Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices

Register your FREE account to unlock additional features at WindowsBBS.com
 
 
LinkBack Thread Tools
Old 9th November 2006   #1
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Unhappy

Virus -MemScan:Trojan.Downloader.Mohbpork.A -


Hi! Its my first time here and hoping this will help. I use Freedom antivirus ( thru my internet supplier) but I also use Bit Defender. when I scan with Bit Defender it always picks up this virus, sends it to quarentine but when I scan again, it will continually pick it up. Some shortcuts have mysteriously been removed from my desktop, often links won't work on web pages and generally the computer is just not performing as expected. Extremely slow on startup, very slow when connecting to internet, lots of freeze ups and many many programs not responding. Can You help? Thanks Dana

Dcmurray is offline  
Old 9th November 2006   #2
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

Hello and welcome to WindowsBBS Forums.

Here is how we like to begin our analysis of your pc:

For starters, if you do not have them yet, please DL and run AdAware & Spybot Search & Destroy. AdAware and Spybot Search & Destroy are 2 of the most trusted apps in the security area. They are both free, compliment each other nicely, and do not use a lot of resources. They can be found here:

Spybot Search & Destroy v.1.4
AdAware SE Free v1.06r

With AdAware and Spybot: DL, follow the install instructions, check for updates, then scan, repair/remove/quarantine anything found. Reboot before next scan with whichever app is next. The reason for running these apps, is to clean up some of the other 'crapware' on your pc, which, in turn, will make deciphering your HJT log, easier.

Then we use HiJackThis v:1.99.1zip.
DL the zip file to your desktop, then create a new folder on your C drive, called 'HJT' or 'HijackThis'. Then unzip the files to the new folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Run the program, and press Scan. You will notice the Scan button will turn into a "Save Log" button. Save the log and Post that log onto this topic. DO NOT DELETE or modify anything yet, as some of it is needed to keep your system in proper working order.

TeMerc is offline  
Old 9th November 2006   #3
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Hijackthis log attached hope I did everything right


Logfile of HijackThis v1.99.1
Scan saved at 4:29:43 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142097753734
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us14/n.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4004005C-6A51-46E6-B143-D00612DC5610}: NameServer = 85.255.115.98,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF557216-E0A6-4C2A-A647-CCA870042E7D}: NameServer = 85.255.115.98,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A72C86-879D-4423-B4DC-E2BB220FDFDE}: NameServer = 85.255.115.98,85.255.112.80
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Dcmurray is offline  
Old 9th November 2006   #4
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

I'd like to see some more info off your machine before we continue.

Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

TeMerc is offline  
Old 9th November 2006   #5
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

SilentRunner Log


Please find attached the Silentrunner log as requested.

Thank you!!


"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"PowerBar" = "(empty string)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IntelAudioStudio" = ""C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT" ["Intel Corporation"]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SigmatelSysTrayApp" = "sttray.exe" [file not found]
"RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
"LGODDFU" = ""C:\Program Files\lg_fwupdate\fwupdate.exe" blrun" [null data]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]
"Motive SmartBridge" = "C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Freedom" = "C:\Program Files\Zero Knowledge\Freedom\Freedom.exe" ["Zero-Knowledge Systems Inc."]
"BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]
"BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\(Default) = "Pop-Up Blocker BHO"
-> {HKLM...CLSID} = "PopKill Class"
\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\pkR.dll" ["Zero-Knowledge Systems Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{56071E0D-C61B-11D3-B41C-00E02927A304}\(Default) = "Form Filler BHO"
-> {HKLM...CLSID} = "ZKBho Class"
\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll" ["Zero-Knowledge Systems Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" [file not found]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
-> {HKLM...CLSID} = "BDMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender10\bdshelxt.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "sockspy.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "System" = "csnbo.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BDMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender10\bdshelxt.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sspipes.scr" [MS]


Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]
"Net Assistant" -> shortcut to: "C:\Program Files\Aliant\Net Assistant\bin\matcli.exe -boot" ["Motive Communications, Inc."]


Enabled Scheduled Tasks:
------------------------

"Ad-Aware SE Personal" -> launches: "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" ["Lavasoft Sweden"]
"AVG Free Control Center" -> launches: "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [file not found]
"CCleaner" -> launches: "C:\PROGRA~1\CCleaner\ccleaner.exe" ["Piriform Ltd"]
"CleanUp!" -> launches: "C:\PROGRA~1\CleanUp!\Cleanup.exe" ["Steven R. Gould"]
"Spybot - Search & Destroy" -> launches: "C:\PROGRA~1\SPYBOT~1\SpybotSD.exe" ["Safer Networking Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalo g5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog 9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."]
DvpApi, dvpapi, ""C:\Program Files\Common Files\Command Software\dvpapi.exe"" ["Command Software Systems, Inc."]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
Intel(R) Matrix Storage Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe" ["Intel Corporation"]
SigmaTel Audio Service, STacSV, "C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe" ["SigmaTel, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
Language Monitor\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 69 seconds, including 17 seconds for message boxes)

Dcmurray is offline  
Old 10th November 2006   #6
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

Ok, thanks for running that tool. It showed a file which was not present in the HJT log.


Below you will find my results and recommendations from your HijackThis! log file analysis. Please read ALL instructions carefully BEFORE proceeding.

Download combofix.exe. Save it to your desktop

Do not use it yet, we will shortly.


Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It cannot be installed on the desktop.

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.


1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot", and then select "All files".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\csnbo.exe

4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.


Do not reboot yet.

Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.




O17 - HKLM\System\CCS\Services\Tcpip\..\{4004005C-6A51-46E6-B143-D00612DC5610}: NameServer =
85.255.115.98,85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF557216-E0A6-4C2A-A647-CCA870042E7D}: NameServer = 85.255.115.98,85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A72C86-879D-4423-B4DC-E2BB220FDFDE}: NameServer = 85.255.115.98,85.255.112.80


Reboot then run ComboFix:
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Once that has run, also please give me a fresh HJT log file.

TeMerc is offline  
Old 10th November 2006   #7
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Killbox not working


Hey - Thanks for your help so far!!!!

I have just downloaded Killbox to the desktop and when I try to run it the following message comes up.

"Componant 'MSCOMCTL.OCX' or one of its dependencies not correctly registered: A file is missing or invalid."

I have only moved the HJT from the desktop to its own folder in "My Computer" so far and will wait for further instructions.

Thanks Again!!!

Dcmurray is offline  
Old 10th November 2006   #8
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Some Changes


While I was out today, my son downloaded the latest windows update which included Explorer 7. Since that happened, when I log on, I am know receiving the following message:

SMARTBRIDGE ALERTS: MOTIVESM.EXE ENTRY POINT NO FOUND.
The Procedure pot GetProcessImageFileNameW could not be located in the dynamic link library PSAPI.DLL

Because of my extremely limited computer know how, I don't know what this means or if the downloads will affect anything you have done so far.

I thought I would let You know just in case.

PS. I had a peek at your website and found it very informative so far. Thanks.

Dcmurray is offline  
Old 10th November 2006   #9
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

Originally Posted by Dcmurray
Hey - Thanks for your help so far!!!!

I have just downloaded Killbox to the desktop and when I try to run it the following message comes up.

"Componant 'MSCOMCTL.OCX' or one of its dependencies not correctly registered: A file is missing or invalid."

I have only moved the HJT from the desktop to its own folder in "My Computer" so far and will wait for further instructions.

Thanks Again!!!
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Quote:
While I was out today, my son downloaded the latest windows update which included Explorer 7. Since that happened, when I log on, I am know receiving the following message:

SMARTBRIDGE ALERTS: MOTIVESM.EXE ENTRY POINT NO FOUND.
The Procedure pot GetProcessImageFileNameW could not be located in the dynamic link library PSAPI.DLL

Because of my extremely limited computer know how, I don't know what this means or if the downloads will affect anything you have done so far.
See this MS support page

TeMerc is offline  
Old 11th November 2006   #10
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

OK - Logs as requested


After the Explorer 7 version was downloaded and after using the links that you provided for me, it was still not working for me and I was unable to connect to the internet. I used system restore to a point yesterday prior to the update. Plse find a Hijackthis log which was run immediately after the System Restore.

Logfile of HijackThis v1.99.1
Scan saved at 2:37:43 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142097753734
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us14/n.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4004005C-6A51-46E6-B143-D00612DC5610}: NameServer = 85.255.115.98,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF557216-E0A6-4C2A-A647-CCA870042E7D}: NameServer = 85.255.115.98,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A72C86-879D-4423-B4DC-E2BB220FDFDE}: NameServer = 85.255.115.98,85.255.112.80
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing
)

Dcmurray is offline  
Old 11th November 2006   #11
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Continued


I then followed your instructions for Killbox but at the Pending Operations Prompt the only option was "OK". There was yes or no options. I clicked OK and continued. Please find the Hijackthis log which was run after checking the entries as instructed.

Logfile of HijackThis v1.99.1
Scan saved at 2:40:55 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142097753734
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us14/n.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



Rebooted as instructed and ran Combofix. The log follows.

Owner - 06-11-11 14:44:29.78 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-10-29 10:02 325 --a------ C:\WINDOWS\initialize.bat
2006-10-29 07:36 33,408 --------- C:\WINDOWS\system32\drivers\freedom.sys
2006-10-22 10:26 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 14:46 -------- d-------- C:\Program Files\Common Files\Command Software
2006-11-11 14:43 -------- d-------- C:\Program Files\lg_fwupdate
2006-11-11 11:36 -------- d-------- C:\Program Files\Microsoft Games
2006-11-11 11:35 -------- d-------- C:\Program Files\Internet Explorer
2006-11-11 11:35 -------- d-------- C:\Program Files\Common Files\PestPatrol
2006-11-09 11:24 -------- d-------- C:\Program Files\Lavasoft
2006-11-09 11:24 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-11-08 17:34 -------- d-------- C:\Program Files\QuickTime
2006-11-08 17:33 -------- d-------- C:\Program Files\Hard Truck 18 Wheels
2006-11-07 19:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-06 10:58 -------- d-------- C:\Program Files\directx
2006-11-05 19:47 -------- d-------- C:\Documents and Settings\Owner\Application Data\Bitdefender
2006-11-05 19:42 -------- d-------- C:\Program Files\Softwin
2006-11-05 19:42 -------- d-------- C:\Program Files\Common Files\Softwin
2006-11-03 12:44 -------- d-------- C:\Program Files\Common Files
2006-11-03 10:27 241 --a------ C:\Program Files\setuplog.txt
2006-11-01 23:16 -------- d-------- C:\Program Files\Real
2006-10-29 11:43 -------- d-------- C:\Program Files\LimeWire
2006-10-29 09:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2006-10-29 07:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\Zero Knowledge
2006-10-29 07:36 -------- d-------- C:\Program Files\Zero Knowledge
2006-10-15 07:47 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-14 23:52 -------- d-------- C:\Program Files\ATS2
2006-10-14 23:48 -------- d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2006-10-14 22:59 -------- d-------- C:\Program Files\Trustix
2006-10-13 07:33 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-05 13:16 -------- d-------- C:\Program Files\Windows Media Player
2006-10-05 13:16 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-10-01 17:35 -------- d-------- C:\Program Files\Ahead
2006-09-30 21:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2006-09-29 17:39 -------- d-------- C:\Program Files\fsupport
2006-09-24 20:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-09-24 19:57 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-24 19:57 -------- d-------- C:\Program Files\Common Files\Real
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 21:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-08-24 21:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 21:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-08-24 21:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-08-24 21:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-22 16:08 77824 --a------ C:\WINDOWS\system32\xcomm.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 19:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-08 11:33 774144 --a------ C:\Program Files\RngInterstitial.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IntelAudioStudio"="\"C:\\Program Files\\Intel Audio Studio\\IntelAudioStudio.exe\" BOOT"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SigmatelSysTrayApp"="sttray.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\" blrun"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\Aliant\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\Freedom.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00, 00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2, 02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2, 02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\share dtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceob jectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061111-143940-673
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A72C86-879D-4423-B4DC-E2BB220FDFDE}: NameServer = 85.255.115.98,85.255.112.80
backup-20061111-143940-519
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF557216-E0A6-4C2A-A647-CCA870042E7D}: NameServer = 85.255.115.98,85.255.112.80
backup-20061111-143940-665
O17 - HKLM\System\CCS\Services\Tcpip\..\{4004005C-6A51-46E6-B143-D00612DC5610}: NameServer = 85.255.115.98,85.255.112.80

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\AVG Free Control Center.job
C:\WINDOWS\tasks\CCleaner.job
C:\WINDOWS\tasks\CleanUp!.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job

Completion time: 06-11-11 14:47:11.87
C:\ComboFix.txt ... 06-11-11 14:47


FYI - I reran Freedom antispyware prior to the above and it found 757 entries. These files also consistently show up when I run this program. These are the applications that always show up. I don't know if it is any help to you but I thought I would let you have a look anyways.

MidAddle Application 11/9/2006 7:25:01 PM
WinNuker 0.2 Application 11/9/2006 7:25:01 PM
2o7.net Tracking cookie 11/10/2006 1:19:40 PM
2o7.net Tracking cookie 11/10/2006 2:03:44 PM
2o7.net Tracking cookie 11/11/2006 12:37:02 PM
Downloader.WinAntiSpyware2006 Application 11/11/2006 1:08:34 PM
Media Pass Application 11/11/2006 1:08:34 PM
(There were over 700 files of this today.

Again, Thank you for all of your help so far.

Dcmurray is offline  
Old 12th November 2006   #12
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Microsoft Support


After posting the previous logs, I was in contact with Microsoft Support who took control of my computer and redownloaded IE 7.
The following is a list of changes made:

Action: Customer installed IE7

Result: Customer got error message" Proceedure Point Point "Get Process Image File Name W could not be located in the Dynamic Link Library psapi.dll"

Cause: Motive Smart Bridge

Resolution:Renamed psapi.dll to psapi.old and added registry values

HKCU\software\Microsoft\Internet Explorer\Main\RunOnceHasShown, RunOnceComplete

I'm unsure if any of these changes affect what you are trying to help me with, so as the changes come up, I will keep you updated.

Thank You


Last edited by Dcmurray; 12th November 2006 at 02:57.
Dcmurray is offline  
Old 12th November 2006   #13
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

Ok, the HJT log and ComboFix logs appear to be ok.

Can you please give me the file paths the Freedom software found these infections, or are they registry points?

Cookies of any sort can be omitted from any logs\findings as they do not pose a threat. They are merely text files.

TeMerc is offline  
Old 12th November 2006   #14
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

Trojan


I tried to find the paths with Freedom but the only information that I can find is basically what I gave to you already. Unless I just ain't looking in the right place. Plse see the last post, I found the files!

The other problem that I keep coming up against is this Trojan that keeps showing up on my system. Only BitDefender finds it but is there a way that I can format Freedom to stop this from even getting this far? I have included the Bit Defender log which shows a lot more info than the Freedom log.


My Trial version of Bit Defender expires today, although the free scan is still available and works to remove the Trojan files. Is it possible that I have a file that is creating this Trojan or does it always have to to enter through the internet?

Another problem that continues is more often than not, when I click on a link, it does nothing. So I have to right click and copy shortcut.

//-----------------------------------------------------------------
//
// Product BitDefender Antivirus Plus v10
// Product 10.0
//
// Created on: 07/11/2006 19:11:19
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 4637
Files : 174323
Memory processes scanned : 43
Archives : 1541
Runtime packers : 6225
Identified viruses : 1
Infected files : 17
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 17
I/O errors : 580
Scan time : 00:33:54
Scan speed (files/sec) : 85

Spyware Statistics

Registry keys scanned : 1601
Registry keys infected : 0
Cookies scanned : 1
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 334933
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1162941079.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0145307.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0145307.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0145307.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0145329.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0145329.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0145329.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0146329.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0146329.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0146329.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0147329.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0147329.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0147329.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148329.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148329.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148329.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148343.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148343.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148343.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148354.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148354.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148354.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148362.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148362.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP183\A0148362.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0149362.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0149362.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0149362.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0150362.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0150362.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0150362.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0151362.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0151362.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0151362.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0151373.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0151373.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0151373.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152373.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152373.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152373.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152385.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152385.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152385.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152394.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152394.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152394.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152402.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152402.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0152402.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0153402.exe Infected: MemScan:Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0153402.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP184\A0153402.exe Moved


Some problems that I am still having is a lot of "Not Responding" Prompts, Outlook Express is the main issue there - often Outlook cannot connect. Although, it isn't just Outlook. When I tried to run Spybot yesterday, it ran for over 2 hours and only 1100 files were scanned within that time. The mouse was extremely jumpy while spybot was open, but when I closed it, the mouse went back to normal.

Also use "CleanUp". Normally, this will run extremely fast, but now it runs sparadically although it still gets the job done.

So, in short, my system is running much better, but it still isn't all the way there yet.

I soooo appreciate your help. Thank you.


Last edited by Dcmurray; 12th November 2006 at 16:22.
Dcmurray is offline  
Old 12th November 2006   #15
Senior Member
THREAD STARTER
 
Profile:
Join Date: Nov 2006
Location: Halifax,NS Canada
Posts: 237
Computer Experience:
Beginning 2 b a Beginner
Dcmurray Reputation Level

More Trojans


I have just rescanned with Bit Defender. Plse find below the results again!


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus Plus v10
// Product 10.0
//
// Created on: 12/11/2006 10:59:53
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 4618
Files : 155454
Memory processes scanned : 41
Archives : 1662
Runtime packers : 6068
Identified viruses : 1
Infected files : 32
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 32
I/O errors : 582
Scan time : 00:29:45
Scan speed (files/sec) : 87

Spyware Statistics

Registry keys scanned : 1603
Registry keys infected : 0
Cookies scanned : 1
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 340320
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1163343593.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0153616.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0153616.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0153616.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0154614.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0154614.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0154614.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0154687.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0154687.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0154687.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0155687.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0155687.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP187\A0155687.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155709.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155709.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155709.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155717.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155717.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155717.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155726.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155726.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155726.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155759.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155759.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155759.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155943.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155943.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155943.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155949.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155949.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155949.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155971.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155971.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155971.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155990.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155990.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP188\A0155990.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156125.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156125.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156125.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156140.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156140.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156140.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156149.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156149.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP189\A0156149.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156328.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156328.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156328.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156344.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156344.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156344.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156353.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156353.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP193\A0156353.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156658.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156658.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156658.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156671.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156671.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156671.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156685.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156685.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156685.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156692.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156692.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0156692.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0157692.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0157692.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0157692.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0157711.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0157711.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0157711.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0158710.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0158710.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0158710.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0158719.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0158719.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP194\A0158719.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0159125.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0159125.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0159125.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0159138.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0159138.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0159138.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160138.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160138.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160138.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160146.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160146.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160146.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160272.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160272.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160272.exe Moved
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160281.exe Infected: Trojan.Downloader.Mohbpork.A
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160281.exe Disinfection failed
C:\System Volume Information\_restore{C001A1DE-38DC-465B-9124-4D2BDAF3E31D}\RP200\A0160281.exe Moved


PLSE HELP!!!!

Dcmurray is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 22:23.


Recent Discussions
Mouse left clicker wont work for ce.. (10)
A thread tried to release a resourc.. (2)
I get the blue screen when I am doi.. (1)
'Open with' doesn't work (9)
High Memory Usage (8)
BSoD about twice a day, help me dec.. (9)
Get 30 GB of free storage with Micr.. (0)
What security software should I use.. (2)
Wireless is kaput- "unidentifi.. (8)
Permanently remove address in Windo.. (7)
IE 9 Proxy in Vista Strange Setting (12)
Chosing a replacement SSD (18)
Quad core cpu questions (9)
Npfs.SYS Blue Screen (8)
[iPhone 6 Teardown] (1)
Windows 9 Start (10)
Bing hijacked home page in both IE .. (4)
A blue screen I have never seen! (4)
Excel Macro help (7)
Correcting Login Screen Customizati.. (3)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.67465 seconds with 7 queries