRMIG6.1"="C:WINDOWSimeimkr6_1IMEKRMIG.EXE" [2004-08-10 04:00 44032]
"MSPY2002"="C:WINDOWSsystem32IMEPINTLGNTImScInst.exe" [2004-08-10 04:00 59392]
"{D4-4D-DA-AD-ZN}"="C:windowssystem32dwdsregt.exe" [ ]
"kav"="C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" [2006-03-24 19:09 139367]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [2007-09-26 13:42 267064]
"WinampAgent"="C:Program FilesWinampwinampa.exe" [2007-12-20 07:16 37376]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" [2003-07-15 04:53 34880]

C:Documents and SettingsCompaq_AdministratorStart MenuProgramsStartup
OpenOffice.org 2.3.lnk - C:Program FilesOpenOffice.org 2.3programquickstart.exe [2007-08-17 21:57:56 393216]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Compaq Connections.lnk - C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe [2005-08-05 08:46:22 36903]
Google Updater.lnk - C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe [2007-02-19 21:21:57 124152]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"= C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"= C:WINDOWSResourcesThemesRoyale.theme

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorershellexecutehooks]
"{24282ED1-2289-4AE7-B1B9-88967EB00560}"= C:Program FilesHanmaroMediaRoseAgentShellLauncher.dll [2006-09-25 23:25 122880]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:Program FilesViewpointCommonViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 03:55:01 C:WINDOWSTasksAppleSoftwareUpdate.job"
- C:Program FilesApple Software UpdateSoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:56:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 16:57:11
ComboFix-quarantined-files.txt 2008-02-06 00:56:56
.
2008-01-09 07:56:29 --- E O F ---


Pancake - 7-2-2008 at 05:02

Ok.It looks as if the infection has gone so now lets go with the Kaspersky scan and see what we have.


kkamshi - 7-2-2008 at 05:03

"Update process failed. No further Anti-virus actions can be performed
Attention You must be online toactivate Kaspersky online scanner, since the latest anti-virus bases version must be downloaded prior to scan, Otherwise we cannot gurantee detection of latest viruses (21)"
That's what it says when i try to run the webscan even after i turned off the anti-virus program and I am also online
Wat u think is goin on??


Pancake - 7-2-2008 at 05:32

Strange....anyway how is your system now.Are you still getting the problem.Can you run your Trend Micro and do a scan.?


LSemmens - 7-2-2008 at 12:53

Sorry, PK, the scrolling text is as a result of the board interpreting some of the text as BB code for scrolling, In future, when you ask people to post, it may be prudent to include in your instructions to check the "Turn BBCode off?" checkbox on the right of the "Quick Reply Box" or at the bottom of the normal reply box.


Pancake - 7-2-2008 at 21:47

Quote:
Originally posted by LSemmens
Sorry, PK, the scrolling text is as a result of the board interpreting some of the text as BB code for scrolling, In future, when you ask people to post, it may be prudent to include in your instructions to check the "Turn BBCode off?" checkbox on the right of the "Quick Reply Box" or at the bottom of the normal reply box.



Yes I will have to remember that.


Pancake - 7-2-2008 at 21:49

Ok kkamshi


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:


Registry::
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"onmuzfirstupdate"=-
"Systweak Wallpaper Changer"=-
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"{D4-4D-DA-AD-ZN}"=-



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


[bad img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/bad img]

Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*