Computer Infected


Recommended Posts

My Compaq Presario V2000 still very sluggish, I have ran Ad-watch, Spybot, Windows Defender and AVG antivirus and Kasperky they all found stuff on the laptop but the system still slow.

I just ran Spy Doctor and it found 5 threats and 37 infections.

10 infections Adware.Advertising

1 infection Trojan-Downloader.Ruins

12 infections Trojan.DNS-Changer

2 infections Trojan-Downloader.Popuper

Thank you.

Here’ the log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:43:31 AM, on 2/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll

O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUS

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85D77734-D307-4689-BB1D-C2C22B90AC25}: NameServer = 85.255.115.50,85.255.112.172

O17 - HKLM\System\CCS\Services\Tcpip\..\{D46AD51D-8154-49E6-9983-2332CC2BB108}: NameServer = 85.255.115.50,85.255.112.172

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gif

O24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.png

O24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif

--

End of file - 9035 bytes

Link to post
Share on other sites

Panda08,

You definitely still have some signs of infection in your log.

Please download FixWareout from here:

http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

Thanks,

sari

Link to post
Share on other sites

Sari, here are the logs:

Username "Liliana Currie" - 02/21/2008 17:58:00 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKLM\SOFTWARE\~\Winlogon\ "System"="kdlnc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

"nameserver"="85.255.115.50 85.255.112.172" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{85D77734-D307-4689-BB1D-C2C22B90AC25}

"nameserver"="85.255.115.50,85.255.112.172" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D46AD51D-8154-49E6-9983-2332CC2BB108}

"nameserver"="85.255.115.50,85.255.112.172" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F10AE339-AE5C-4793-9074-737A3C21CD99}

"DhcpNameServer"="85.255.115.50,85.255.112.172" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"

"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

"ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:20:47 PM, on 2/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll

O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUS

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gif

O24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.png

O24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif

--

End of file - 9154 bytes

Thank you for your time!

Link to post
Share on other sites

Panda08,

That looks better. There are no visible signs of infection, but I'd like to have you run an online virus scan.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Thanks,

sari

Link to post
Share on other sites

Here it's the Online Scan.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, February 22, 2008 8:07:14 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 22/02/2008

Kaspersky Anti-Virus database records: 576071

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

C:\

D:\

F:\

Scan Statistics:

Total number of scanned objects: 56062

Number of viruses found: 1

Number of infected objects: 1

Number of suspicious objects: 0

Duration of the scan process: 01:25:17

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02172008-200252.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\muvee Technologies30625102310\values Object is locked skipped

C:\Documents and Settings\Liliana Currie\Application Data\AVG7\Log\emc.log Object is locked skipped

C:\Documents and Settings\Liliana Currie\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\Liliana Currie\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Kiwee Toolbar2\Logs\KiweeHook.log Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Kiwee Toolbar2\Logs\KiweeIEToolbar.log Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6B4E8C94-6F23-4A19-B288-7EAFA311D1F1} Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Liliana Currie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Liliana Currie\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Liliana Currie\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP6\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{601DC622-B2D5-48FB-B731-9DB2D0FD78E0}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thank you.

Edited by Panda08
Link to post
Share on other sites

I tell you FixWareout must be a spy removal tool becasue all the malware that Spy Doctor found, see above, were gone after I ran FixWarount.

However my computer still slow, now it's mostly when I click on a icon on desktop o when I try to open a feature from Start, it takes quite a while to open the application.

I have posted the results from KASPERSKY and yep it looks like there is something still there.

Thanks

Edited by Panda08
Link to post
Share on other sites

Panda08,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thanks,

sari

Link to post
Share on other sites

Ok, here they are:

Deckard's System Scanner v20071014.68

Run by Liliana Currie on 2008-02-25 20:08:52

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

9: 2008-02-26 02:09:14 UTC - RP9 - Deckard's System Scanner Restore Point

8: 2008-02-24 18:10:18 UTC - RP8 - System Checkpoint

7: 2008-02-23 06:46:58 UTC - RP7 - Software Distribution Service 3.0

6: 2008-02-22 13:14:06 UTC - RP6 - Software Distribution Service 3.0

5: 2008-02-21 10:54:09 UTC - RP5 - System Checkpoint

-- First Restore Point --

1: 2008-02-09 14:26:44 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).

-- HijackThis (run as Liliana Currie.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:11:00 PM, on 2/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe

C:\Documents and Settings\Liliana Currie\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Liliana Currie.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll

O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUS

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gif

O24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.png

O24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif

--

End of file - 9353 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sojubus - c:\windows\system32\drivers\sojubus.sys

R0 sojuscsi - c:\windows\system32\drivers\sojuscsi.sys

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)

S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)

S2 pciinfo (HP Pci Information) - c:\docume~1\lilian~1\locals~1\temp\hpispz\hpdom\pciinfo.sys (file missing)

S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-25 20:09:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

2008-02-25 19:37:05 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

2008-02-25 18:54:26 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

2008-01-25 17:48:17 1006 --ah----- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job

-- Files created between 2008-01-25 and 2008-02-25 -----------------------------

2008-02-22 20:17:03 59200 --a------ C:\Documents and Settings\Liliana Currie\Application Data\GDIPFONTCACHEV1.DAT

2008-02-22 18:18:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-02-22 18:17:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-02-21 10:24:34 0 d-------- C:\Program Files\Spyware Doctor

2008-02-21 10:24:34 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\PC Tools

2008-02-21 03:37:13 0 d-------- C:\Program Files\Trend Micro

2008-02-17 20:02:27 0 d-------- C:\Program Files\Windows Defender

2008-02-17 19:42:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-17 19:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google

2008-02-10 18:51:34 0 dr-h----- C:\Documents and Settings\Liliana Currie\Recent

2008-02-07 21:08:26 0 d-------- C:\Program Files\Windows Live Safety Center

2008-02-06 22:04:15 8576 --a------ C:\WINDOWS\system32\drivers\yjefxevhkqeo.sys <Not Verified; Panda Software International; RKPavProc Driver>

2008-02-06 21:59:29 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>

2008-02-06 20:23:51 8576 --a------ C:\WINDOWS\system32\drivers\jcnskeonlcjl.sys <Not Verified; Panda Software International; RKPavProc Driver>

2008-02-06 07:02:34 8576 --a------ C:\WINDOWS\system32\drivers\ocifxxaktmju.sys <Not Verified; Panda Software International; RKPavProc Driver>

2008-02-05 20:46:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-02-05 19:22:47 0 d-------- C:\WINDOWS\BDOSCAN8

2008-02-03 20:19:55 0 d-------- C:\Program Files\Common Files\NSV

2008-02-03 20:18:03 0 d-------- C:\Program Files\Common Files\Nullsoft

2008-02-03 12:34:11 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>

2008-02-03 08:35:53 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\AdobeAUM

2008-02-02 21:41:44 0 dr-h----- C:\$VAULT$.AVG

2008-02-02 17:45:42 0 d-------- C:\Program Files\Lavasoft

2008-02-02 17:45:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-02 17:43:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-01 19:30:18 0 d-------- C:\Program Files\Kiwee Toolbar2

2008-02-01 19:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2

2008-02-01 15:15:58 0 d-------- C:\Program Files\3ivx

-- Find3M Report ---------------------------------------------------------------

2008-02-17 19:42:20 0 d-------- C:\Program Files\Google

2008-02-14 19:57:39 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\AVG7

2008-02-06 22:37:30 0 d-------- C:\Program Files\Windows Live Toolbar

2008-02-06 22:37:07 0 d-------- C:\Program Files\Windows Live Favorites

2008-02-06 22:35:53 0 d-------- C:\Program Files\QuickTime

2008-02-06 22:32:55 0 d-------- C:\Program Files\MSN Messenger

2008-02-06 22:26:45 0 d-------- C:\Program Files\Common Files\LightScribe

2008-02-03 20:19:55 0 d-------- C:\Program Files\Common Files

2008-02-03 14:40:01 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\U3

2008-01-31 21:27:52 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\Yahoo!

2008-01-31 14:14:54 1080 --a----c- C:\WINDOWS\AUTOLNCH.REG

2008-01-25 10:54:26 152 --a----c- C:\Documents and Settings\Liliana Currie\Application Data\wklnhst.dat

2008-01-24 22:24:41 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\Adobe

2008-01-19 15:33:01 0 d-------- C:\Program Files\Musicmatch

2008-01-19 15:32:35 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-01-13 10:35:22 0 d-------- C:\Program Files\Yahoo!

2008-01-13 10:35:03 0 d-------- C:\Program Files\Common Files\SureThing Shared

2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe

2008-01-08 16:51:02 0 d-------- C:\Program Files\Ares

2007-12-29 10:09:25 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\Roxio

2007-12-27 09:07:56 0 d-------- C:\Program Files\Alcohol Soft

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

01/24/2008 04:09 PM 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [01/24/2008 04:09 PM 248976]

[-HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/23/2007 04:26 PM]

"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [12/23/2007 04:26 PM]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]

C:\sj657\hpupdate.exe 4300C

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]

"C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8f47e-acb1-11dc-a47f-001636010070}]

AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09af55-d0e3-11dc-a4e6-001636010070}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bae4c772-d259-11dc-a4eb-001636010070}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

-- End of Deckard's System Scanner: finished at 2008-02-25 20:12:13 ------------

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron Processor 3000+

Percentage of Memory in Use: 74%

Physical Memory (total/avail): 382.48 MiB / 98.86 MiB

Pagefile Memory (total/avail): 919.34 MiB / 425.14 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1928.51 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 24.82 GiB free.

D: is CDROM (No Media)

F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Liliana Currie\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=MOBILE

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Liliana Currie

LOGONSERVER=\\MOBILE

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=2c02

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp

TMP=C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp

USERDOMAIN=MOBILE

USERNAME=Liliana Currie

USERPROFILE=C:\Documents and Settings\Liliana Currie

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Liliana Currie (admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC

--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

3ivx D4 4.5.1 Decoder (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"

Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}

Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}

Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}

Ares 2.0.5 --> "C:\Program Files\Ares\uninstall.exe"

Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a

Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf

Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C

DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"

Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}

Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}

Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HD-DV decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C26ED93F-A16E-4FC9-B158-A1D5CC604949}\Setup.exe" -l0x9 -removeonly

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly

HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"

HP Scan-to-Web Wizard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Scan-To-Web.isu"

HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly

HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst

InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe

InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}

Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

Learn To Speak English 8.0 --> C:\WINDOWS\IUConnect\LTSE3744DE\IUCHECK.EXE

Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst

muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9

Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}

OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}

Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}

Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RoadRunner --> C:\PROGRA~1\Internet\UNWISE.EXE C:\PROGRA~1\Internet\INSTALL.LOG

Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything

SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe

SBC Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}

Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}

Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033

Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}

Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}

Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}

Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

-- Application Event Log -------------------------------------------------------

Event Record #/Type5556 / Error

Event Submitted/Written: 02/25/2008 06:35:27 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application iexplore.exe, version 7.0.6000.16608, faulting module msvcr80.dll, version 8.0.50727.42, fault address 0x00049f21.

Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type5546 / Warning

Event Submitted/Written: 02/24/2008 11:22:05 PM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5539 / Warning

Event Submitted/Written: 02/23/2008 09:14:58 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'SpellingAndGrammarFiles_3082' failed during request for component '{E938403C-9432-11D2-900A-00805F9B1201}'

Event Record #/Type5533 / Warning

Event Submitted/Written: 02/23/2008 00:45:33 AM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5530 / Error

Event Submitted/Written: 02/22/2008 09:06:52 PM

Event ID/Source: 11 / crypt32

Event Description:

Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type28889 / Warning

Event Submitted/Written: 02/25/2008 08:11:16 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%MOBILE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MOBILE27 can't undo changes that you allow.

For more information please see the following:

%MOBILE275

Scan ID: {6ECE377D-004C-430C-ABC3-9231BFFFCC02}

User: MOBILE\Liliana Currie

Name: %MOBILE271

ID: %MOBILE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MOBILE276

Alert Type: %MOBILE278

Detection Type: 1.1.1593.02

Event Record #/Type28888 / Warning

Event Submitted/Written: 02/25/2008 08:11:16 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%MOBILE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MOBILE27 can't undo changes that you allow.

For more information please see the following:

%MOBILE275

Scan ID: {73CD3A60-8028-4D0B-810C-580EDDE16D4D}

User: MOBILE\Liliana Currie

Name: %MOBILE271

ID: %MOBILE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MOBILE276

Alert Type: %MOBILE278

Detection Type: 1.1.1593.02

Event Record #/Type28887 / Error

Event Submitted/Written: 02/25/2008 08:04:26 PM

Event ID/Source: 59 / SideBySide

Event Description:

Generate Activation Context failed for C:\Program Files\Kiwee Toolbar2\1.2.116\MFC80U.DLL.

Reference error message: The operation completed successfully.

.

Event Record #/Type28886 / Error

Event Submitted/Written: 02/25/2008 08:04:26 PM

Event ID/Source: 59 / SideBySide

Event Description:

Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.

Reference error message: The referenced assembly is not installed on your system.

.

Event Record #/Type28885 / Error

Event Submitted/Written: 02/25/2008 08:04:26 PM

Event ID/Source: 32 / SideBySide

Event Description:

Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

-- End of Deckard's System Scanner: finished at 2008-02-25 20:12:13 ------------

I hope you find that nasty virus and kill it forever!

Thank you.

Link to post
Share on other sites

Panda08,

It appears that you've been infected with a flash drive virus - these get into your computer by USB devices such as thumb drives. We have a little tool to run for that one.

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from
>here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Now, to be sure that there's nothing else hiding, please do the following:

Download ComboFix from Here or Here

or Here

to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Post the results from the combofix log.

sari

Link to post
Share on other sites

Sari, I hope my infection is not as bad as computer infection. :rolleyes:

Here ar both logs ComboFix and HijackThis.

Thank you.

ComboFix 08-02-25.3 - Liliana Currie 2008-02-26 19:05:20.2 - NTFSx86

Running from: C:\Documents and Settings\Liliana Currie\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))

.

2008-02-25 20:08 . 2008-02-25 20:08 <DIR> d-------- C:\Deckard

2008-02-23 00:48 . 2008-02-23 00:51 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-22 20:17 . 2008-02-22 20:17 59,200 --a------ C:\Documents and Settings\Liliana Currie\Application Data\GDIPFONTCACHEV1.DAT

2008-02-22 18:18 . 2008-02-22 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-02-22 18:17 . 2008-02-22 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-02-21 17:57 . 2008-02-21 18:10 <DIR> d-------- C:\fixwareout

2008-02-21 10:24 . 2008-02-25 07:03 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-02-21 10:24 . 2008-02-21 10:24 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\PC Tools

2008-02-21 10:24 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-02-21 10:24 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-02-21 10:24 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-02-21 10:24 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-02-21 03:37 . 2008-02-21 03:37 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-17 20:02 . 2008-02-17 20:02 <DIR> d-------- C:\Program Files\Windows Defender

2008-02-17 19:42 . 2008-02-26 19:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-08 19:00 . 2008-02-08 19:00 268 --ah----- C:\sqmdata00.sqm

2008-02-08 19:00 . 2008-02-08 19:00 244 --ah----- C:\sqmnoopt00.sqm

2008-02-07 21:08 . 2008-02-07 21:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-02-06 22:04 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\yjefxevhkqeo.sys

2008-02-06 21:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys

2008-02-06 20:23 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\jcnskeonlcjl.sys

2008-02-06 07:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ocifxxaktmju.sys

2008-02-06 06:30 . 2008-02-06 20:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-06 06:30 . 2008-02-06 20:10 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-05 20:46 . 2008-02-08 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-02-05 19:22 . 2008-02-05 20:38 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-02-03 20:19 . 2008-02-03 20:19 <DIR> d-------- C:\Program Files\Common Files\NSV

2008-02-03 20:18 . 2008-02-03 20:18 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

2008-02-03 12:34 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2008-02-03 08:35 . 2008-02-03 08:35 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\AdobeAUM

2008-02-02 17:45 . 2008-02-02 17:45 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-02 17:45 . 2008-02-02 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-02 17:43 . 2008-02-02 17:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-01 19:30 . 2008-02-01 19:30 <DIR> d-------- C:\Program Files\Kiwee Toolbar2

2008-02-01 19:30 . 2008-02-01 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2

2008-02-01 15:15 . 2008-02-01 15:15 <DIR> d-------- C:\Program Files\3ivx

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-18 01:42 --------- d-----w C:\Program Files\Google

2008-02-15 01:57 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\AVG7

2008-02-10 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-07 14:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Favorites

2008-02-07 04:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-07 04:35 --------- d-----w C:\Program Files\QuickTime

2008-02-07 04:32 --------- d-----w C:\Program Files\MSN Messenger

2008-02-07 04:26 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-02-03 20:40 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\U3

2008-02-01 03:27 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Yahoo!

2008-01-25 16:54 152 -c--a-w C:\Documents and Settings\Liliana Currie\Application Data\wklnhst.dat

2008-01-19 21:33 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2008-01-19 21:33 --------- d-----w C:\Program Files\Musicmatch

2008-01-19 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-13 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!

2008-01-13 16:35 --------- d-----w C:\Program Files\Yahoo!

2008-01-13 16:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-01-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2008-01-08 22:51 --------- d-----w C:\Program Files\Ares

2007-12-29 16:09 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Roxio

2007-12-27 15:07 --------- d-----w C:\Program Files\Alcohol Soft

2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

2008-01-24 16:09 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [2008-01-24 16:09 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 16:26 579072]

"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-23 16:26 406528]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-12 09:40 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2007-02-06 19:39 968704 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-04-11 11:00 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2005-02-17 15:01 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-12-03 14:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]

--a------ 2002-02-07 14:33 32768 C:\sj657\hpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2005-04-01 16:11 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]

--a------ 2008-01-24 16:08 48264 C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

--a------ 2004-10-14 14:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

--a------ 2004-07-19 12:29 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2003-12-10 04:52 380928 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-04-29 23:39 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2003-07-18 16:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

--a------ 2003-05-01 17:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-03-04 04:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2005-02-02 06:11 692316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2005-02-02 06:12 102492 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

--a------ 2003-12-09 14:02 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]

R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]

S2 pciinfo;HP Pci Information;C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8f47e-acb1-11dc-a47f-001636010070}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bae4c772-d259-11dc-a4eb-001636010070}]

\Shell\Auto\command - fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-02-27 00:37:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-01-25 23:48:17 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"

- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe

"2008-02-27 01:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-02-27 01:09:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-26 19:10:56

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-26 19:13:36

ComboFix-quarantined-files.txt 2008-02-27 01:13:28

ComboFix2.txt 2008-02-27 00:52:21

.

2008-02-23 06:53:44 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:18:17 PM, on 2/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll

O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUS

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gif

O24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.png

O24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif

--

End of file - 8852 bytes

Link to post
Share on other sites

Panda08,

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bae4c772-d259-11dc-a4eb-001636010070}]

[-HKEY_CLASSES_ROOT\CLSID\{bae4c772-d259-11dc-a4eb-001636010070}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Let me know how things are running.

sari

Link to post
Share on other sites

Sari, here are the two logs.

Thank you so much for your time.

ComboFix 08-02-25.3 - Liliana Currie 2008-02-27 18:18:08.3 - NTFSx86

Running from: C:\Documents and Settings\Liliana Currie\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Liliana Currie\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))

.

2008-02-25 20:08 . 2008-02-25 20:08 <DIR> d-------- C:\Deckard

2008-02-23 00:48 . 2008-02-23 00:51 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-22 20:17 . 2008-02-22 20:17 59,200 --a------ C:\Documents and Settings\Liliana Currie\Application Data\GDIPFONTCACHEV1.DAT

2008-02-22 18:18 . 2008-02-22 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-02-22 18:17 . 2008-02-22 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-02-21 17:57 . 2008-02-21 18:10 <DIR> d-------- C:\fixwareout

2008-02-21 10:24 . 2008-02-25 07:03 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-02-21 10:24 . 2008-02-21 10:24 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\PC Tools

2008-02-21 10:24 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-02-21 10:24 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-02-21 10:24 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-02-21 10:24 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-02-21 03:37 . 2008-02-21 03:37 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-17 20:02 . 2008-02-17 20:02 <DIR> d-------- C:\Program Files\Windows Defender

2008-02-17 19:42 . 2008-02-27 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-08 19:00 . 2008-02-08 19:00 268 --ah----- C:\sqmdata00.sqm

2008-02-08 19:00 . 2008-02-08 19:00 244 --ah----- C:\sqmnoopt00.sqm

2008-02-07 21:08 . 2008-02-07 21:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-02-06 22:04 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\yjefxevhkqeo.sys

2008-02-06 21:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys

2008-02-06 20:23 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\jcnskeonlcjl.sys

2008-02-06 07:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ocifxxaktmju.sys

2008-02-06 06:30 . 2008-02-06 20:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-06 06:30 . 2008-02-06 20:10 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-05 20:46 . 2008-02-08 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-02-05 19:22 . 2008-02-05 20:38 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-02-03 20:19 . 2008-02-03 20:19 <DIR> d-------- C:\Program Files\Common Files\NSV

2008-02-03 20:18 . 2008-02-03 20:18 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

2008-02-03 12:34 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2008-02-03 08:35 . 2008-02-03 08:35 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\AdobeAUM

2008-02-02 17:45 . 2008-02-02 17:45 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-02 17:45 . 2008-02-02 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-02 17:43 . 2008-02-02 17:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-01 19:30 . 2008-02-01 19:30 <DIR> d-------- C:\Program Files\Kiwee Toolbar2

2008-02-01 19:30 . 2008-02-01 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2

2008-02-01 15:15 . 2008-02-01 15:15 <DIR> d-------- C:\Program Files\3ivx

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-18 01:42 --------- d-----w C:\Program Files\Google

2008-02-15 01:57 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\AVG7

2008-02-10 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-07 14:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Favorites

2008-02-07 04:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-07 04:35 --------- d-----w C:\Program Files\QuickTime

2008-02-07 04:32 --------- d-----w C:\Program Files\MSN Messenger

2008-02-07 04:26 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-02-03 20:40 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\U3

2008-02-01 03:27 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Yahoo!

2008-01-25 16:54 152 -c--a-w C:\Documents and Settings\Liliana Currie\Application Data\wklnhst.dat

2008-01-19 21:33 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2008-01-19 21:33 --------- d-----w C:\Program Files\Musicmatch

2008-01-19 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-13 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!

2008-01-13 16:35 --------- d-----w C:\Program Files\Yahoo!

2008-01-13 16:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-01-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2008-01-08 22:51 --------- d-----w C:\Program Files\Ares

2007-12-29 16:09 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Roxio

2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

2008-01-24 16:09 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [2008-01-24 16:09 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 16:26 579072]

"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-23 16:26 406528]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-12 09:40 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2007-02-06 19:39 968704 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-04-11 11:00 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2005-02-17 15:01 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-12-03 14:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]

--a------ 2002-02-07 14:33 32768 C:\sj657\hpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2005-04-01 16:11 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]

--a------ 2008-01-24 16:08 48264 C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

--a------ 2004-10-14 14:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

--a------ 2004-07-19 12:29 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2003-12-10 04:52 380928 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-04-29 23:39 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2003-07-18 16:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

--a------ 2003-05-01 17:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-03-04 04:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2005-02-02 06:11 692316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2005-02-02 06:12 102492 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

--a------ 2003-12-09 14:02 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]

R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]

S2 pciinfo;HP Pci Information;C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8f47e-acb1-11dc-a47f-001636010070}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

"2008-02-27 01:37:07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-01-25 23:48:17 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"

- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0

"2008-02-28 00:01:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-02-28 00:24:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-27 18:24:13

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-27 18:26:53

ComboFix-quarantined-files.txt 2008-02-28 00:26:46

ComboFix2.txt 2008-02-27 01:13:37

ComboFix3.txt 2008-02-27 00:52:21

.

2008-02-27 12:55:55 --- E O F ---

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:18:37 PM, on 2/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll

O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUS

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gif

O24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.png

O24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif

--

End of file - 8924 bytes

Link to post
Share on other sites

No issues right now everything seems to be ok.

Sari, right after we ran FixWareout I noticed the difference in speed while browsing the net, the laptop was much faster indeed. Is FixWarout a spy removal tool?

But I after we ran KASPERSKY online it found a virus, I guess you got rid off that one too because the computer is running smoothly.

The only problem I have but that problem has been there for a while, when I click or touch the touch pad to open IE or Yahoo on the desktop, it opens or launches several browsers of the same websites.

Thank you very much for your help.

Panda08

Link to post
Share on other sites

No issues right now everything seems to be ok.

Sari, right after we ran FixWareout I noticed the difference in speed while browsing the net, the laptop was much faster indeed. Is FixWarout a spy removal tool?

But I after we ran KASPERSKY online it found a virus, I guess you got rid off that one too because the computer is running smoothly.

The only problem I have but that problem has been there for a while, when I click or touch the touch pad to open IE or Yahoo on the desktop, it opens or launches several browsers of the same websites.

Thank you very much for your help.

Panda08

P. S. I would like know what was the diagnostic or what kind malware caused the laptop to perform so slow.

Link to post
Share on other sites

Panda08,

You had an infection called Wareout, that redirects your browser to other sites and generally interferes with how your PC runs. Most viruses, spyware, etc., interfere with the performance of the PC, so I'm not surprised yours was running much faster after that - it was the primary infection on your PC.

I'd like you to follow some directions to install what's called the Recovery Console. This isn't to clear up anything you have; it's more of a safety measure. We're seeing more cases of nasty viruses that can prevent PCs from booting up, and having this installed could help you out in the future.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

Once that's done, we'll clean up the tools we used and you can go on your way, malware-free!

sari

Link to post
Share on other sites

Sari, I do not understand, there is no recovery console in the link that you have provided

"Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System."

Instead there are three options listed on http://support.microsoft.com/kb/310994

1. Download the Setup disk program file

2. Windows XP Service Pack 1 (SP1)

3. Windows XP Service Pack 2 (SP2)

Let me know what do you want me to do?

Thanks,

Panda08

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...