Analyse combofix log and hijack log

alyoob

alyoob

Member
ComboFix 08-02.03.1 - HP_Owner 2008-02-03 19:25:04.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\Software Installer\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\inst.exe
C:\temp\tn3
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
hxxp:/
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 19:31 . 2008-02-03 19:31 <DIR> d-------- C:\temp\tn3
2008-02-03 12:26 . 2008-02-03 12:26 167,545 --a--c--- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-03 12:26 . 2008-02-03 12:26 86,144 --a--c--- C:\WINDOWS\system32\drivers\wmilibb.sys
2008-02-03 11:27 . 2008-02-03 15:31 <DIR> d----c--- C:\Downloads
2008-02-03 09:01 . 2008-02-03 09:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero
2008-02-01 18:19 . 2008-02-03 11:38 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-02-01 18:19 . 2008-02-01 18:19 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-01-28 20:39 . 2008-01-28 20:39 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-28 20:36 . 2008-01-28 20:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-27 18:37 . 2008-01-27 18:38 <DIR> d-------- C:\Program Files\Java
2008-01-27 10:49 . 1995-12-14 02:10 1,682,688 -ra--c--- C:\WINDOWS\QTINSTAL.EXE
2008-01-27 10:49 . 1995-12-14 02:10 92,384 -ra--c--- C:\WINDOWS\QTW16DEL.EXE
2008-01-27 10:49 . 2006-02-11 20:51 191 --a--c--- C:\WINDOWS\QTW.INI
2008-01-27 10:49 . 2002-10-03 13:42 34 --a--c--- C:\WINDOWS\Q3version.ini
2008-01-24 09:16 . 2004-12-14 08:07 708,608 -ra--c--- C:\WINDOWS\system32\hpotiop.dll
2008-01-24 09:16 . 2004-12-14 08:07 278,528 -ra--c--- C:\WINDOWS\system32\hpgwiamd.dll
2008-01-24 09:16 . 2004-12-14 08:07 229,376 -ra--c--- C:\WINDOWS\system32\hpovst08.dll
2008-01-24 09:09 . 2008-01-24 09:37 68,964 --a--c--- C:\WINDOWS\hpoins05.dat
2008-01-24 09:09 . 2004-12-14 08:07 19,696 -----c--- C:\WINDOWS\hpomdl05.dat
2008-01-21 16:22 . 2008-01-21 16:22 12,518,948 -----c--- C:\avg7qt.dat
2008-01-21 16:09 . 2008-02-03 18:33 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7
2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-21 16:08 . 2008-02-03 12:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-20 21:26 . 2008-01-28 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-20 19:53 . 2008-01-20 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient
2008-01-19 09:16 . 2008-01-27 08:40 <DIR> d-------- C:\Program Files\DivX
2008-01-19 07:27 . 2008-01-27 09:10 5,632 --ahsc--- C:\WINDOWS\system32\Thumbs.db
2008-01-18 21:08 . 2008-01-18 21:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit
2008-01-14 21:20 . 2008-01-14 21:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Vso
2008-01-14 21:20 . 2008-01-14 21:20 47,360 --a--c--- C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-14 21:20 . 2008-01-14 21:21 47,360 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys
2008-01-12 18:42 . 2008-01-12 18:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\snap
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\STATES
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\SHOTS
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ROMDATA
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\INPUT
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\EEPROM
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CONFIG
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CHEATS
2008-01-12 18:27 . 2008-01-12 18:38 25 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat
2008-01-12 18:27 . 2008-01-12 18:39 0 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT
2008-01-12 07:03 . 2008-01-12 07:09 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts
2008-01-06 19:56 . 2007-01-18 04:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-05 14:42 . 2008-01-05 14:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Comodo
2008-01-05 14:42 . 2008-01-05 14:42 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-05 14:40 . 2008-01-04 16:15 281 --a--c--- C:\boot.ini.comodofirewall
2008-01-04 12:55 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-01-04 09:11 . 2008-01-04 09:11 917,504 --a--c--- C:\WINDOWS\system32\FLASH.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes
2008-02-03 17:15 --------- d-----w C:\Program Files\iPod
2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime
2008-02-02 14:22 --------- d-----w C:\Program Files\Blubster
2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild
2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works
2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 17:18 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-27 16:47 15,582 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat
2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP
2008-01-24 17:32 --------- d-----w C:\Program Files\HP
2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 00:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo
2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-20 01:08 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-19 22:19 --------- d-----w C:\Program Files\WinClamAVShield
2008-01-19 05:06 --------- d-----w C:\Program Files\IObit
2008-01-12 15:03 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-10 23:21 --------- d-----w C:\Program Files\SpywareGuard
2008-01-07 04:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer
2008-01-05 19:14 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-01-04 16:24 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-01-04 16:09 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator
2008-01-02 21:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-02 21:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti
2008-01-02 21:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-31 06:29 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo!
2007-12-31 06:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-30 22:27 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-30 22:26 --------- d-----w C:\Program Files\Common Files\Real
2007-12-30 17:48 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive
2007-12-30 17:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com
2007-12-30 01:05 --------- d-----w C:\Program Files\WindSolutions
2007-12-29 16:44 --------- d-----w C:\Program Files\interMute
2007-12-29 03:53 138,752 -c--a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-27 20:38 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM
2007-12-27 04:39 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto
2007-12-27 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner
2007-12-27 02:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback
2007-12-27 01:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template
2007-12-27 01:19 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint
2007-12-27 01:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL
2007-12-27 01:14 1,865 -csha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK
2007-12-27 01:06 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-27 01:05 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63
2007-12-26 17:23 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\SiteAdvisor
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nokia
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 17:05 --------- d-----w C:\Program Files\DIFX
2007-12-26 17:04 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 17:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-25 05:56 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\FileVOoM
2007-12-25 05:56 --------- d-----w C:\Program Files\iPod Download
2007-12-20 22:22 --------- d-----w C:\Program Files\Premium Booster
2007-12-20 22:16 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\iolo
2007-12-20 22:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat
2007-12-15 19:41 --------- d-----w C:\Program Files\Google
2007-12-14 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-12 03:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 00:20 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-12-10 18:34 1,824 -c--a-w C:\reg_AppID_CLSID.reg,.reg
2007-12-10 17:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-12-10 17:57 --------- d-----w C:\Program Files\MSECACHE
2007-12-09 21:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-03-05 00:29 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-21 16:18 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-21 16:18 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2008-01-21 16:18 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-30 14:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53]
R1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilibb.sys [2008-02-03 12:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 02:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-04 03:34:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 19:32:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-02-03 19:38:34 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-02-04 03:38:30
.
2007-12-27 05:09:38 --- E O F ---







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:48 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7165 bytes
 
Last edited:
Hello,

You're infected with the core.cache.dsk. Please follow these instructions:

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Drivers to unload:
wmilibb.sys

Folders to delete:
C:\Temp\tn3

Files to delete:
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\wmilibb.sys
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 
Last edited:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vjqdoblh

*******************

Script file located at: \??\C:\hxjndmfj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\wmilibb.sys not found!
Unload of driver wmilibb.sys failed!

Could not process line:
wmilibb.sys
Status: 0xc0000034

Folder C:\Temp\tn3 deleted successfully.
File C:\WINDOWS\system32\drivers\core.cache.dsk deleted successfully.
File C:\WINDOWS\system32\drivers\wmilibb.sys deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Ok do you still have pop-ups?

I'd like to see a fresh HJT and Combofix log please.
 
New combofix and hijack log

I do not have popups anymore.

ComboFix 08-02.03.1 - HP_Owner 2008-02-07 8:56:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -8:00]
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\Software Installer\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-05 08:37 . 2008-02-05 08:37 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-02-05 08:37 . 2008-02-05 08:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-05 08:20 . 2008-02-05 08:20 <DIR> d-------- C:\Program Files\CleanUp!
2008-02-03 11:27 . 2008-02-03 15:31 <DIR> d----c--- C:\Downloads
2008-02-03 09:01 . 2008-02-03 09:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero
2008-01-28 20:39 . 2008-01-28 20:39 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-28 20:36 . 2008-01-28 20:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-27 18:37 . 2008-01-27 18:38 <DIR> d-------- C:\Program Files\Java
2008-01-27 10:49 . 1995-12-14 02:10 1,682,688 -ra--c--- C:\WINDOWS\QTINSTAL.EXE
2008-01-27 10:49 . 1995-12-14 02:10 92,384 -ra--c--- C:\WINDOWS\QTW16DEL.EXE
2008-01-27 10:49 . 2006-02-11 20:51 191 --a--c--- C:\WINDOWS\QTW.INI
2008-01-27 10:49 . 2002-10-03 13:42 34 --a--c--- C:\WINDOWS\Q3version.ini
2008-01-24 09:16 . 2004-12-14 08:07 708,608 -ra--c--- C:\WINDOWS\system32\hpotiop.dll
2008-01-24 09:16 . 2004-12-14 08:07 278,528 -ra--c--- C:\WINDOWS\system32\hpgwiamd.dll
2008-01-24 09:16 . 2004-12-14 08:07 229,376 -ra--c--- C:\WINDOWS\system32\hpovst08.dll
2008-01-24 09:09 . 2008-01-24 09:37 68,964 --a--c--- C:\WINDOWS\hpoins05.dat
2008-01-24 09:09 . 2004-12-14 08:07 19,696 -----c--- C:\WINDOWS\hpomdl05.dat
2008-01-21 16:22 . 2008-01-21 16:22 12,518,948 -----c--- C:\avg7qt.dat
2008-01-21 16:09 . 2008-02-05 20:33 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7
2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-21 16:08 . 2008-02-05 20:27 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-20 21:26 . 2008-01-28 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-20 19:53 . 2008-01-20 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient
2008-01-19 09:16 . 2008-01-27 08:40 <DIR> d-------- C:\Program Files\DivX
2008-01-19 07:27 . 2008-01-27 09:10 5,632 --ahsc--- C:\WINDOWS\system32\Thumbs.db
2008-01-18 21:08 . 2008-01-18 21:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit
2008-01-14 21:20 . 2008-01-14 21:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Vso
2008-01-14 21:20 . 2008-01-14 21:20 47,360 --a--c--- C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-14 21:20 . 2008-01-14 21:21 47,360 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys
2008-01-12 18:42 . 2008-01-12 18:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\snap
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\STATES
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\SHOTS
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ROMDATA
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\INPUT
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\EEPROM
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CONFIG
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CHEATS
2008-01-12 18:27 . 2008-01-12 18:38 25 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat
2008-01-12 18:27 . 2008-01-12 18:39 0 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT
2008-01-12 07:03 . 2008-01-12 07:09 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 04:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 04:13 --------- d-----w C:\Program Files\Blubster
2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes
2008-02-03 17:15 --------- d-----w C:\Program Files\iPod
2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime
2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild
2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works
2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 19:34 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 17:18 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-27 16:47 15,582 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat
2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP
2008-01-24 17:32 --------- d-----w C:\Program Files\HP
2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo
2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-20 01:08 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-19 22:19 --------- d-----w C:\Program Files\WinClamAVShield
2008-01-19 05:06 --------- d-----w C:\Program Files\IObit
2008-01-12 15:03 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-10 23:21 --------- d-----w C:\Program Files\SpywareGuard
2008-01-07 04:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer
2008-01-05 22:42 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Comodo
2008-01-05 22:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-05 19:14 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-01-04 16:24 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-01-04 16:09 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator
2008-01-02 21:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-02 21:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti
2008-01-02 21:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-31 06:29 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo!
2007-12-31 06:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-30 22:27 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-30 22:26 --------- d-----w C:\Program Files\Common Files\Real
2007-12-30 17:48 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive
2007-12-30 17:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com
2007-12-30 01:05 --------- d-----w C:\Program Files\WindSolutions
2007-12-29 16:44 --------- d-----w C:\Program Files\interMute
2007-12-29 03:53 138,752 -c--a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-27 20:38 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM
2007-12-27 04:39 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto
2007-12-27 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner
2007-12-27 02:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback
2007-12-27 01:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template
2007-12-27 01:19 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint
2007-12-27 01:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL
2007-12-27 01:14 1,865 -csha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK
2007-12-27 01:06 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-27 01:05 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63
2007-12-26 17:23 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\SiteAdvisor
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nokia
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 17:05 --------- d-----w C:\Program Files\DIFX
2007-12-26 17:04 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 17:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-25 05:56 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\FileVOoM
2007-12-25 05:56 --------- d-----w C:\Program Files\iPod Download
2007-12-20 22:22 --------- d-----w C:\Program Files\Premium Booster
2007-12-20 22:16 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\iolo
2007-12-20 22:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat
2007-12-15 19:41 --------- d-----w C:\Program Files\Google
2007-12-14 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-12 03:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 00:20 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-12-10 18:34 1,824 -c--a-w C:\reg_AppID_CLSID.reg,.reg
2007-12-10 17:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-12-10 17:57 --------- d-----w C:\Program Files\MSECACHE
2007-12-09 21:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:26 721,920 -c--a-w C:\WINDOWS\system32\lsasrv.dll
2007-07-05 23:03 47,104 -c--a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2007-07-05 23:03 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2007-07-05 18:48 39,424 -c--a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2007-07-05 18:48 1,675,264 -c--a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2007-07-05 17:00 1,673,216 -c--a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2007-07-05 16:42 1,670,144 -c--a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2007-07-05 16:29 41,984 -c--a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2007-07-05 16:28 1,668,096 -c--a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2007-07-05 03:29 1,667,584 -c--a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2007-07-05 00:40 33,792 -c--a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2007-07-04 21:11 23,552 -c--a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2007-07-04 20:51 34,304 -c--a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2007-07-04 15:37 31,744 -c--a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2007-07-04 05:21 40,960 -c--a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2007-07-04 05:21 1,659,392 -c--a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2007-07-03 22:58 36,864 -c--a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2007-07-03 15:41 42,496 -c--a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2007-07-03 02:53 28,160 -c--a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2007-07-03 01:45 39,936 -c--a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2007-07-02 21:36 53,248 -c--a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2007-07-02 18:46 32,768 -c--a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2007-07-02 18:46 1,623,552 -c--a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 05:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-05 20:26 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-05 20:27 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2008-02-05 20:26 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-30 14:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53]
S1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilibb.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 02:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-07 16:45:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 09:03:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 9:05:58
ComboFix-quarantined-files.txt 2008-02-07 17:05:55
ComboFix2.txt 2008-02-04 04:12:10
.
2007-12-27 05:09:38 --- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:16 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7332 bytes
 
It seems to me you are clean, let's wait for Ceewi1 to confirm that you are clean, that way nothing will be forgotten :)
 
scaned computer with Kaspery online scanner

I found some viruses when I scanned with kaspersy online scanner which was recommend by another forum to use. The problem with Kaspersy it will not delete the viruses that it finds. I ran avg free edition and it did not find what kaspersy found. Here is the log file from kaspersy and can you help me delete the infected files if you can.

KASPERSKY ONLINE SCANNER REPORT
Thursday, February 07, 2008 1:24:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/02/2008
Kaspersky Anti-Virus database records: 553461
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 105070
Number of viruses found 2
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 02:25:41

Infected Object Name Virus Name Last Action
C:\043e074d46fc5616ff650819eb\admparse.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\advpack.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\browseui.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\corpol.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\custsat.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\dxtmsft.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\dxtrans.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\extmgr.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\hmmapi.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\icardie.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\icrav03.rat Object is locked skipped
C:\043e074d46fc5616ff650819eb\ie4uinit.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieakeng.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieaksie.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieakui.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieapfltr.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\iedkcs32.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\iedw.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieencode.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieframe.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\iepeers.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieproxy.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\iernonce.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\iertutil.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\iesetup.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieudinit.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieui.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\ieuinit.inf Object is locked skipped
C:\043e074d46fc5616ff650819eb\iexplore.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\imgutil.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\inetcpl.cpl Object is locked skipped
C:\043e074d46fc5616ff650819eb\inseng.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\install.ins Object is locked skipped
C:\043e074d46fc5616ff650819eb\jscript.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\jsproxy.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\licmgr10.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\msfeeds.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\msfeeds.mof Object is locked skipped
C:\043e074d46fc5616ff650819eb\msfeedsbs.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\msfeedsbs.mof Object is locked skipped
C:\043e074d46fc5616ff650819eb\msfeedssync.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\mshta.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\mshtml.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\mshtml.tlb Object is locked skipped
C:\043e074d46fc5616ff650819eb\mshtmled.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\mshtmler.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\msls31.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\msrating.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\mstime.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\occache.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\occache.ini Object is locked skipped
C:\043e074d46fc5616ff650819eb\pngfilt.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\shdocvw.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\shlwapi.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\spmsg.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\spuninst.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\spupdsvc.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\tdc.ocx Object is locked skipped
C:\043e074d46fc5616ff650819eb\ticrf.rat Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\idndl.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\ie7.cat Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\iecustom.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\iereseticons.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\iesetup.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\legitlibm.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\nlsdl.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\update.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\update.exe.manifest Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\update.inf Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\update.ver Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\updspapi.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\update\xmllitesetup.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\url.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\urlmon.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\vbscript.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\vgx.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\webcheck.dll Object is locked skipped
C:\043e074d46fc5616ff650819eb\webcheck.ini Object is locked skipped
C:\043e074d46fc5616ff650819eb\winfxdocobj.exe Object is locked skipped
C:\043e074d46fc5616ff650819eb\wininet.dll Object is locked skipped
C:\59bf4a9c2f748ab7d195\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\a10df8ce04187dd6d3a6\msxml4-KB927978-enu.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\APP10708.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\saltonsea5\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\saltonsea5\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\saltonsea5\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\CACHE\saltonse00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\saltonsea5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\saltonsea5.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\saltonsea5.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16ea0f0849df5db21e9a044984813fe2_24163d36-083b-4600-af43-d01a342a2a36 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_24163d36-083b-4600-af43-d01a342a2a36 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_564fe74f-3c59-4fc2-86be-395800ce3141 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e073076d4025f6747e62e73b9190a5a_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f793388b8c5e3727db26d5063fac66d_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48a54b32cb5b5d1c9912330b696832fe_564fe74f-3c59-4fc2-86be-395800ce3141 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48a54b32cb5b5d1c9912330b696832fe_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a5bdc912aac5d26cd90c151d6012f31_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6602555dbd27ee7adaa8c12db65c2c32_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e47af02614c484e33df52e3a317734f_24163d36-083b-4600-af43-d01a342a2a36 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4c965d5d95615fff7de4797428bbbb8_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d730827781e60ae26fbf339d23c709e1_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11042006-074710.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Fonts\SwUniNew.tff Object is locked skipped
C:\Documents and Settings\All Users\Documents\Softwrap\OPTISOFTSL260F\CDBurner.sw2 Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Spyware Terminator\info.htm Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\art.idx Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\History\History.IE5\MSHist012008020720080208\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Temp\~DFE614.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe Infected: Trojan.Win32.Agent.efb skipped
C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar RAR: infected - 3 skipped
C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe Infected: Trojan.Win32.Agent.efb skipped
C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar RAR: infected - 3 skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071226-065056-440.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20061220224155.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070507002500.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BA.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BC.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BE.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C0.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C2.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C3.tmp\zbar.log Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C4.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C5.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C6.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C7.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C8.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C9.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CA.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CB.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CC.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035578.exe Object is locked skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035634.exe Object is locked skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP78\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
 
A few last things. Firstly:

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\Program Files\Yahoo!\YPSR\Quarantine\20061220224155.zip
C:\Program Files\Yahoo!\YPSR\Quarantine\20070507002500.zip
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15B.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15C.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15E.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BA.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BC.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BE.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C0.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C2.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C3.tmp\zbar.log
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C4.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C5.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C6.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C7.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C8.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C9.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CA.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CB.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CC.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat
C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar
C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071226-065056-440.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-

Driver::
wmilibb
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
new combofix log

ComboFix 08-02.03.1 - HP_Owner 2008-02-08 9:56:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT -8:00]
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar
C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071226-065056-440.dll
C:\Program Files\Yahoo!\YPSR\Quarantine\20061220224155.zip
C:\Program Files\Yahoo!\YPSR\Quarantine\20070507002500.zip
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15B.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15C.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15E.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BA.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BC.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BE.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C0.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C2.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C3.tmp\zbar.log
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C4.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C5.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C6.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C7.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C8.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C9.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CA.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CB.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CC.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20071226-065056-440.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WMILIBB
-------\wmilibb


((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 20:37 . 2008-02-07 20:37 65,549 --a--c--- C:\WINDOWS\BricoPackUninst.cmd
2008-02-07 20:36 . 2008-02-07 20:36 3,932,214 --a--c--- C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-07 20:34 . 2008-02-07 20:34 <DIR> d----c--- C:\WINDOWS\BricoPacks
2008-02-07 20:34 . 2008-02-07 20:37 6,128 --a--c--- C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-07 09:24 . 2008-02-07 20:19 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7
2008-02-07 09:23 . 2008-02-07 09:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 09:12 . 2008-02-07 09:26 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-05 08:37 . 2008-02-05 08:37 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-02-05 08:37 . 2008-02-05 08:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-05 08:20 . 2008-02-05 08:20 <DIR> d-------- C:\Program Files\CleanUp!
2008-02-03 11:27 . 2008-02-07 19:59 <DIR> d----c--- C:\Downloads
2008-02-03 09:01 . 2008-02-03 09:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero
2008-01-28 20:39 . 2008-01-28 20:39 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-28 20:36 . 2008-01-28 20:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-27 18:37 . 2008-01-27 18:38 <DIR> d-------- C:\Program Files\Java
2008-01-27 10:49 . 1995-12-14 02:10 1,682,688 -ra--c--- C:\WINDOWS\QTINSTAL.EXE
2008-01-27 10:49 . 1995-12-14 02:10 92,384 -ra--c--- C:\WINDOWS\QTW16DEL.EXE
2008-01-27 10:49 . 2006-02-11 20:51 191 --a--c--- C:\WINDOWS\QTW.INI
2008-01-27 10:49 . 2002-10-03 13:42 34 --a--c--- C:\WINDOWS\Q3version.ini
2008-01-24 09:16 . 2004-12-14 08:07 708,608 -ra--c--- C:\WINDOWS\system32\hpotiop.dll
2008-01-24 09:16 . 2004-12-14 08:07 278,528 -ra--c--- C:\WINDOWS\system32\hpgwiamd.dll
2008-01-24 09:16 . 2004-12-14 08:07 229,376 -ra--c--- C:\WINDOWS\system32\hpovst08.dll
2008-01-24 09:09 . 2008-01-24 09:37 68,964 --a--c--- C:\WINDOWS\hpoins05.dat
2008-01-24 09:09 . 2004-12-14 08:07 19,696 -----c--- C:\WINDOWS\hpomdl05.dat
2008-01-20 21:26 . 2008-01-28 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-20 19:53 . 2008-01-20 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient
2008-01-19 09:16 . 2008-01-27 08:40 <DIR> d-------- C:\Program Files\DivX
2008-01-19 07:27 . 2008-01-27 09:10 5,632 --ahsc--- C:\WINDOWS\system32\Thumbs.db
2008-01-18 21:08 . 2008-01-18 21:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit
2008-01-14 21:20 . 2008-01-14 21:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Vso
2008-01-14 21:20 . 2008-01-14 21:20 47,360 --a--c--- C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-14 21:20 . 2008-01-14 21:21 47,360 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys
2008-01-12 18:42 . 2008-01-12 18:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\snap
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\STATES
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\SHOTS
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ROMDATA
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\INPUT
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\EEPROM
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CONFIG
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CHEATS
2008-01-12 18:27 . 2008-01-12 18:38 25 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat
2008-01-12 18:27 . 2008-01-12 18:39 0 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT
2008-01-12 07:03 . 2008-01-12 07:09 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 05:06 --------- d-----w C:\Program Files\Blubster
2008-02-07 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes
2008-02-03 17:15 --------- d-----w C:\Program Files\iPod
2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime
2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild
2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works
2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 17:18 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-27 16:47 15,582 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat
2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP
2008-01-24 17:32 --------- d-----w C:\Program Files\HP
2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo
2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-20 01:08 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-19 22:19 --------- d-----w C:\Program Files\WinClamAVShield
2008-01-19 05:06 --------- d-----w C:\Program Files\IObit
2008-01-12 15:03 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-10 23:21 --------- d-----w C:\Program Files\SpywareGuard
2008-01-07 04:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer
2008-01-05 22:42 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Comodo
2008-01-05 22:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-05 19:14 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-01-04 16:24 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-01-04 16:09 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator
2008-01-02 21:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-02 21:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti
2008-01-02 21:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-31 06:29 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo!
2007-12-31 06:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-30 22:27 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-30 22:26 --------- d-----w C:\Program Files\Common Files\Real
2007-12-30 17:48 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive
2007-12-30 17:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com
2007-12-30 01:05 --------- d-----w C:\Program Files\WindSolutions
2007-12-29 16:44 --------- d-----w C:\Program Files\interMute
2007-12-29 03:53 138,752 -c--a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-27 20:38 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM
2007-12-27 04:39 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto
2007-12-27 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs
2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner
2007-12-27 02:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback
2007-12-27 01:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template
2007-12-27 01:19 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint
2007-12-27 01:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL
2007-12-27 01:14 1,865 -csha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK
2007-12-27 01:06 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-27 01:05 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63
2007-12-26 17:23 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\SiteAdvisor
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nokia
2007-12-26 17:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 17:05 --------- d-----w C:\Program Files\DIFX
2007-12-26 17:04 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 17:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-25 05:56 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\FileVOoM
2007-12-25 05:56 --------- d-----w C:\Program Files\iPod Download
2007-12-20 22:22 --------- d-----w C:\Program Files\Premium Booster
2007-12-20 22:16 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\iolo
2007-12-20 22:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat
2007-12-15 19:41 --------- d-----w C:\Program Files\Google
2007-12-14 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-12 03:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 00:20 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-12-10 18:34 1,824 -c--a-w C:\reg_AppID_CLSID.reg,.reg
2007-12-10 17:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-12-10 17:57 --------- d-----w C:\Program Files\MSECACHE
2007-12-09 21:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-03-05 00:29 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 14:26 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 09:23 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^TransBar.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^UberIcon.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-07 09:23 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2008-02-07 09:23 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-30 14:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 02:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 18:06:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 10:04:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-08 10:07:52 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-02-08 18:07:47
ComboFix2.txt 2008-02-07 17:05:59
ComboFix3.txt 2008-02-04 04:12:10
.
2007-12-27 05:09:38 --- E O F ---
 
Last edited:
hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:31 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7126 bytes
 
Excellent, your logfiles now appear to be clean. A couple of last steps:

Please click on Start -> Run. Type ComboFix /u and click OK.
Note the space between the ComboFix and the /u
This will remove the backups that ComboFix has created as well as the program itself.

Please download the OTMoveIt2 by OldTimer. Run the program and click the CleanUp! button.

Please also turn off System Restore, and turn it back on again. This will clean out your infected Restore Points. To do so:

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Then to turn it back on again:
1. Wait for Windows to finish clearing Restore Points.
2. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Additionally, Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it:
    javaicon.gif

    Select it and click Remove.
  • Then Download and install the newest version from here:

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
You must log in or register to reply here.
Back
Top