Help with a friends comp

sidthereal

sidthereal

New Member
Folks,
need some help repairing a friends comp.
Here are some logs:

ComboFix 09-02-12.03 - The Roses 2009-02-14 5:45:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1436 [GMT -5:00]
Running from: c:\documents and settings\The Roses\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\The Roses\Application Data\.#
c:\documents and settings\The Roses\Application Data\020000008c849112530C.manifest
c:\documents and settings\The Roses\Application Data\020000008c849112530O.manifest
c:\documents and settings\The Roses\Application Data\020000008c849112530P.manifest
c:\documents and settings\The Roses\Application Data\020000008c849112530S.manifest
c:\program files\Gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\x64

----- BITS: Possible infected sites -----

hxxp://updates.smithmicro.com
.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-12 13:33 . 2009-02-14 05:45 <DIR> d-------- c:\program files\Gamevance
2009-02-12 08:05 . 2009-02-13 07:29 <DIR> d-------- c:\documents and settings\The Roses\Incomplete
2009-02-11 14:06 . 2009-02-11 14:06 <DIR> d-------- C:\spoolerlogs
2009-02-10 09:29 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-10 04:48 . 2009-02-10 04:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-09 17:45 . 2009-02-09 17:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 17:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 17:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 17:36 . 2009-02-09 17:36 <DIR> d-------- C:\!KillBox
2009-02-09 14:25 . 2009-02-09 14:25 <DIR> d-------- C:\rsit
2009-02-09 14:00 . 2009-02-09 14:00 1,529,241 --a------ c:\program files\SDFix(4).exe
2009-02-09 10:35 . 2009-02-09 18:48 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-09 10:19 . 2009-02-09 10:19 <DIR> d-------- C:\VundoFix Backups
2009-02-09 10:19 . 2009-02-09 10:19 119,808 --a------ c:\program files\VundoFix(3).exe
2009-02-09 08:10 . 2009-02-09 08:13 <DIR> d-------- c:\documents and settings\The Roses\Application Data\U3
2009-02-09 07:37 . 2009-02-09 07:37 208,480 --a------ c:\program files\cooking-academy-2-world-cuisine_s1_l1_gF2844T1L1_d432980536.exe
2009-02-09 07:19 . 2009-02-09 07:20 16,939,888 --a------ c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-02-09 07:13 . 2009-02-09 07:13 208,480 --a------ c:\program files\bigfishgames_p32790221_s1_l1.exe
2009-02-09 07:03 . 2009-02-09 07:03 119,808 --a------ c:\program files\VundoFix(2).exe
2009-02-09 07:02 . 2009-02-09 07:02 119,808 --a------ c:\program files\VundoFix.exe
2009-02-07 21:10 . 2009-02-08 22:41 1,355 --a------ c:\windows\imsins.BAK
2009-02-07 21:10 . 2009-02-07 21:10 230 --a------ c:\windows\system32\spupdsvc.inf
2009-02-07 20:32 . 2009-02-07 20:32 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-07 20:23 . 2009-02-07 20:23 1,529,241 --a------ c:\program files\SDFix(3).exe
2009-02-07 20:22 . 2009-02-07 20:22 1,529,241 --a------ c:\program files\SDFix(2).exe
2009-02-07 20:14 . 2009-02-07 20:53 <DIR> d-------- c:\program files\Lavasoft
2009-02-07 20:09 . 2009-02-07 20:13 34,543,112 --a------ c:\program files\Ad-AwareAE(2).exe
2009-02-07 20:08 . 2009-02-07 20:08 0 --a------ c:\program files\Ad-AwareAE.exe
2009-02-07 19:51 . 2009-02-07 19:51 2,737,800 --a------ c:\program files\mbam-setup(2).exe
2009-02-07 19:45 . 2009-02-07 19:45 791,393 --a------ c:\program files\erunt_setup.exe
2009-02-07 19:44 . 2009-02-07 19:44 9,334 --a------ c:\program files\SysRestorePoint_v13.zip
2009-02-07 19:43 . 2009-02-07 19:43 50,688 --a------ c:\program files\ATF_Cleaner.exe
2009-02-07 19:36 . 2009-02-07 19:36 812,344 --a------ c:\program files\HJTInstall(2).exe
2009-02-06 13:51 . 2009-02-06 13:51 3,171,208 --a------ c:\program files\ccsetup216.exe
2009-02-05 15:25 . 2009-02-05 15:26 4,481,095 --a------ c:\program files\iata55_enu.exe
2009-02-05 15:24 . 2009-02-05 15:25 5,750,160 --a------ c:\program files\iata78_enu.exe
2009-02-05 15:23 . 2009-02-05 15:23 206,576 --a------ c:\program files\f6flpy3287.zip
2009-02-05 15:22 . 2009-02-05 15:22 2,953,176 --a------ c:\program files\iata87enu.exe
2009-02-04 17:38 . 2009-02-04 17:38 83,968 --a------ c:\program files\mp3_codec_KB9182625_ENU.exe
2009-02-04 09:44 . 2009-02-04 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SugarGames
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Wendy's Wellness
2009-02-02 14:12 . 2008-04-29 16:23 0 --a------ c:\windows\system32\CUSTOM.DICCUSTOM.DIC
2009-02-02 13:58 . 2009-02-02 14:12 <DIR> d-------- c:\documents and settings\The Roses\Application Data\GetRightToGo
2009-02-02 13:58 . 2009-02-02 13:58 366,032 --a------ c:\program files\X12-30247-DLM.exe
2009-01-30 03:23 . 2009-01-30 03:23 <DIR> d-------- c:\program files\Shop-n-Spree
2009-01-27 11:50 . 2009-01-27 11:50 769,112 --a------ c:\program files\SetupGamevance(6).exe
2009-01-27 08:02 . 2009-01-27 08:02 <DIR> d-------- c:\documents and settings\The Roses\Application Data\Mousechief

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 10:47 --------- d-----w c:\program files\Dl_cats
2009-02-14 10:43 586,041 ----a-w c:\program files\eudora.log
2009-02-14 10:43 256,348 ----a-w c:\program files\Audit.log
2009-02-14 10:43 13,216 ----a-w c:\program files\eudora.ini
2009-02-14 10:43 13,124 ----a-w c:\program files\Eudora61Stats.xml
2009-02-14 10:43 --------- d-----w c:\program files\Search
2009-02-14 10:38 11,490 ----a-w c:\program files\LinkHistory.dat
2009-02-14 10:35 373,320 ----a-w c:\program files\Out.toc
2009-02-14 10:35 --------- d-----w c:\program files\spool
2009-02-14 10:33 426,948 ----a-w c:\program files\In.toc
2009-02-14 10:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-14 10:06 5,828 ----a-w c:\program files\Trash.mbx
2009-02-14 10:06 322 ----a-w c:\program files\Trash.toc
2009-02-14 09:47 675 ----a-w c:\program files\descmap.pce
2009-02-14 09:47 --------- d-----w c:\program files\Embedded
2009-02-14 09:46 4,315,207 ----a-w c:\program files\Out.mbx
2009-02-14 09:46 3,144 ----a-w c:\program files\History.lst
2009-02-14 09:45 92,536 ----a-w c:\program files\Cheerleading.toc
2009-02-14 09:42 23,793,108 ----a-w c:\program files\In.mbx
2009-02-14 09:32 10,240,047 ----a-w c:\program files\eudorlog.old
2009-02-13 22:32 --------- d-----w c:\program files\icons
2009-02-13 22:20 --------- d-----w c:\program files\attach
2009-02-13 22:18 427,166 ----a-w c:\program files\In.toc.001
2009-02-13 22:10 31,568,185 ----a-w c:\program files\In.mbx.001
2009-02-13 21:59 51,552 ----a-w c:\program files\Broader View.toc
2009-02-13 21:59 1,017,104 ----a-w c:\program files\Broader View.mbx
2009-02-13 12:24 --------- d-----w c:\documents and settings\The Roses\Application Data\LimeWire
2009-02-11 17:31 5,990 ----a-w c:\program files\Saved.toc
2009-02-11 17:31 436,464 ----a-w c:\program files\School.mbx
2009-02-11 17:31 15,800 ----a-w c:\program files\School.toc
2009-02-11 17:31 137,778 ----a-w c:\program files\Saved.mbx
2009-02-11 13:14 101,968 ----a-w c:\program files\Dance.mbx
2009-02-11 13:14 1,630 ----a-w c:\program files\Dance.toc
2009-02-10 14:22 2,667,990 ----a-w c:\program files\Cheerleading.mbx
2009-02-10 14:21 746,274 ----a-w c:\program files\SVEYA.mbx
2009-02-10 14:21 469,669 ----a-w c:\program files\PTO.mbx
2009-02-10 14:21 3,156 ----a-w c:\program files\SVE Breakfast Club.toc
2009-02-10 14:21 25,392 ----a-w c:\program files\SVEYA.toc
2009-02-10 14:21 235,277 ----a-w c:\program files\SVE Breakfast Club.mbx
2009-02-10 14:21 22,994 ----a-w c:\program files\PTO.toc
2009-02-10 09:49 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-09 15:55 546,483 ----a-w c:\program files\JokesMisc.mbx
2009-02-09 15:55 24,302 ----a-w c:\program files\JokesMisc.toc
2009-02-09 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-02-09 02:12 2,284 ----a-w c:\program files\Help.toc
2009-02-09 02:12 101,661 ----a-w c:\program files\Help.mbx
2009-02-08 01:51 --------- d-----w c:\program files\Coupons
2009-02-08 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-08 01:09 1,787,040 ----a-w c:\program files\Ad-AwareAE.exe.part
2009-02-08 01:05 --------- d-----w c:\program files\iWin Games
2009-02-07 13:34 438,502 ----a-w c:\program files\In.toc.002
2009-02-07 13:28 32,421,437 ----a-w c:\program files\In.mbx.002
2009-02-06 18:52 --------- d-----w c:\program files\CCleaner
2009-02-05 20:27 --------- d-----w c:\program files\Intel
2009-02-04 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-02 22:37 33,942 ----a-w c:\program files\driving-test.html
2009-01-31 00:52 238,373 ----a-w c:\program files\game.swf
2009-01-30 17:06 338,222 ----a-w c:\program files\Out.toc.001
2009-01-30 16:48 7,510,547 ----a-w c:\program files\Out.mbx.001
2009-01-30 16:23 --------- d-----w c:\program files\iWin.com
2009-01-30 13:24 3,347 ----a-w c:\program files\NNdbase.toc
2009-01-30 13:24 12,314 ----a-w c:\program files\NNdbase.txt
2009-01-30 08:24 --------- d-----w c:\documents and settings\The Roses\Application Data\ViquaSoft
2009-01-30 03:10 702,287 ----a-w c:\program files\Soccer Help.mbx
2009-01-30 03:10 500,788 ----a-w c:\program files\Yearbook.mbx
2009-01-30 03:10 28,226 ----a-w c:\program files\Yearbook.toc
2009-01-30 03:10 22,776 ----a-w c:\program files\Soccer Help.toc
2009-01-30 03:06 8,268,118 ----a-w c:\program files\Out.mbx.002
2009-01-30 03:06 667,838 ----a-w c:\program files\Out.toc.002
2009-01-29 15:07 0 ----a-w c:\program files\updateurl.htm
2009-01-27 20:48 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-17 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-01-11 15:14 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2009-01-10 05:04 1,848 ----a-w c:\program files\Van Ness Family.toc
2009-01-10 05:03 3,592 ----a-w c:\program files\Neighborhood Watch.toc
2009-01-10 04:51 82,809 ---ha-w c:\program files\Eudora.GID
2009-01-10 02:49 765,016 ----a-w c:\program files\SetupGamevance(5).exe
2009-01-10 02:37 765,016 ----a-w c:\program files\SetupGamevance(4).exe
2009-01-10 02:37 765,016 ----a-w c:\program files\SetupGamevance(3).exe
2009-01-09 13:52 --------- d-----w c:\program files\Chocolate Shop Frenzy
2009-01-01 15:56 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-12-30 19:29 --------- d-----w c:\documents and settings\The Roses\Application Data\Bigfish Ashtons Family Resort
2008-12-30 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Bigfish Ashtons Family Resort
2008-12-29 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-29 14:27 --------- d-----w c:\program files\AIM6
2008-12-29 14:25 --------- d-----w c:\program files\Viewpoint
2008-12-29 14:25 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-29 14:25 --------- d-----w c:\program files\Common Files\AOL
2008-12-29 14:25 --------- d-----w c:\program files\AIM Toolbar
2008-12-29 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-29 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-29 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-12-29 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-29 14:21 13,440,584 ----a-w c:\program files\Install_AIM.exe
2008-12-29 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-12-29 13:30 --------- d-----w c:\program files\Ashtons - Family Resort
2008-12-29 01:02 --------- d-----w c:\documents and settings\The Roses\Application Data\PlayFirst
2008-12-29 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-27 14:46 --------- d-----w c:\documents and settings\The Roses\Application Data\Fuzzy Games
2008-12-27 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\Fitn17
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-09 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-06-20 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-02-12 105472]
"PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\system32\ico.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-07-23 36864]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-09 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-07-23 36864]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\EuShlExt.dll" [2006-08-17 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dlcxjswr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-10 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2008-12-17 78104]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-08 345696]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-08 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-11-08 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-29 24652]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-01-16 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-01-16 14336]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-08 280392]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-11-08 923216]
S3 atidgllk;atidgllk;c:\dell\Drivers\R169419\atidgllk.sys [2008-10-24 12048]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys [2007-01-26 19200]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0126616-f6aa-11dd-92bf-001cc033e7a2}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
Notify-dc3ceefe530 - c:\windows\System32\dlcxjswr32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\The Roses\Application Data\Mozilla\Firefox\Profiles\5rl43nwh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\The Roses\Application Data\Mozilla\Firefox\Profiles\5rl43nwh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 05:47:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\pmxmiced.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2009-02-14 5:53:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-14 10:53:53

Pre-Run: 455,007,096,832 bytes free
Post-Run: 454,912,999,424 bytes free

359 --- E O F --- 2009-02-12 03:06:32
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:57 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080109
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3676672507-3351165774-723297053-1007\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'QBDataServiceUser18')
O4 - HKUS\S-1-5-21-3676672507-3351165774-723297053-1007\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'QBDataServiceUser18')
O4 - HKUS\S-1-5-21-3676672507-3351165774-723297053-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'QBDataServiceUser18')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dlcxjswr32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16239 bytes

SDFix: Version 1.179
Run by The Roses on Sat 02/14/2009 at 05:19 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 05:27:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\dlcxcoms.exe"="C:\\WINDOWS\\system32\\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 9 Feb 2009 5,852 A.SH. --- "C:\!KillBox\KGyGaAvL.sys"
Sat 19 Jan 2008 56 A.SHR --- "C:\i386\07089BD73B.sys"
Sat 19 Jan 2008 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Mon 22 Dec 2008 2,684,240 ...H. --- "C:\Program Files\Ashtons - Family Resort\Ashtons Family Resort.exe"
Thu 18 Sep 2008 1,770,824 ...H. --- "C:\Program Files\Beach Party Craze\Beach Party Craze.exe"
Tue 26 Jun 2007 7,366,704 ...H. --- "C:\Program Files\Burger Island\bi.exe"
Fri 11 Jan 2008 3,302,728 ...H. --- "C:\Program Files\Cake Mania 2\CakeMania2.exe"
Thu 8 Jan 2009 2,581,840 ...H. --- "C:\Program Files\Chocolate Shop Frenzy\ChocolateShop.exe"
Tue 30 Sep 2008 2,590,024 ...H. --- "C:\Program Files\Cooking Dash\cookingdash.exe"
Wed 7 Nov 2007 3,093,832 ...H. --- "C:\Program Files\Diner Dash Hometown Hero\Diner Dash - Hometown Hero.exe"
Fri 5 Dec 2008 4,506,960 ...H. --- "C:\Program Files\DQ Tycoon\DQTycoon.exe"
Tue 23 Dec 2008 1,779,024 ...H. --- "C:\Program Files\Fab Fashion\Fashion.exe"
Mon 13 Aug 2007 2,704,712 ...H. --- "C:\Program Files\Fever Frenzy\Fever Frenzy.exe"
Thu 5 Jun 2008 3,454,280 ...H. --- "C:\Program Files\First Class Flurry\firstclassflurry.exe"
Fri 18 Apr 2008 1,217,864 ...H. --- "C:\Program Files\JEOPARDY! 2\Jeopardy! 2.exe"
Tue 1 Apr 2008 12,762,528 ...H. --- "C:\Program Files\Kindergarten\KinderGarten_BigFish.exe"
Tue 21 Oct 2008 857,416 ...H. --- "C:\Program Files\Megaplex Madness - Now Playing\MegaplexMadness.exe"
Mon 9 Jul 2007 15,250,760 ...H. --- "C:\Program Files\Nanny Mania\NannyMania.exe"
Wed 19 Sep 2007 32,232,776 ...H. --- "C:\Program Files\Paradise Pet Salon\PetSalon.exe"
Thu 29 Jan 2009 3,450,192 ...H. --- "C:\Program Files\Shop-n-Spree\shopnspree.exe"
Thu 10 Jul 2008 2,823,496 ...H. --- "C:\Program Files\Spa Mania\spamania.exe"
Tue 25 Sep 2007 1,787,208 ...H. --- "C:\Program Files\SpongeBob SquarePants Diner Dash 2\SpongeBob Diner Dash 2.exe"
Thu 10 Jan 2008 3,392,840 ...H. --- "C:\Program Files\The Apprentice - Los Angeles\TheApprenticeLosAngeles.exe"
Tue 26 Aug 2008 3,102,024 ...H. --- "C:\Program Files\The Great Chocolate Chase\GreatChocolateChase.exe"
Thu 13 Nov 2008 4,248,912 ...H. --- "C:\Program Files\Top Chef\TopChef.exe"
Mon 6 Aug 2007 2,532,680 ...H. --- "C:\Program Files\Turbo Pizza\TurboPizza.exe"
Wed 16 Jan 2008 2,766,152 ...H. --- "C:\Program Files\Turbo Subs\TurboSubs.exe"
Tue 4 Sep 2007 2,389,320 ...H. --- "C:\Program Files\Wedding Dash\Wedding Dash.exe"
Tue 3 Feb 2009 2,102,608 ...H. --- "C:\Program Files\Wendy's Wellness\Wellness.exe"
Mon 9 Feb 2009 104 ..SHR --- "C:\WINDOWS\system32\07089BD73B.sys"
Fri 5 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\The Roses\Application Data\U3\temp\Launchpad Removal.exe"
Fri 18 Jan 2008 8 A..H. --- "C:\Documents and Settings\The Roses\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 18 Jan 2008 8 A..H. --- "C:\Documents and Settings\The Roses\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 18 Jan 2008 8 A..H. --- "C:\Documents and Settings\The Roses\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 18 Jan 2008 8 A..H. --- "C:\Documents and Settings\The Roses\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!
 
What is your friends problem? It would be helpfull if you tell us what it is. Second I personaly think Hi Jack This logs are a waste of time, some people find them useful though I don't think they show anything that can't be seen otherwise. A describtion of your problem would be better then any log. What AAV software does he have etc.
 
lawson_jl said:
What is your friends problem? It would be helpfull if you tell us what it is. Second I personaly think Hi Jack This logs are a waste of time, some people find them useful though I don't think they show anything that can't be seen otherwise. A describtion of your problem would be better then any log. What AAV software does he have etc.
Click to expand...

Obviously if you don't know how to analyze HiJackThis log you will think they are a waste of time. However, they are the most basic tool and provide a lot of critical information the user probably doesn't know.

A description of the problem is indeed needed. Have your friend try running Malwarebytes' Anti-Malware, the instructions are listed below.


How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here , Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
 
Shes having a load of popups and general spyware/ adware symptoms.

I had asked her for a malware log as well. This is what I got.


Malwarebytes' Anti-Malware 1.33
Database version: 1742
Windows 5.1.2600 Service Pack 3

2/10/2009 9:07:40 AM
mbam-log-2009-02-10 (09-07-40).txt

Scan type: Quick Scan
Objects scanned: 57633
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
In addition, I asked her to do a panda online scan. The results are:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-10 15:20:10
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 14
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
PC-cillin Internet Security - Virus Protectio14.60.1206 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No hkey_classes_root\iehlprobj.iehlprobj
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\The Roses\Cookies\the roses@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\The Roses\Cookies\the roses@atdmt[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\The Roses\Cookies\the [email protected][2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\The Roses\Cookies\the roses@adrevolver[1].txt
00241834 Application/MyWebSearch HackTools Yes 0 Yes No C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
02513660 Adware/VideoAddon Adware No 0 No No C:\Program Files\setup(2).exe[²ÜÇ\barf.dll]
02893775 Spyware/Iehelp Spyware No 1 No No C:\Program Files\ashtons-family-resort-setup.exe[iWinArcadeLauncher.exe]
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\firefox\iWinArcadeLauncher.exe
02896453 Adware/VideoAddon Adware No 0 Yes No C:\Program Files\setup(2).exe
02945262 Application/MyWebSearch HackTools No 0 No No C:\Documents and Settings\The Roses\Desktop\Limewire Downloaded\Maralee\Snowy-Lunch-Rush-setup.exe[mysearch.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\mp3_codec_KB9182625_ENU.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\Chocolate Shop Frenzy\gqdvkst.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\Ashtons - Family Resort\smwmtwl.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\!KillBox\dlcxjswr32.dll
03482180 Bck/Monarro.B Virus/Trojan No 1 Yes No C:\Program Files\Kindergarten\vxqdnvx.exe
03634894 Adware/Spylocked Adware No 0 Yes No C:\Program Files\SpongeBob SquarePants Diner Dash 2\sdszpkb.exe
03877889 W32/Gaobot.OXI.worm Virus/Worm No 0 Yes No C:\Program Files\Beach Party Craze\jrwbcvh.exe
03909671 Trj/SCKeylog.Z Virus/Trojan No 1 Yes No C:\Program Files\iWin.com\Golden Hearts Juice Bar\GLWorker.exe
04059122 W32/Brontok.EA.worm Virus No 0 Yes No C:\Documents and Settings\The Roses\Desktop\Limewire Downloaded\Maralee\Roller Rush Full Game\Roller Rush\Roller Rush by Zodiac.exe
04059122 W32/Brontok.EA.worm Virus No 0 Yes No C:\Documents and Settings\The Roses\Desktop\Limewire Downloaded\Maralee\Roller Rush Full Game.zip[Roller Rush/Roller Rush by Zodiac.exe]
04444583 W32/Gaobot.OXI.worm Virus/Worm No 0 Yes No C:\Program Files\Turbo Subs\vzwrncd.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location »B
;===================================================================================================================================================================================
No C:\Program Files\ashtons-family-resort-setup.exe[WebUpdater.exe] »B
No C:\Program Files\ashtons-family-resort-setup.exe[AdminWorker.exe] »B
No C:\Program Files\Beach Party Craze\Beach Party Craze.exe »B
No C:\Program Files\iWin Games\AdminWorker.exe »B
No C:\Program Files\iWin Games\WebUpdater.exe »B
No C:\Program Files\iWin.com\Cooking Academy\GameLauncher.exe »B
No C:\Program Files\iWin.com\Dr Daisy Pet Vet\GameLauncher.exe »B
No C:\Program Files\iWin.com\Fitness Frenzy\GameLauncher.exe »B
No C:\Program Files\iWin.com\Janes Hotel Family Hero\GameLauncher.exe »B
No C:\Program Files\iWin.com\Snowy Lunch Rush\GameLauncher.exe »B
No C:\Program Files\iWin.com\Wedding Dash 2 Rings Around The World\GameLauncher.exe »B
No C:\Program Files\Oberon Media\PICTUREKA! MUSEUM MAYHEM\PICTUREKA! MUSEUM MAYHEM.exe »B
No C:\Program Files\The Great Chocolate Chase\mqnbxdl.exe »B
No C:\Program Files\DQ Tycoon\fwrdqjh.exe »B
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description »B
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
Upated Malware log:
Malwarebytes' Anti-Malware 1.34
Database version: 1762
Windows 5.1.2600 Service Pack 3

2/14/2009 6:37:32 PM
mbam-log-2009-02-14 (18-37-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 212855
Time elapsed: 47 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
 
I know how to analyze a HiJackThis log and I used to use them but I actually know how to identify and fix computer problems and have system of tools I use that fix most problems pretty effecently the first time around. So HIJackThis and other logs are only usefully if problems remain, doing them as a first step is a waste of time for a professional. What I recommend for your friend is to run SMitFruadFix followed by Malwarebytes or SuperAntiSpyware. If you continue to have issues run ComboFix and besure you have back ups. Also she need needs to get a good paid Antivirus like NOD32or Norton AV 2009. This will fix your issue. No isn't that a lot better then running a bunch of pointless logs right away and wasting time. You learn to be effecent when you fix PCs for a living not just your own and the occasional friend.
 
You must log in or register to reply here.
Back
Top