Panda08 Posted February 21, 2008 Report Share Posted February 21, 2008 My Compaq Presario V2000 still very sluggish, I have ran Ad-watch, Spybot, Windows Defender and AVG antivirus and Kasperky they all found stuff on the laptop but the system still slow.I just ran Spy Doctor and it found 5 threats and 37 infections.10 infections Adware.Advertising1 infection Trojan-Downloader.Ruins12 infections Trojan.DNS-Changer2 infections Trojan-Downloader.PopuperThank you.Here’ the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:43:31 AM, on 2/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dllO2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUSO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptopO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{85D77734-D307-4689-BB1D-C2C22B90AC25}: NameServer = 85.255.115.50,85.255.112.172O17 - HKLM\System\CCS\Services\Tcpip\..\{D46AD51D-8154-49E6-9983-2332CC2BB108}: NameServer = 85.255.115.50,85.255.112.172O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gifO24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.pngO24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif--End of file - 9035 bytes Quote Link to post Share on other sites
sari Posted February 21, 2008 Report Share Posted February 21, 2008 Panda08,You definitely still have some signs of infection in your log.Please download FixWareout from here:http://downloads.subratam.org/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.Thanks,sari Quote Link to post Share on other sites
Panda08 Posted February 21, 2008 Author Report Share Posted February 21, 2008 Sari, here are the logs:Username "Liliana Currie" - 02/21/2008 17:58:00 [Fixwareout edited 9/01/2007]~~~~~ Prerun checkHKLM\SOFTWARE\~\Winlogon\ "System"="kdlnc.exe"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"nameserver"="85.255.115.50 85.255.112.172" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{85D77734-D307-4689-BB1D-C2C22B90AC25} "nameserver"="85.255.115.50,85.255.112.172" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D46AD51D-8154-49E6-9983-2332CC2BB108} "nameserver"="85.255.115.50,85.255.112.172" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F10AE339-AE5C-4793-9074-737A3C21CD99}"DhcpNameServer"="85.255.115.50,85.255.112.172" <Value cleared.Successfully flushed the DNS Resolver Cache.System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" ........~~~~~ Misc files. ....~~~~~ Checking for older varients.....~~~~~ Current runs (hklm hkcu "run" Keys Only)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP""AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"....Hosts file was reset, If you use a custom hosts file please replace it...~~~~~ End report ~~~~~Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:20:47 PM, on 2/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dllO2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUSO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptopO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gifO24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.pngO24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif--End of file - 9154 bytesThank you for your time! Quote Link to post Share on other sites
sari Posted February 22, 2008 Report Share Posted February 22, 2008 Panda08, That looks better. There are no visible signs of infection, but I'd like to have you run an online virus scan.Please do an online scan with Kaspersky WebScannerClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.Thanks,sari Quote Link to post Share on other sites
Panda08 Posted February 22, 2008 Author Report Share Posted February 22, 2008 (edited) Here it's the Online Scan. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, February 22, 2008 8:07:14 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 22/02/2008 Kaspersky Anti-Virus database records: 576071-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\ F:\Scan Statistics: Total number of scanned objects: 56062 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 01:25:17Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02172008-200252.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\muvee Technologies30625102310\values Object is locked skippedC:\Documents and Settings\Liliana Currie\Application Data\AVG7\Log\emc.log Object is locked skippedC:\Documents and Settings\Liliana Currie\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skippedC:\Documents and Settings\Liliana Currie\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Kiwee Toolbar2\Logs\KiweeHook.log Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Kiwee Toolbar2\Logs\KiweeIEToolbar.log Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6B4E8C94-6F23-4A19-B288-7EAFA311D1F1} Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Liliana Currie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Liliana Currie\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Liliana Currie\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP6\change.log Object is locked skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\SchedLgU.Txt Object is locked skippedC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skippedC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skippedC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skippedC:\WINDOWS\SoftwareDistribution\EventCache\{601DC622-B2D5-48FB-B731-9DB2D0FD78E0}.bin Object is locked skippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skippedC:\WINDOWS\Sti_Trace.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\default Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\Internet.evt Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\software Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\system Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\h323log.txt Object is locked skippedC:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skippedC:\WINDOWS\wiadebug.log Object is locked skippedC:\WINDOWS\wiaservc.log Object is locked skippedC:\WINDOWS\WindowsUpdate.log Object is locked skippedScan process completed.Thank you. Edited February 22, 2008 by Panda08 Quote Link to post Share on other sites
Panda08 Posted February 24, 2008 Author Report Share Posted February 24, 2008 (edited) I tell you FixWareout must be a spy removal tool becasue all the malware that Spy Doctor found, see above, were gone after I ran FixWarount.However my computer still slow, now it's mostly when I click on a icon on desktop o when I try to open a feature from Start, it takes quite a while to open the application.I have posted the results from KASPERSKY and yep it looks like there is something still there.Thanks Edited February 24, 2008 by Panda08 Quote Link to post Share on other sites
sari Posted February 25, 2008 Report Share Posted February 25, 2008 Panda08,Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.Thanks,sari Quote Link to post Share on other sites
Panda08 Posted February 25, 2008 Author Report Share Posted February 25, 2008 Ok, here they are:Deckard's System Scanner v20071014.68Run by Liliana Currie on 2008-02-25 20:08:52Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --9: 2008-02-26 02:09:14 UTC - RP9 - Deckard's System Scanner Restore Point8: 2008-02-24 18:10:18 UTC - RP8 - System Checkpoint7: 2008-02-23 06:46:58 UTC - RP7 - Software Distribution Service 3.06: 2008-02-22 13:14:06 UTC - RP6 - Software Distribution Service 3.05: 2008-02-21 10:54:09 UTC - RP5 - System Checkpoint-- First Restore Point -- 1: 2008-02-09 14:26:44 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 383 MiB (512 MiB recommended).-- HijackThis (run as Liliana Currie.exe) --------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:11:00 PM, on 2/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exeC:\Documents and Settings\Liliana Currie\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Liliana Currie.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dllO2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUSO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptopO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gifO24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.pngO24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif--End of file - 9353 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R0 sojubus - c:\windows\system32\drivers\sojubus.sysR0 sojuscsi - c:\windows\system32\drivers\sojuscsi.sysS1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)S2 pciinfo (HP Pci Information) - c:\docume~1\lilian~1\locals~1\temp\hpispz\hpdom\pciinfo.sys (file missing)S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-02-25 20:09:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job2008-02-25 19:37:05 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job2008-02-25 18:54:26 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job2008-01-25 17:48:17 1006 --ah----- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job-- Files created between 2008-01-25 and 2008-02-25 -----------------------------2008-02-22 20:17:03 59200 --a------ C:\Documents and Settings\Liliana Currie\Application Data\GDIPFONTCACHEV1.DAT2008-02-22 18:18:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-02-22 18:17:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab2008-02-21 10:24:34 0 d-------- C:\Program Files\Spyware Doctor2008-02-21 10:24:34 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\PC Tools2008-02-21 03:37:13 0 d-------- C:\Program Files\Trend Micro2008-02-17 20:02:27 0 d-------- C:\Program Files\Windows Defender2008-02-17 19:42:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-02-17 19:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google2008-02-10 18:51:34 0 dr-h----- C:\Documents and Settings\Liliana Currie\Recent2008-02-07 21:08:26 0 d-------- C:\Program Files\Windows Live Safety Center2008-02-06 22:04:15 8576 --a------ C:\WINDOWS\system32\drivers\yjefxevhkqeo.sys <Not Verified; Panda Software International; RKPavProc Driver>2008-02-06 21:59:29 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>2008-02-06 20:23:51 8576 --a------ C:\WINDOWS\system32\drivers\jcnskeonlcjl.sys <Not Verified; Panda Software International; RKPavProc Driver>2008-02-06 07:02:34 8576 --a------ C:\WINDOWS\system32\drivers\ocifxxaktmju.sys <Not Verified; Panda Software International; RKPavProc Driver>2008-02-05 20:46:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG72008-02-05 19:22:47 0 d-------- C:\WINDOWS\BDOSCAN82008-02-03 20:19:55 0 d-------- C:\Program Files\Common Files\NSV2008-02-03 20:18:03 0 d-------- C:\Program Files\Common Files\Nullsoft2008-02-03 12:34:11 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>2008-02-03 08:35:53 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\AdobeAUM2008-02-02 21:41:44 0 dr-h----- C:\$VAULT$.AVG2008-02-02 17:45:42 0 d-------- C:\Program Files\Lavasoft2008-02-02 17:45:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-02-02 17:43:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-02-01 19:30:18 0 d-------- C:\Program Files\Kiwee Toolbar22008-02-01 19:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar22008-02-01 15:15:58 0 d-------- C:\Program Files\3ivx-- Find3M Report ---------------------------------------------------------------2008-02-17 19:42:20 0 d-------- C:\Program Files\Google2008-02-14 19:57:39 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\AVG72008-02-06 22:37:30 0 d-------- C:\Program Files\Windows Live Toolbar2008-02-06 22:37:07 0 d-------- C:\Program Files\Windows Live Favorites2008-02-06 22:35:53 0 d-------- C:\Program Files\QuickTime2008-02-06 22:32:55 0 d-------- C:\Program Files\MSN Messenger2008-02-06 22:26:45 0 d-------- C:\Program Files\Common Files\LightScribe2008-02-03 20:19:55 0 d-------- C:\Program Files\Common Files2008-02-03 14:40:01 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\U32008-01-31 21:27:52 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\Yahoo!2008-01-31 14:14:54 1080 --a----c- C:\WINDOWS\AUTOLNCH.REG2008-01-25 10:54:26 152 --a----c- C:\Documents and Settings\Liliana Currie\Application Data\wklnhst.dat2008-01-24 22:24:41 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\Adobe2008-01-19 15:33:01 0 d-------- C:\Program Files\Musicmatch2008-01-19 15:32:35 0 d--h----- C:\Program Files\InstallShield Installation Information2008-01-13 10:35:22 0 d-------- C:\Program Files\Yahoo!2008-01-13 10:35:03 0 d-------- C:\Program Files\Common Files\SureThing Shared2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe2008-01-08 16:51:02 0 d-------- C:\Program Files\Ares2007-12-29 10:09:25 0 d-------- C:\Documents and Settings\Liliana Currie\Application Data\Roxio2007-12-27 09:07:56 0 d-------- C:\Program Files\Alcohol Soft-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]01/24/2008 04:09 PM 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [01/24/2008 04:09 PM 248976][-HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/23/2007 04:26 PM]"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [12/23/2007 04:26 PM]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 AM][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnkbackup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnkbackup=C:\WINDOWS\pss\ymetray.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]"C:\Program Files\Ares\Ares.exe" -h[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]C:\Program Files\HPQ\Default Settings\cpqset.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]C:\sj657\hpupdate.exe 4300C[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]"C:\Program Files\Spyware Doctor\pctsTray.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]"C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8f47e-acb1-11dc-a47f-001636010070}]AutoRun\command- E:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09af55-d0e3-11dc-a4e6-001636010070}][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bae4c772-d259-11dc-a4eb-001636010070}]Auto\command- fun.xls.exeAutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe-- End of Deckard's System Scanner: finished at 2008-02-25 20:12:13 ------------Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Mobile AMD Sempron Processor 3000+Percentage of Memory in Use: 74%Physical Memory (total/avail): 382.48 MiB / 98.86 MiBPagefile Memory (total/avail): 919.34 MiB / 425.14 MiBVirtual Memory (total/avail): 2047.88 MiB / 1928.51 MiBC: is Fixed (NTFS) - 55.88 GiB total, 24.82 GiB free. D: is CDROM (No Media)F: is CDROM (No Media)\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.FirstRunDisabled is set.AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) OutdatedAV: AVG 7.5.516 v7.5.516 (Grisoft)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger""C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows""C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox""C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Liliana Currie\Application DataCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=MOBILEComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\Liliana CurrieLOGONSERVER=\\MOBILENUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLSharedPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMDPROCESSOR_LEVEL=15PROCESSOR_REVISION=2c02ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\LILIAN~1\LOCALS~1\TempTMP=C:\DOCUME~1\LILIAN~1\LOCALS~1\TempUSERDOMAIN=MOBILEUSERNAME=Liliana CurrieUSERPROFILE=C:\Documents and Settings\Liliana Curriewindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Liliana Currie (admin)Administrator (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC --> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf3ivx D4 4.5.1 Decoder (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}Ares 2.0.5 --> "C:\Program Files\Ares\uninstall.exe"Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanAVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALLBroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -aConexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.infData Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103CDVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"HD-DV decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C26ED93F-A16E-4FC9-B158-A1D5CC604949}\Setup.exe" -l0x9 -removeonlyHijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonlyHP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"HP Scan-to-Web Wizard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Scan-To-Web.isu"HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonlyHP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninstInterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exeInterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALLJ2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exeLearn To Speak English 8.0 --> C:\WINDOWS\IUConnect\LTSE3744DE\IUCHECK.EXEMap Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9 Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninstQuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.logRoadRunner --> C:\PROGRA~1\Internet\UNWISE.EXE C:\PROGRA~1\Internet\INSTALL.LOGSamsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anythingSBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exeSBC Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exeSecurity Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOGSynaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallTabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033 Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCTWindows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}-- Application Event Log -------------------------------------------------------Event Record #/Type5556 / ErrorEvent Submitted/Written: 02/25/2008 06:35:27 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Faulting application iexplore.exe, version 7.0.6000.16608, faulting module msvcr80.dll, version 8.0.50727.42, fault address 0x00049f21.Processing media-specific event for [iexplore.exe!ws!]Event Record #/Type5546 / WarningEvent Submitted/Written: 02/24/2008 11:22:05 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.Event Record #/Type5539 / WarningEvent Submitted/Written: 02/23/2008 09:14:58 AMEvent ID/Source: 1001 / MsiInstallerEvent Description:Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'SpellingAndGrammarFiles_3082' failed during request for component '{E938403C-9432-11D2-900A-00805F9B1201}'Event Record #/Type5533 / WarningEvent Submitted/Written: 02/23/2008 00:45:33 AMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.Event Record #/Type5530 / ErrorEvent Submitted/Written: 02/22/2008 09:06:52 PMEvent ID/Source: 11 / crypt32Event Description:Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type28889 / WarningEvent Submitted/Written: 02/25/2008 08:11:16 PMEvent ID/Source: 3004 / WinDefendEvent Description:%MOBILE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MOBILE27 can't undo changes that you allow.For more information please see the following:%MOBILE275 Scan ID: {6ECE377D-004C-430C-ABC3-9231BFFFCC02} User: MOBILE\Liliana Currie Name: %MOBILE271 ID: %MOBILE272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MOBILE276 Alert Type: %MOBILE278 Detection Type: 1.1.1593.02Event Record #/Type28888 / WarningEvent Submitted/Written: 02/25/2008 08:11:16 PMEvent ID/Source: 3004 / WinDefendEvent Description:%MOBILE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MOBILE27 can't undo changes that you allow.For more information please see the following:%MOBILE275 Scan ID: {73CD3A60-8028-4D0B-810C-580EDDE16D4D} User: MOBILE\Liliana Currie Name: %MOBILE271 ID: %MOBILE272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MOBILE276 Alert Type: %MOBILE278 Detection Type: 1.1.1593.02Event Record #/Type28887 / ErrorEvent Submitted/Written: 02/25/2008 08:04:26 PMEvent ID/Source: 59 / SideBySideEvent Description:Generate Activation Context failed for C:\Program Files\Kiwee Toolbar2\1.2.116\MFC80U.DLL.Reference error message: The operation completed successfully..Event Record #/Type28886 / ErrorEvent Submitted/Written: 02/25/2008 08:04:26 PMEvent ID/Source: 59 / SideBySideEvent Description:Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.Reference error message: The referenced assembly is not installed on your system..Event Record #/Type28885 / ErrorEvent Submitted/Written: 02/25/2008 08:04:26 PMEvent ID/Source: 32 / SideBySideEvent Description:Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.-- End of Deckard's System Scanner: finished at 2008-02-25 20:12:13 ------------I hope you find that nasty virus and kill it forever!Thank you. Quote Link to post Share on other sites
sari Posted February 26, 2008 Report Share Posted February 26, 2008 Panda08,It appears that you've been infected with a flash drive virus - these get into your computer by USB devices such as thumb drives. We have a little tool to run for that one.1 - Flash Drive DisinfectorDownload Flash_Disinfector.exe by sUBs from >here< and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.Now, to be sure that there's nothing else hiding, please do the following:Download ComboFix from Here or Hereor Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall.Post the results from the combofix log.sari Quote Link to post Share on other sites
Panda08 Posted February 26, 2008 Author Report Share Posted February 26, 2008 Sari, I hope my infection is not as bad as computer infection. Here ar both logs ComboFix and HijackThis.Thank you.ComboFix 08-02-25.3 - Liliana Currie 2008-02-26 19:05:20.2 - NTFSx86Running from: C:\Documents and Settings\Liliana Currie\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))).2008-02-25 20:08 . 2008-02-25 20:08 <DIR> d-------- C:\Deckard2008-02-23 00:48 . 2008-02-23 00:51 1,374 --a------ C:\WINDOWS\imsins.BAK2008-02-22 20:17 . 2008-02-22 20:17 59,200 --a------ C:\Documents and Settings\Liliana Currie\Application Data\GDIPFONTCACHEV1.DAT2008-02-22 18:18 . 2008-02-22 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-02-22 18:17 . 2008-02-22 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab2008-02-21 17:57 . 2008-02-21 18:10 <DIR> d-------- C:\fixwareout2008-02-21 10:24 . 2008-02-25 07:03 <DIR> d-------- C:\Program Files\Spyware Doctor2008-02-21 10:24 . 2008-02-21 10:24 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\PC Tools2008-02-21 10:24 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys2008-02-21 10:24 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys2008-02-21 10:24 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys2008-02-21 10:24 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys2008-02-21 03:37 . 2008-02-21 03:37 <DIR> d-------- C:\Program Files\Trend Micro2008-02-17 20:02 . 2008-02-17 20:02 <DIR> d-------- C:\Program Files\Windows Defender2008-02-17 19:42 . 2008-02-26 19:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-02-08 19:00 . 2008-02-08 19:00 268 --ah----- C:\sqmdata00.sqm2008-02-08 19:00 . 2008-02-08 19:00 244 --ah----- C:\sqmnoopt00.sqm2008-02-07 21:08 . 2008-02-07 21:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center2008-02-06 22:04 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\yjefxevhkqeo.sys2008-02-06 21:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys2008-02-06 20:23 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\jcnskeonlcjl.sys2008-02-06 07:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ocifxxaktmju.sys2008-02-06 06:30 . 2008-02-06 20:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico2008-02-06 06:30 . 2008-02-06 20:10 1,406 --a------ C:\WINDOWS\system32\Help.ico2008-02-05 20:46 . 2008-02-08 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG72008-02-05 19:22 . 2008-02-05 20:38 <DIR> d-------- C:\WINDOWS\BDOSCAN82008-02-03 20:19 . 2008-02-03 20:19 <DIR> d-------- C:\Program Files\Common Files\NSV2008-02-03 20:18 . 2008-02-03 20:18 <DIR> d-------- C:\Program Files\Common Files\Nullsoft2008-02-03 12:34 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll2008-02-03 08:35 . 2008-02-03 08:35 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\AdobeAUM2008-02-02 17:45 . 2008-02-02 17:45 <DIR> d-------- C:\Program Files\Lavasoft2008-02-02 17:45 . 2008-02-02 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-02-02 17:43 . 2008-02-02 17:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-02-01 19:30 . 2008-02-01 19:30 <DIR> d-------- C:\Program Files\Kiwee Toolbar22008-02-01 19:30 . 2008-02-01 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar22008-02-01 15:15 . 2008-02-01 15:15 <DIR> d-------- C:\Program Files\3ivx.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-18 01:42 --------- d-----w C:\Program Files\Google2008-02-15 01:57 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\AVG72008-02-10 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-02-07 14:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG72008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Toolbar2008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Favorites2008-02-07 04:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-02-07 04:35 --------- d-----w C:\Program Files\QuickTime2008-02-07 04:32 --------- d-----w C:\Program Files\MSN Messenger2008-02-07 04:26 --------- d-----w C:\Program Files\Common Files\LightScribe2008-02-03 20:40 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\U32008-02-01 03:27 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Yahoo!2008-01-25 16:54 152 -c--a-w C:\Documents and Settings\Liliana Currie\Application Data\wklnhst.dat2008-01-19 21:33 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys2008-01-19 21:33 --------- d-----w C:\Program Files\Musicmatch2008-01-19 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-01-13 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!2008-01-13 16:35 --------- d-----w C:\Program Files\Yahoo!2008-01-13 16:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared2008-01-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe2008-01-08 22:51 --------- d-----w C:\Program Files\Ares2007-12-29 16:09 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Roxio2007-12-27 15:07 --------- d-----w C:\Program Files\Alcohol Soft2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]2008-01-24 16:09 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{EF99BD32-C1FB-11D2-892F-0090271D4F88}{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}{2318C2B1-4965-11D4-9B18-009027A5CD4F}[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [2008-01-24 16:09 248976][HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 16:26 579072]"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-23 16:26 406528]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-12 09:40 219136][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnkbackup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnkbackup=C:\WINDOWS\pss\ymetray.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]--a------ 2007-02-06 19:39 968704 C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]--a------ 2005-04-11 11:00 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]--a------ 2005-02-17 15:01 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]--a------ 2004-12-03 14:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]--a------ 2002-02-07 14:33 32768 C:\sj657\hpupdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]--a------ 2005-04-01 16:11 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]--a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]--a------ 2008-01-24 16:08 48264 C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]--a------ 2004-10-14 14:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]--a------ 2004-07-19 12:29 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]--a------ 2003-12-10 04:52 380928 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2005-04-29 23:39 98304 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]--a------ 2003-07-18 16:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]--a------ 2003-05-01 17:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2005-03-04 04:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]--a------ 2005-02-02 06:11 692316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]--a------ 2005-02-02 06:12 102492 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]--a------ 2003-12-09 14:02 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]S2 pciinfo;HP Pci Information;C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8f47e-acb1-11dc-a47f-001636010070}]\Shell\AutoRun\command - E:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bae4c772-d259-11dc-a4eb-001636010070}]\Shell\Auto\command - fun.xls.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe.Contents of the 'Scheduled Tasks' folder"2008-02-27 00:37:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE"2008-01-25 23:48:17 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe"2008-02-27 01:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"- C:\Program Files\Windows Defender\MpCmdRun.exe"2008-02-27 01:09:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"- C:\Program Files\Symantec\LiveUpdate\NDetect.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-26 19:10:56Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:ZwClosescanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-26 19:13:36ComboFix-quarantined-files.txt 2008-02-27 01:13:28ComboFix2.txt 2008-02-27 00:52:21.2008-02-23 06:53:44 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:17 PM, on 2/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dllO2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUSO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptopO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gifO24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.pngO24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif--End of file - 8852 bytes Quote Link to post Share on other sites
sari Posted February 27, 2008 Report Share Posted February 27, 2008 Panda08,1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bae4c772-d259-11dc-a4eb-001636010070}][-HKEY_CLASSES_ROOT\CLSID\{bae4c772-d259-11dc-a4eb-001636010070}]3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.Let me know how things are running.sari Quote Link to post Share on other sites
Panda08 Posted February 27, 2008 Author Report Share Posted February 27, 2008 Sari, here are the two logs.Thank you so much for your time.ComboFix 08-02-25.3 - Liliana Currie 2008-02-27 18:18:08.3 - NTFSx86Running from: C:\Documents and Settings\Liliana Currie\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Liliana Currie\Desktop\CFScript.txt * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))).2008-02-25 20:08 . 2008-02-25 20:08 <DIR> d-------- C:\Deckard2008-02-23 00:48 . 2008-02-23 00:51 1,374 --a------ C:\WINDOWS\imsins.BAK2008-02-22 20:17 . 2008-02-22 20:17 59,200 --a------ C:\Documents and Settings\Liliana Currie\Application Data\GDIPFONTCACHEV1.DAT2008-02-22 18:18 . 2008-02-22 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-02-22 18:17 . 2008-02-22 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab2008-02-21 17:57 . 2008-02-21 18:10 <DIR> d-------- C:\fixwareout2008-02-21 10:24 . 2008-02-25 07:03 <DIR> d-------- C:\Program Files\Spyware Doctor2008-02-21 10:24 . 2008-02-21 10:24 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\PC Tools2008-02-21 10:24 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys2008-02-21 10:24 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys2008-02-21 10:24 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys2008-02-21 10:24 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys2008-02-21 03:37 . 2008-02-21 03:37 <DIR> d-------- C:\Program Files\Trend Micro2008-02-17 20:02 . 2008-02-17 20:02 <DIR> d-------- C:\Program Files\Windows Defender2008-02-17 19:42 . 2008-02-27 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-02-08 19:00 . 2008-02-08 19:00 268 --ah----- C:\sqmdata00.sqm2008-02-08 19:00 . 2008-02-08 19:00 244 --ah----- C:\sqmnoopt00.sqm2008-02-07 21:08 . 2008-02-07 21:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center2008-02-06 22:04 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\yjefxevhkqeo.sys2008-02-06 21:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys2008-02-06 20:23 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\jcnskeonlcjl.sys2008-02-06 07:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ocifxxaktmju.sys2008-02-06 06:30 . 2008-02-06 20:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico2008-02-06 06:30 . 2008-02-06 20:10 1,406 --a------ C:\WINDOWS\system32\Help.ico2008-02-05 20:46 . 2008-02-08 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG72008-02-05 19:22 . 2008-02-05 20:38 <DIR> d-------- C:\WINDOWS\BDOSCAN82008-02-03 20:19 . 2008-02-03 20:19 <DIR> d-------- C:\Program Files\Common Files\NSV2008-02-03 20:18 . 2008-02-03 20:18 <DIR> d-------- C:\Program Files\Common Files\Nullsoft2008-02-03 12:34 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll2008-02-03 08:35 . 2008-02-03 08:35 <DIR> d-------- C:\Documents and Settings\Liliana Currie\Application Data\AdobeAUM2008-02-02 17:45 . 2008-02-02 17:45 <DIR> d-------- C:\Program Files\Lavasoft2008-02-02 17:45 . 2008-02-02 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-02-02 17:43 . 2008-02-02 17:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-02-01 19:30 . 2008-02-01 19:30 <DIR> d-------- C:\Program Files\Kiwee Toolbar22008-02-01 19:30 . 2008-02-01 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar22008-02-01 15:15 . 2008-02-01 15:15 <DIR> d-------- C:\Program Files\3ivx.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-18 01:42 --------- d-----w C:\Program Files\Google2008-02-15 01:57 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\AVG72008-02-10 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-02-07 14:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG72008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Toolbar2008-02-07 04:37 --------- d-----w C:\Program Files\Windows Live Favorites2008-02-07 04:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-02-07 04:35 --------- d-----w C:\Program Files\QuickTime2008-02-07 04:32 --------- d-----w C:\Program Files\MSN Messenger2008-02-07 04:26 --------- d-----w C:\Program Files\Common Files\LightScribe2008-02-03 20:40 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\U32008-02-01 03:27 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Yahoo!2008-01-25 16:54 152 -c--a-w C:\Documents and Settings\Liliana Currie\Application Data\wklnhst.dat2008-01-19 21:33 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys2008-01-19 21:33 --------- d-----w C:\Program Files\Musicmatch2008-01-19 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-01-13 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!2008-01-13 16:35 --------- d-----w C:\Program Files\Yahoo!2008-01-13 16:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared2008-01-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe2008-01-08 22:51 --------- d-----w C:\Program Files\Ares2007-12-29 16:09 --------- d-----w C:\Documents and Settings\Liliana Currie\Application Data\Roxio2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]2008-01-24 16:09 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{EF99BD32-C1FB-11D2-892F-0090271D4F88}{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}{2318C2B1-4965-11D4-9B18-009027A5CD4F}[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [2008-01-24 16:09 248976][HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}][HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 16:26 579072]"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-23 16:26 406528]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-12 09:40 219136][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnkbackup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnkbackup=C:\WINDOWS\pss\ymetray.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]--a------ 2007-02-06 19:39 968704 C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]--a------ 2005-04-11 11:00 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]--a------ 2005-02-17 15:01 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]--a------ 2004-12-03 14:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]--a------ 2002-02-07 14:33 32768 C:\sj657\hpupdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]--a------ 2005-04-01 16:11 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]--a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]--a------ 2008-01-24 16:08 48264 C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]--a------ 2004-10-14 14:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]--a------ 2004-07-19 12:29 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]--a------ 2003-12-10 04:52 380928 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2005-04-29 23:39 98304 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]--a------ 2003-07-18 16:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]--a------ 2003-05-01 17:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2005-03-04 04:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]--a------ 2005-02-02 06:11 692316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]--a------ 2005-02-02 06:12 102492 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]--a------ 2003-12-09 14:02 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]S2 pciinfo;HP Pci Information;C:\DOCUME~1\LILIAN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8f47e-acb1-11dc-a47f-001636010070}]\Shell\AutoRun\command - E:\LaunchU3.exe -a.Contents of the 'Scheduled Tasks' folder"2008-02-27 01:37:07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE"2008-01-25 23:48:17 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0"2008-02-28 00:01:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"- C:\Program Files\Windows Defender\MpCmdRun.exe"2008-02-28 00:24:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"- C:\Program Files\Symantec\LiveUpdate\NDetect.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-27 18:24:13Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:ZwClosescanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-27 18:26:53ComboFix-quarantined-files.txt 2008-02-28 00:26:46ComboFix2.txt 2008-02-27 01:13:37ComboFix3.txt 2008-02-27 00:52:21.2008-02-27 12:55:55 --- E O F --- HIJACKTHIS LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:37 PM, on 2/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dllO2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm609MFUSO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?46bad1d1cb8c4d959534c84a8f73b171O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?46bad1d1cb8c4d959534c84a8f73b171O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptopO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO24 - Desktop Component 0: (no name) - http://www.americansingles.com/img/bknd.gifO24 - Desktop Component 1: (no name) - http://www.americansingles.com/img/Site/Am...es-com/bknd.pngO24 - Desktop Component 2: (no name) - http://www.americansingles.com/img/d/1/trans.gif--End of file - 8924 bytes Quote Link to post Share on other sites
sari Posted February 28, 2008 Report Share Posted February 28, 2008 Panda08,How are things running now? Are you still having issues with slowness, because your logs are clean now.sari Quote Link to post Share on other sites
Panda08 Posted February 28, 2008 Author Report Share Posted February 28, 2008 No issues right now everything seems to be ok.Sari, right after we ran FixWareout I noticed the difference in speed while browsing the net, the laptop was much faster indeed. Is FixWarout a spy removal tool? But I after we ran KASPERSKY online it found a virus, I guess you got rid off that one too because the computer is running smoothly.The only problem I have but that problem has been there for a while, when I click or touch the touch pad to open IE or Yahoo on the desktop, it opens or launches several browsers of the same websites.Thank you very much for your help.Panda08 Quote Link to post Share on other sites
Panda08 Posted February 29, 2008 Author Report Share Posted February 29, 2008 No issues right now everything seems to be ok.Sari, right after we ran FixWareout I noticed the difference in speed while browsing the net, the laptop was much faster indeed. Is FixWarout a spy removal tool? But I after we ran KASPERSKY online it found a virus, I guess you got rid off that one too because the computer is running smoothly.The only problem I have but that problem has been there for a while, when I click or touch the touch pad to open IE or Yahoo on the desktop, it opens or launches several browsers of the same websites.Thank you very much for your help.Panda08P. S. I would like know what was the diagnostic or what kind malware caused the laptop to perform so slow. Quote Link to post Share on other sites
sari Posted February 29, 2008 Report Share Posted February 29, 2008 Panda08,You had an infection called Wareout, that redirects your browser to other sites and generally interferes with how your PC runs. Most viruses, spyware, etc., interfere with the performance of the PC, so I'm not surprised yours was running much faster after that - it was the primary infection on your PC.I'd like you to follow some directions to install what's called the Recovery Console. This isn't to clear up anything you have; it's more of a safety measure. We're seeing more cases of nasty viruses that can prevent PCs from booting up, and having this installed could help you out in the future.Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.Once that's done, we'll clean up the tools we used and you can go on your way, malware-free!sari Quote Link to post Share on other sites
Panda08 Posted February 29, 2008 Author Report Share Posted February 29, 2008 (edited) Sari, again thank you!Me and my computer feel malware-freee! Ok,I'll post the log Edited February 29, 2008 by Panda08 Quote Link to post Share on other sites
Panda08 Posted February 29, 2008 Author Report Share Posted February 29, 2008 Sari, I do not understand, there is no recovery console in the link that you have provided"Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System."Instead there are three options listed on http://support.microsoft.com/kb/3109941. Download the Setup disk program file2. Windows XP Service Pack 1 (SP1)3. Windows XP Service Pack 2 (SP2)Let me know what do you want me to do?Thanks,Panda08 Quote Link to post Share on other sites
sari Posted March 7, 2008 Report Share Posted March 7, 2008 Panda08,You'll download SP2 - that will install the recovery console.sari Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.