Popups continue as I try to post right now!
Warning me that I must protect my computer from threats! I think they are the threat!
Anyway, I followed the instructions given in the Spybot Forum where member of Team Spybot Tashi kindly provied me with the "Read this Procedure Before Requesting Assistance" document. I followed it and I am pasting the logs below in this order:
1: Hijack This
2: the Kaspersky log
3: the f-secure log
Here goes: Please help!!
Thanks again and again ahead of time!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:48 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pslweb.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140814362000
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9213 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 18, 2007 7:01:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/08/2007
Kaspersky Anti-Virus database records: 384992
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 66725
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 2
Duration of the scan process: 01:36:17
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0310\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/imsmain.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\call256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\chat512.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\index2.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\user1024.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\user16384.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\user256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Application Data\Skype\psljen\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Jennifer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jennifer\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jennifer\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jennifer\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\Temp\Perflib_Perfdata_4d8.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\Temp\~DF7E9E.tmp Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jennifer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Hp\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP369\A0042921.exe Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.a skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP393\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6DEF2C1B-85AF-4128-942F-D97BA1564C62}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F9330B01-25EE-4E5F-AEDB-7698282D4B20}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_8e4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Scanning Report Saturday, August 18, 2007 19:27:04 - 02:06:56 Computer name: CORA Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ Result: 11 malware found DLoader.CYRU (virus) C:\SWSETUP\MEDCTRFP\EXTRAS\ESPN\MOTIONSETUPMCE.EXE (Submitted) Possible Browser Hijack attempt (spyware) System (Disinfected) Stealth_application (hidden item) C:\WINDOWS\SYSTEM32\JMXDXCDICH.EXE (Submitted) Tracking Cookie (spyware) System (Disinfected) System System System System System System System Statistics Scanned: Files: 41222 System: 4661 Not scanned: 6 Actions: Disinfected: 2 Page 1 of 2 F-Secure Online Scanner 3.1.5 - Scanning Report - Sunday, August 19, 2007 02:06:57 8/19/2007 file://C:\Documents and Settings\Jennifer\Local Settings\Temp\OnlineScanner\ols_report.h ...
Here are the requested logs.....hope this works! and Thanks!
Steam,
Sorry took so long. Had a medical emergency in the meantime. Thanks so much for your time and expertise!
Here are the logs in this order:
1: rapport.txt (this is an older file from when I ran it the first time)
2: superantispyware
3: combofix
SmitFraudFix v2.206
Scan done at 15:49:44.75, Thu 08/02/2007
Run from C:\Documents and Settings\Jennifer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4AFFFAEA-FBAE-402A-BE31-8A292C6180AC}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4AFFFAEA-FBAE-402A-BE31-8A292C6180AC}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4AFFFAEA-FBAE-402A-BE31-8A292C6180AC}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/24/2007 at 11:49 PM
Application Version : 3.9.1008
Core Rules Database Version : 3292
Trace Rules Database Version: 1303
Scan type : Complete Scan
Total Scan Time : 01:19:50
Memory items scanned : 535
Memory threats detected : 0
Registry items scanned : 6604
Registry threats detected : 0
File items scanned : 67045
File threats detected : 9
Adware.Tracking Cookie
C:\Documents and Settings\Jennifer\Cookies\jennifer@login.tracking101[2].txt
C:\Documents and Settings\Jennifer\Cookies\jennifer@eas.apm.emediate[1].txt
C:\Documents and Settings\Marcial\Cookies\marcial@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Marcial\Cookies\marcial@ath.belnk[2].txt
C:\Documents and Settings\Marcial\Cookies\marcial@atwola[1].txt
C:\Documents and Settings\Marcial\Cookies\marcial@banner[1].txt
C:\Documents and Settings\Marcial\Cookies\marcial@dist.belnk[1].txt
Malware.VirusProtectPro
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP369\A0042908.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP369\A0042921.EXE
ComboFix 07-08-25.2 - "Jennifer" 2007-08-25 6:41:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.454 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\jmxdxcdich.dat
C:\WINDOWS\system32\jmxdxcdich.exe
C:\WINDOWS\system32\jmxdxcdich_nav.dat
C:\WINDOWS\system32\jmxdxcdich_navps.dat
((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))
2007-08-24 22:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-24 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-24 22:21 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\SUPERAntiSpyware.com
2007-08-18 16:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 09:17 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-11 18:16 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-10 16:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-08-10 14:38 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Lavasoft
2007-08-06 15:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-05 12:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-05 11:58 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-08-03 19:57 3,463,348 --a------ C:\WINDOWS\system32\SBSP.dat
2007-08-03 17:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-03 16:38 765 --a------ C:\WINDOWS\system32\SBFC.dat
2007-08-03 14:41 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Sunbelt Software
2007-08-03 14:00 <DIR> d-------- C:\FixTools
2007-08-03 13:39 <DIR> d-------- C:\WINDOWS\pss
2007-08-03 12:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-03 12:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-30 12:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-25 06:40 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Skype
2007-08-25 06:40 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Skype
2007-08-11 17:58 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 17:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-06 15:48 401720 --a------ C:\Program Files\Scanner.exe
2007-08-06 15:25 --------- d-------- C:\Program Files\DIGStream
2007-08-03 19:20 --------- d-------- C:\Program Files\QuickTime
2007-08-03 19:17 --------- d-------- C:\Program Files\Messenger
2007-08-03 19:16 --------- d-------- C:\Program Files\iTunes
2007-08-03 19:13 --------- d-------- C:\Program Files\Google
2007-08-03 19:12 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-03 15:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-02 15:49 3592 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 09:28 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-27 06:51 --------- d-------- C:\Program Files\FairUse Wizard 2
2007-07-25 10:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-22 18:20 --------- d-------- C:\Program Files\WebMediaPlayer
2007-07-22 13:31 --------- d-------- C:\Program Files\BroadJump
2007-07-22 12:57 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-22 07:55 --------- d-------- C:\Program Files\CONEXANT
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-05 13:57 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Walgreens
2007-07-05 13:57 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Walgreens
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:27 363520 --a------ C:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-10-04 15:36 12841240 --a------ C:\Program Files\SkypeSetup.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 13:50]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-28 22:52]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-17 11:29]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 14:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b6e7aba-4783-11dc-891b-0014a5723710}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 06:44:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?4?5??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-25 6:44:43
C:\ComboFix-quarantined-files.txt ... 2007-08-25 06:44
--- E O F ---
Re:Popups continue as I try to post right now!
Hi there! I am actually away from my infected computer until the 9th of September - I'm travelling. Still, I wanted to make sure my topic doesn't get archived because it is still unresolved and waiting for me, unplugged, back home. Here is a link....
http://forums.spybot.info/showthread.php?t=17033.
Actually, I apparently don't know how to make a link; but, this is the address of my post.
Steam was helping me. Thankx!!! I miss my computer!
Sorry about the delay...surgery couldn't wait...
Thanks for your patience. Here are requested logs. Also included the quarantined log for the combofix. It generated 2 files. Due to length of logs, Hijack this will come on a separate post.
REALLY appreciate your help.
1. Sophos
Sophos Anti-Rootkit Version 1.3.1 (data 1.07) (c) 2006 Sophos Plc
Started logging on 9/9/2007 at 14:51:04 PM
Stopped logging on 9/9/2007 at 14:55:02 PM
2. Combofix (2 files)
ComboFix 07-09-10.2 - "Jennifer" 2007-09-10 15:13:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.491 [GMT -7:00]
.
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-09 14:49 <DIR> d-------- C:\Program Files\Sophos
2007-08-24 22:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-24 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-24 22:21 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\SUPERAntiSpyware.com
2007-08-18 16:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 09:17 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-11 18:16 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-10 16:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-08-10 14:38 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 15:07 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Skype
2007-08-24 22:20 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-11 17:58 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 17:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-10 14:37 --------- d-------- C:\Program Files\Lavasoft
2007-08-06 15:48 401720 --a------ C:\Program Files\Scanner.exe
2007-08-06 15:42 --------- d-------- C:\Program Files\Trend Micro
2007-08-06 15:25 --------- d-------- C:\Program Files\DIGStream
2007-08-05 12:26 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-03 20:11 11254 --a------ C:\WINDOWS\system32\locate.com
2007-08-03 19:20 --------- d-------- C:\Program Files\QuickTime
2007-08-03 19:16 --------- d-------- C:\Program Files\iTunes
2007-08-03 19:13 --------- d-------- C:\Program Files\Google
2007-08-03 19:12 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-03 15:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-03 14:41 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Sunbelt Software
2007-08-02 15:49 3592 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-30 09:28 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-27 06:51 --------- d-------- C:\Program Files\FairUse Wizard 2
2007-07-25 10:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-22 13:31 --------- d-------- C:\Program Files\BroadJump
2007-07-22 12:57 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-22 07:55 --------- d-------- C:\Program Files\CONEXANT
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:27 363520 --a------ C:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-10-04 15:36 12841240 --a------ C:\Program Files\SkypeSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 13:50]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-28 22:52]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-17 11:29]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 14:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-07 10:45:07]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\3.tmp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b6e7aba-4783-11dc-891b-0014a5723710}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 15:15:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?4?5??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 15:15:37
C:\ComboFix-quarantined-files.txt ... 2007-09-10 15:15
C:\ComboFix2.txt ... 2007-08-25 06:44
.
--- E O F ---
Code:
2007-05-30 02:34 103207 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\resources\webmedias.vir
2007-05-30 02:34 10716 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\resources\languages.xml.vir
2007-05-30 02:34 333043 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\sqlite3.dll.vir
2007-05-30 02:34 544502 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\skins\classic.skn.vir
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-07-22 18:19 1112339 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pack.epk.vir
2007-07-22 18:19 329728 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich.exe.vir
2007-07-22 18:19 57 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\Website.url.vir
2007-07-22 18:19 60133 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\uninst.exe.vir
2007-07-22 18:19 66 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\Terms and conditions.url.vir
2007-07-22 18:19 68 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\Privacy Policy.url.vir
2007-07-22 18:19 754 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Jennifer\Desktop\WebMediaPlayer.lnk.vir
2007-08-05 12:22 265497 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich_nav.dat.vir
2007-08-25 06:42 4562 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich.dat.vir
2007-08-25 06:43 939 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich_navps.dat.vir
Folder PATH listing
Volume serial number is 7C2B-4929
C:\QOOBOX\QUARANTINE
+---C
| +---ComboFix
| | FProps.vbs.vir
| |
| +---DOCUME~1
| | \---Jennifer
| | \---Desktop
| | WebMediaPlayer.lnk.vir
| |
| +---Program Files
| | \---WebMediaPlayer
| | | Privacy Policy.url.vir
| | | sqlite3.dll.vir
| | | Terms and conditions.url.vir
| | | uninst.exe.vir
| | | Website.url.vir
| | |
| | +---resources
| | | languages.xml.vir
| | | webmedias.vir
| | |
| | \---skins
| | classic.skn.vir
| |
| \---WINDOWS
| | pack.epk.vir
| |
| \---system32
| jmxdxcdich.dat.vir
| jmxdxcdich.exe.vir
| jmxdxcdich_nav.dat.vir
| jmxdxcdich_navps.dat.vir
|
\---Registry_backups
And last, but not least, Hijack This...
3. Hijack This log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:27 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pslweb.org/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140814362000
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9340 bytes
THANK YOU!! With all of the problems my fiance and I have had, it really helps to have this help.
Thanks for Responding so fast!
And for your kind words. Everything is going well but not over.
AT this time, I am SO happy to report, that I am not having any popups. Last night, I even typed two phrases into the Google search box on my web browser that always brought on a rash of popups before ("Verizonwireless" and "ring tones"). Still, no popups.
It seems as though the problem has been resolved.
THANK YOU!!!!!
The only questions I have are about how to prevent future attacks. In that regard, I have just a few:
1: Should I enable Tea Timer?
2: Should I remove/uninstall other programs such as Ad-Aware SE, Ad-Aware 2007, and SmithfraudFix?
Any other advise in that regard?
And again, Steam, Thanks SO MUCH!
Also, as to the registry Key you mentioned....
any advise on that? You say it might be from a flashdrive infection? So, something from my flashdrive? Can you tell what sort of file it may be?