Jump to content

careswho22

Honorary Members
  • Posts

    57
  • Joined

  • Last visited

Posts posted by careswho22

  1. hi when i did the manual removal of autorun . inf because when i scanned with spywaredoctor it is found again..when it already did from malwarebytes and deleted it already....well what i did is..booted in safe mode... turned off autorun by writing this

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

    @="@SYS:DoesNotExist"

    in notepad and save as reg file and open it ...

    then i went to cmd and type in c..

    and typed in the following: it is in order from top to buttom

    c:

    autorun.inf (file not found)

    ...

    then i tried e ( my usb)

    c:

    autorun.inf..( file opens and contains this writing:

    [AutoRun]

    open=Recycle.exe

    shell\1=

  2. hi when i did the manual removal of autorun . inf because when i scanned with spywaredoctor it is found again..when it already did from malwarebytes and deleted it already....well what i did is..booted in safe mode... turned off autorun by writing this

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

    @="@SYS:DoesNotExist"

    in notepad and save as reg file and open it ...

    then i went to cmd and type in c..

    and typed in the following: it is in order from top to buttom

    c:

    autorun.inf (file not found)

    ...

    then i tried e ( my usb)

    c:

    autorun.inf..( file opens and contains this writing:

    [AutoRun]

    open=Recycle.exe

    shell\1=

  3. can u check my log?

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:00:44 PM, on 8/31/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\WINDOWS\System32\alg.exe

    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

    C:\WINDOWS\system32\osk.exe

    C:\WINDOWS\system32\MSSWCHX.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\RoCkStaR23\Desktop\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --

    End of file - 7007 bytes

  4. OMG.. let me tell you.. i told my friend to buy this usb..and guess what... he put it on another computer ..a computer which is infected..grrrr -.- ..... sorry guys

    anyway last post ...can u check my log ?? bye..

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:00:44 PM, on 8/31/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\WINDOWS\System32\alg.exe

    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

    C:\WINDOWS\system32\osk.exe

    C:\WINDOWS\system32\MSSWCHX.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\RoCkStaR23\Desktop\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --

    End of file - 7007 bytes

  5. @ careswho22

    I made an edit to my first post to you, please check it out.

    ah hah. You may have possibly gotten an infection off of that computer then. Do you still have access to that computer? I'd do a scan on it with Malwarebytes to make sure its not infected, and post the logs for your computer also.

    Also do a quick scan of the usb drive as well.

    That does all sound quite frustrating.

    hmm it says there perform quick scan? why not full scan?? cause i did quick scan and found nothing but when i did full scan it found the worms...

  6. hi i tried the usb on another comp after formatting from my comp..then the 3 folders didnt show up but recycle.exe was there for 2 seconds then was gone..then nod32 detected trojan and removed succesfully from the comp..then when i tried the usb on my comp..the 3 folders wasnt there anymore....wierd story huh? which really gave me a headache

  7. btw can u check my HJKT log and malwarebytes full scan log.. to see if it has connection on the problem

    ..

    Malwarebytes' Anti-Malware 1.40

    Database version: 2668

    Windows 5.1.2600 Service Pack 2

    8/29/2009 10:53:37 AM

    mbam-log-2009-08-29 (10-53-37).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 142588

    Time elapsed: 35 minute(s), 27 second(s)

    Memory Processes Infected: 1

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 1

    Registry Data Items Infected: 0

    Folders Infected: 4

    Files Infected: 12

    Memory Processes Infected:

    C:\WINDOWS\system32\ACF7EF\74BE16.EXE (Worm.AutoRun) -> Unloaded process successfully.

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\74be16 (Worm.AutoRun) -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    C:\WINDOWS\system32\ACF7EF (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\76682F (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\0F6226 (Worm.AutoRun) -> Quarantined and deleted successfully.

    Files Infected:

    C:\WINDOWS\system32\5A8DCC\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\ACF7EF\74BE16.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\76682F\670df5.txt (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\cnvpe.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\HtmlView.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\5A8DCC\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

    C:\Documents and Settings\RoCkStaR23\Start Menu\Programs\Startup\74BE16.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:52:18 AM, on 8/29/2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ACF7EF\74BE16.EXE

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\WINDOWS\system32\osk.exe

    C:\WINDOWS\system32\MSSWCHX.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\RoCkStaR23\My Documents\Downloads\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [74BE16] C:\WINDOWS\system32\ACF7EF\74BE16.EXE

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O4 - Startup: 74BE16.lnk = C:\WINDOWS\system32\ACF7EF\74BE16.EXE

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --

    End of file - 7463 bytes

  8. ok let me tell what happend cause i just remembered...when i bought it ... i opened it on my computer and it got 3 folders namely user manual, AP which contains an application and i can't remember the other one.. and it also contains 3 hidden folder same names as the three...now i selected them all and deleted it....then i refreshed..then i formatted it...and when i reconnected... there... three folders namely iii, iiii and iiiii ... is this suppose to happen?

  9. Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 6:37:48 PM, on 5/19/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16827)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\WINDOWS\system32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgam.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)

    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232626984937

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 10322 bytes

  10. hi i scanned with spyware doctor yesterday and today..... yesterday it found trojan.Midgare.UIK and i removed it of course..and now it detected it again?? whats happening?

    heres my hjkt log..

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 6:19:03 PM, on 3/20/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\Spyware Doctor\pctsGui.exe

    C:\AbsorbedMU\Season4\main.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\osk.exe

    C:\WINDOWS\system32\MSSWCHX.EXE

    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [internetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232626984937

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 10821 bytes

  11. new hjkt log incase something changes

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:40:16 AM, on 3/19/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [internetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232626984937

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 10645 bytes

  12. MBAM LOG... FROM QUICK SCAN

    Malwarebytes' Anti-Malware 1.34

    Database version: 1857

    Windows 5.1.2600 Service Pack 3

    3/18/2009 9:37:28 AM

    mbam-log-2009-03-18 (09-37-28).txt

    Scan type: Quick Scan

    Objects scanned: 72155

    Time elapsed: 2 minute(s), 25 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

  13. hi i removed limewire and CAyahoo-antispy didnt detect the grokster anymore anyway...here are my hjkt and mbam logs..

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:33:37 AM, on 3/18/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Registry Mechanic\RegMech.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\VideoLAN\VLC\vlc.exe

    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [internetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232626984937

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 10597 bytes

    MBAM LOG..

  14. hi i just installed "CA antispy yahoo toolbar" and last time it detected Grokster the p2p thing "but" i didnt install any "Grokster" so im worried..the ca anti spy detected it and succesfully deleted it and again on the next start up it detected grokster again??i already deleted it but why? i dont have grokster B)... i only have limewire not grokster..please moderators have a research on this and please help me...im confused. Every start up it detects it.

  15. this is the mbam log

    Malwarebytes' Anti-Malware 1.34

    Database version: 1774

    Windows 5.1.2600 Service Pack 3

    2/18/2009 9:43:28 AM

    mbam-log-2009-02-18 (09-43-28).txt

    Scan type: Quick Scan

    Objects scanned: 69757

    Time elapsed: 3 minute(s), 59 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 1

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    this is the hjkt log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:50:07 AM, on 2/18/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Dell\Dell Mobile Broadband\systray.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\OEM02Mon.exe

    C:\Program Files\SweetIM\Messenger\SweetIM.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Program Files\LimeWire\LimeWire.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fleetware.com/online

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll

    O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

    O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [internetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232626984937

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 10387 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.