"Since you have been able to post a log, I will assume you may be able to navigate to and run the scan tool below. Tell us what you can and can't do [can you bring up the 'Task Manager' and then run File>New Task (Run)]."
Ok, I followed the directions to the T but am getting an error message while trying to run combofix. I cannot bring up my taskmanager, program files, or local drives. When I try to run combofix from my desktop it gives me this error.
"C:.......\desktop\combofix.exe is not a valid win32 application"
When I try to open combofix directly via my downloads box in firefox it gives me an option to open as a link, and asks me to launch application. It also gives a warning about malicious software.
As of right now I am still severly infested but my firewall and antivirus is keeping my system workable. I would like to reformat and start over but I need to access my program files to back them up.
I will be including a superantispyware log and an updated hijackthis log. Any assistance would be much appreciated.
Thanks, Brady
PS> I still have Virus Alert next to my clock at the bottom of my screen. This overall is what is driving me the most mad! lol Thanks again guys
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 11/11/2007 at 02:06 PM
Application Version : 3.9.1008
Core Rules Database Version : 3265
Trace Rules Database Version: 1276
Scan type : Complete Scan
Total Scan Time : 13:03:46
Memory items scanned : 538
Memory threats detected : 0
Registry items scanned : 6323
Registry threats detected : 0
File items scanned : 161645
File threats detected : 184
Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-techtarget.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.adtrak[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CAPJFI0D.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CA0982Q8.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@roiservice[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlyuodpelq.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.espn.adsonar[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.cpmstar[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjl4clcjgeo.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[5].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@clicktorrent[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[10].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stats.becu[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tracking.offerstrategy[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www6.addfreestats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@toseeka[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@revenue[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[11].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@inteletrack[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stats2.reliablestats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjkoend5ikq.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@mystat.synch[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@podshow.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver5.teracent[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@data2.perf.overture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.monster[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@beachcamera.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlicpajcfq.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@cf-db01.clickfacts[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-kodak.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-maniatv.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.entrepreneur[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.xctrk[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hawaiianairlines.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adsby.zwoops[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-olympus.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@classifiedventures1.112.2 o7[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adtech[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wbl4egc5shp.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@banner.adtrgt[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atlas.entrepreneur[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.ringro[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tracking.pulse360[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjmiknd5gho.stats.esomniture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@webstat[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.entrepreneur[3].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wfl4qidzmfo.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CA43CFQL.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@counter.hitslink[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlyamdpogo.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@track.bestbuy[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@prnewswire.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.k8l[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@livemercial.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@anad.tacoda[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjkyuncjmhp.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CAPX1WSI.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@postclicktracking[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.3dstats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indiads[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@primedia.us.intellitxt[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.easyad[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@freecodesource.advertserv e[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads3.blastro[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www2.addfreestats[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stat.dealtime[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads2.blastro[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.social.trikepilot[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@toplist[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@smileycentral[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.weatherflow[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wclyuidzicp.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statsgod[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hotlog[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.joinaxxess[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@analytics.sourcetool[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@reduxads.valuead[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indexstats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@social.trikepilot[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.raintraffic[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atlas.entrepreneur[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.adtrak[2].txt
Adware.k8l
C:\PROGRAM FILES\COMMON FILES\RTEKE.HTML
Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP239\A0031632.DLL
Trojan.ZQuest-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP245\A0033778.EXE
Trojan.Downloader-Gen/RetAd
C:\WINDOWS\RETADPU1000106.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49: VIRUS ALERT!, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WindowZones\WindowZones.sys
C:\Program Files\WindowZones\WindowZones.sys
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\sprof\sprof.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll (file missing)
O2 - BHO: (no name) - {C9873CCE-8350-4DC6-8622-312F75CE3BE7} - C:\WINDOWS\system32\geBRiGVO.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [{6D-D0-0A-A1-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinpmdt.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe
O4 - HKLM\..\Run: [4416d00e] rundll32.exe "C:\WINDOWS\system32\okxyjegs.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Vygrevar] "C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\M?crosoft\??chost.exe"
O4 - HKCU\..\Run: [Ogatphze] C:\WINDOWS\system32\s?stem\?hkntfs.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\SMBOLS~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: StockTicker.lnk = C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsof...?1181618822718
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -
http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1181618800218
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: tuvttst - tuvttst.dll (file missing)
O21 - SSODL: qegbdmwf - {3EF16161-CAFF-443F-AEC6-3B9D351983BE} - C:\WINDOWS\qegbdmwf.dll (file missing)
O21 - SSODL: pntqkflv - {40D7C957-79E4-49B5-B716-DB199AE1F385} - C:\WINDOWS\pntqkflv.dll (file missing)
O21 - SSODL: PreBootCheck - {c82935d4-5c0b-47df-ae71-e41aebcdc3ff} - C:\WINDOWS\Resources\MonCheck.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iaymktux.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteke.html
--
Virus infected Cannot access local disk or programs files LOG included
