Just wanting to make sure computer's clean

**Starvie** · 2009-03-14, 03:31

I've recently been working on my grandmother's computer. I've ran MalwareBytes and Spybot Search and Destroy in the past two days and gotten rid of the issues that they said were there. The computer had Virtumonde though, along with some others, and I'm just wanting to make sure the computer's actually clean before I present it back to them. Also, the computer still seems to be running at a slowish speed, which is another reason I'm asking for this. This is an older computer, and I don't know how fast it ran when they first got it, but I'd rather play it safe than sorry.

Here's the HJT log, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:18 PM, on 3/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Java\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Siber Systems\Ai RoboForm\RoboTaskBarIcon.exe
D:\Steve's help speed this computer folder\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\Steve's help speed this computer folder\Firefox\firefox.exe
D:\Steve's help speed this computer folder\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://middlegeorgia.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\Ai RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Steve's help speed this computer folder\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplay...mmp/wtinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=27986
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: system Tools - Unknown owner - C:\Program Files\Remote\Remote.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
O24 - Desktop Component 0: (no name) - http://www3.shopsmartbargains.com/im...8382609_LG.jpg

--
End of file - 5772 bytes

**Shaba** · 2009-03-14, 11:35

Hi Starvie

No, it isn't clean.

Looking over your log, it seems you don''t have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please post back a fresh hijackthis log.

**Starvie** · 2009-03-14, 17:34

Sadly I figured it wasn't fixed, haha, hence my wanting to check with the experts!

I downloaded and installed AVG, and here's the new HJT log like you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:10 PM, on 3/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
D:\STEVE'~1\AVG\avgwdsvc.exe
D:\Java\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
D:\STEVE'~1\AVG\avgtray.exe
D:\Program Files\Siber Systems\Ai RoboForm\RoboTaskBarIcon.exe
D:\Steve's help speed this computer folder\Spybot - Search & Destroy\TeaTimer.exe
D:\STEVE'~1\AVG\avgrsx.exe
C:\WINDOWS\system32\tpszxyd.sys
D:\Steve's help speed this computer folder\Firefox\firefox.exe
D:\Steve's help speed this computer folder\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dctool32.sys

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://middlegeorgia.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] D:\STEVE'~1\AVG\avgtray.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\Ai RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Steve's help speed this computer folder\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplay...mmp/wtinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=27986
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\STEVE'~1\AVG\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: system Tools - Unknown owner - C:\Program Files\Remote\Remote.exe (file missing)
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
O24 - Desktop Component 0: (no name) - http://www3.shopsmartbargains.com/im...8382609_LG.jpg

--
End of file - 6347 bytes

**Shaba** · 2009-03-14, 19:30

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

We need first to disable TeaTimer that it doesn''t interfere with fixes. You can re-enable it when you''re clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

**Starvie** · 2009-03-16, 21:52

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:37 PM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Steve's help speed this computer folder\AVG\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Java\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\Steve's help speed this computer folder\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://middlegeorgia.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\jp2iexp.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: system Tools - Unknown owner - C:\Program Files\Remote\Remote.exe (file missing)
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
O24 - Desktop Component 0: (no name) - http://www3.shopsmartbargains.com/im...8382609_LG.jpg

--
End of file - 5373 bytes

_____

Combo Fix Log

ComboFix 09-03-15.01 - dijones 2009-03-16 15:57:16.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576.330 [GMT -4:00]
Running from: c:\documents and settings\dijones\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Install.txt
c:\windows\Readme.txt
c:\windows\start.exe
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\forx307501.exe
c:\windows\system32\forx647161.exe
c:\windows\system32\forx688324.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpszxyd.sys
c:\windows\Web\default.htt
c:\windows\winhelp.ini
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_DEFAULTLIB
-------\Legacy_MABIDWE
-------\Legacy_NETMANTOW
-------\Legacy_SOFTYINFORWOW1
-------\Legacy_SOPIDKC
-------\Service_afisicx
-------\Service_softyinforwow1
-------\Service_sopidkc

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-16 14:57 . 2009-03-16 14:57 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-03-16 14:46 . 2009-03-16 14:49 3,739 --a------ c:\windows\imsins.BAK
2009-03-15 02:40 . 2009-03-15 02:40 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AdobeUM
2009-03-14 20:15 . 2009-03-14 20:15 <DIR> d-------- c:\windows\SYSTEM32\CatRoot_bak
2009-03-13 23:00 . 2009-03-13 23:00 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-13 22:51 . 2009-03-13 22:51 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-03-13 22:50 . 2009-03-13 22:50 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-03-13 22:50 . 2009-03-13 22:50 <DIR> d-------- c:\program files\AVG
2009-03-13 22:50 . 2009-03-13 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-13 22:50 . 2009-03-13 22:50 325,640 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-03-13 11:31 . 2008-06-13 09:10 272,128 --------- c:\windows\SYSTEM32\DRIVERS\bthport.sys
2009-03-13 11:31 . 2008-06-13 09:10 272,128 --------- c:\windows\SYSTEM32\dllcache\bthport.sys
2009-03-13 11:27 . 2008-05-01 10:30 331,776 --------- c:\windows\SYSTEM32\dllcache\msadce.dll
2009-03-13 05:31 . 2009-03-13 05:31 <DIR> d-------- c:\documents and settings\dijones\Application Data\Malwarebytes
2009-03-13 05:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-13 05:30 . 2009-03-13 05:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 05:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-13 01:15 . 2009-03-13 01:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 00:50 . 2009-03-13 00:49 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-03-13 00:50 . 2009-03-13 00:49 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-09 00:12 . 2009-03-09 00:12 <DIR> d---s---- c:\documents and settings\LocalService.NT AUTHORITY\UserData
2009-03-08 15:16 . 2009-03-08 15:16 <DIR> d-------- c:\program files\Remote

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 16:29 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2009-02-09 10:19 1,846,272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 10:19 1,846,272 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2007-07-01 17:51 121,392 ----a-w c:\documents and settings\dijones\Application Data\GDIPFONTCACHEV1.DAT
2005-04-27 18:47 266 --sh--w c:\program files\desktop.ini
2005-04-27 18:47 11,079 ---h--w c:\program files\folder.htt
1997-04-21 01:51 33,539 ----a-w c:\program files\readme.txt
1997-01-16 16:45 186 ----a-w c:\program files\File_id.diz
1997-01-16 16:45 10,460 ----a-w c:\program files\VENDINFO.DIZ
1996-12-31 01:11 26,624 ----a-w c:\program files\Gold.doc
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-07-03 09:16 8454656 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" [2004-10-03 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 22:51 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yvu9"= ATIYVU9.DLL
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.VDOM"= vdowave.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintKey-Pro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
backup=c:\windows\pss\PrintKey-Pro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-03-13 22:50 1932568 d:\steve'~1\AVG\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EReminderdiamond]
--a------ 1998-08-17 13:03 167424 c:\program files\Encompass\Diamond\EReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2006-01-13 20:36 196608 c:\windows\SYSTEM32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2004-06-03 01:50 204800 c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-10-03 00:18 98304 c:\windows\SYSTEM32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-11-01 13:56 160592 d:\program files\Siber Systems\Ai RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 d:\steve's help speed this computer folder\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-13 00:49 148888 d:\java\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpySweeper"=
"Attune Download"=c:\progra~1\AVEO\ATTUNE\UPDATER1\ATTUNEL.EXE
"E6TaskPanel"=d:\program files\EARTHLINK TOTALACCESS\TASKPANL.EXE -winstart
"HXIUL.EXE"=c:\program files\Micro Warehouse\HelpExpress\dijones\HXIUL.EXE -uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp3\winampa.exe"
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"POINTER"=point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Disknag"=c:\dell\DISKNAG.EXE
"AtiCwd32"=Aticwd32.exe
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"Ati2cwxx"=Ati2cwxx.exe
"AccessRampMonitor"="c:\program files\EarthLink\FastLane\ARMon32.exe"
"HPDJ Taskbar Utility"=c:\windows\SYSTEM32\hpztsb04.exe
"mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
"AtiPTA"=Atiptaxx.exe
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"POINTER"=point32.exe
"ICSDCLT"=c:\windows\SYSTEM32\RUNDLL32.EXE c:\windows\SYSTEM32\ICSDCLT.DLL,ICSClient
"ScreenPrint32"=c:\program files\SCREENPRINT32 V3\SCREENPRINT32.exe -startup
"COMSMDEXE"=comsmd.exe -off

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Steve's help speed this computer folder\\AVG\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-03-13 325640]
R2 tdctxte;tdctxte Service;c:\windows\SYSTEM32\tdctxte.exe [2004-08-04 171520]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\SYSTEM32\DRIVERS\cwbwdm.sys [2006-07-12 72832]
S2 system Tools;system Tools;c:\program files\Remote\Remote.exe --> c:\program files\Remote\Remote.exe [?]
S3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\SYSTEM32\DRIVERS\cwbmidi.sys [2006-07-12 3072]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [2006-07-12 9344]
S4 avg8wd;AVG Free8 WatchDog;d:\steve'~1\AVG\avgwdsvc.exe [2009-03-13 298264]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"c:\program files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\program files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://middlegeorgia.cox.net/cci/home
mLocal Page = c:\windows\SYSTEM\blank.htm
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: Customize Menu - file://d:\program files\Siber Systems\Ai RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Toolbar - file://d:\program files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
FF - ProfilePath - c:\documents and settings\dijones\Application Data\Mozilla\Firefox\Profiles\j1ovf96g.default\
FF - plugin: d:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 16:06:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\steve's help speed this computer folder\AVG\avgrsx.exe
d:\java\bin\jqs.exe
c:\windows\SYSTEM32\HPZIPM12.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\VERCLSID.EXE
.
**************************************************************************
.
Completion time: 2009-03-16 16:33:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-16 20:33:16

Pre-Run: 101,294,080 bytes free
Post-Run: 34,693,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

236 --- E O F --- 2009-03-14 07:26:06

**Shaba** · 2009-03-17, 06:12

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
C:\WINDOWS\system32\tdctxte.exe

Driver::
system Tools
tdctxte

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

**Starvie** · 2009-03-17, 21:59

ComboFix Log

ComboFix 09-03-15.01 - dijones 2009-03-17 16:35:00.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576.296 [GMT -4:00]
Running from: c:\documents and settings\dijones\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dijones\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\tdctxte.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\sopidkc.exe
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_SOPIDKC
-------\Legacy_SYSTEM_TOOLS
-------\Legacy_TDCTXTE
-------\Service_afisicx
-------\Service_sopidkc
-------\Service_system Tools
-------\Service_tdctxte

((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-16 14:57 . 2009-03-16 14:57 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-03-15 02:40 . 2009-03-15 02:40 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AdobeUM
2009-03-14 20:15 . 2009-03-14 20:15 <DIR> d-------- c:\windows\SYSTEM32\CatRoot_bak
2009-03-13 23:00 . 2009-03-13 23:00 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-13 22:50 . 2009-03-13 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-13 11:31 . 2008-06-13 09:10 272,128 --------- c:\windows\SYSTEM32\DRIVERS\bthport.sys
2009-03-13 11:31 . 2008-06-13 09:10 272,128 --------- c:\windows\SYSTEM32\dllcache\bthport.sys
2009-03-13 11:27 . 2008-05-01 10:30 331,776 --------- c:\windows\SYSTEM32\dllcache\msadce.dll
2009-03-13 05:31 . 2009-03-13 05:31 <DIR> d-------- c:\documents and settings\dijones\Application Data\Malwarebytes
2009-03-13 05:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-13 05:30 . 2009-03-13 05:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 05:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-13 01:15 . 2009-03-13 01:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 00:50 . 2009-03-13 00:49 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-03-13 00:50 . 2009-03-13 00:49 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-09 00:12 . 2009-03-09 00:12 <DIR> d---s---- c:\documents and settings\LocalService.NT AUTHORITY\UserData
2009-03-08 15:16 . 2009-03-08 15:16 <DIR> d-------- c:\program files\Remote

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 16:29 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2009-02-09 10:19 1,846,272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 10:19 1,846,272 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2007-07-01 17:51 121,392 ----a-w c:\documents and settings\dijones\Application Data\GDIPFONTCACHEV1.DAT
2005-04-27 18:47 266 --sh--w c:\program files\desktop.ini
2005-04-27 18:47 11,079 ---h--w c:\program files\folder.htt
1997-04-21 01:51 33,539 ----a-w c:\program files\readme.txt
1997-01-16 16:45 186 ----a-w c:\program files\File_id.diz
1997-01-16 16:45 10,460 ----a-w c:\program files\VENDINFO.DIZ
1996-12-31 01:11 26,624 ----a-w c:\program files\Gold.doc
.

((((((((((((((((((((((((((((( SnapShot@2009-03-16_16.08.00.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-16 19:50:48 16,384 ----a-w c:\windows\Application Data\Earthlink\6.0\dijones@infionline.net\Cookies\index.dat
+ 2009-03-17 20:21:32 16,384 ----a-w c:\windows\Application Data\Earthlink\6.0\dijones@infionline.net\Cookies\index.dat
- 2009-03-16 03:34:12 16,384 ----a-w c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2009-03-17 20:27:48 16,384 ----a-w c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2009-03-16 03:34:12 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-17 20:27:48 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-16 03:34:12 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-17 20:27:48 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-04 16:00:00 36,864 ----a-w c:\windows\SYSTEM32\dxonool32.sys
+ 2009-03-17 20:42:28 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-07-03 09:16 8454656 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" [2004-10-03 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yvu9"= ATIYVU9.DLL
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.VDOM"= vdowave.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintKey-Pro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
backup=c:\windows\pss\PrintKey-Pro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EReminderdiamond]
--a------ 1998-08-17 13:03 167424 c:\program files\Encompass\Diamond\EReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2006-01-13 20:36 196608 c:\windows\SYSTEM32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2004-06-03 01:50 204800 c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-10-03 00:18 98304 c:\windows\SYSTEM32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-11-01 13:56 160592 d:\program files\Siber Systems\Ai RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 d:\steve's help speed this computer folder\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-13 00:49 148888 d:\java\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpySweeper"=
"Attune Download"=c:\progra~1\AVEO\ATTUNE\UPDATER1\ATTUNEL.EXE
"E6TaskPanel"=d:\program files\EARTHLINK TOTALACCESS\TASKPANL.EXE -winstart
"HXIUL.EXE"=c:\program files\Micro Warehouse\HelpExpress\dijones\HXIUL.EXE -uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp3\winampa.exe"
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"POINTER"=point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Disknag"=c:\dell\DISKNAG.EXE
"AtiCwd32"=Aticwd32.exe
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"Ati2cwxx"=Ati2cwxx.exe
"AccessRampMonitor"="c:\program files\EarthLink\FastLane\ARMon32.exe"
"HPDJ Taskbar Utility"=c:\windows\SYSTEM32\hpztsb04.exe
"mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
"AtiPTA"=Atiptaxx.exe
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"POINTER"=point32.exe
"ICSDCLT"=c:\windows\SYSTEM32\RUNDLL32.EXE c:\windows\SYSTEM32\ICSDCLT.DLL,ICSClient
"ScreenPrint32"=c:\program files\SCREENPRINT32 V3\SCREENPRINT32.exe -startup
"COMSMDEXE"=comsmd.exe -off

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\SYSTEM32\DRIVERS\cwbwdm.sys [2006-07-12 72832]
S3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\SYSTEM32\DRIVERS\cwbmidi.sys [2006-07-12 3072]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [2006-07-12 9344]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"c:\program files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\program files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - d:\steve'~1\AVG\avgtray.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://middlegeorgia.cox.net/cci/home
mLocal Page = c:\windows\SYSTEM\blank.htm
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: Customize Menu - file://d:\program files\Siber Systems\Ai RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Toolbar - file://d:\program files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
FF - ProfilePath - c:\documents and settings\dijones\Application Data\Mozilla\Firefox\Profiles\j1ovf96g.default\
FF - plugin: d:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 16:42:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(336)
c:\windows\system32\COMRes.dll
.
------------------------ Other Running Processes ------------------------
.
d:\java\bin\jqs.exe
c:\windows\SYSTEM32\HPZIPM12.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-03-17 16:49:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-17 20:49:12
ComboFix2.txt 2009-03-16 20:33:26

Pre-Run: 302,526,464 bytes free
Post-Run: 259,985,408 bytes free

227 --- E O F --- 2009-03-14 07:26:06

____________________________

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:57 PM, on 3/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Java\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Steve's help speed this computer folder\Firefox\firefox.exe
D:\Steve's help speed this computer folder\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://middlegeorgia.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\Ai RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\jp2iexp.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\Ai RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\STEVE'~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www3.shopsmartbargains.com/im...8382609_LG.jpg

--
End of file - 5116 bytes

**Starvie** · 2009-03-17, 22:17

Sorry to doublepost, but I disabled AVG while we're using ComboFix since it's known to cause issues when ran with an antivirus. Just a heads up incase you noticed it was no longer running.

**Shaba** · 2009-03-18, 06:08

Yes you can enable it now

After that:

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

**Starvie** · 2009-03-19, 22:10

I let Kapersky run for hours, the scan finished and found 4 things. However, when I went to "View Scan Report", the area was blank and then it refused to save the file. I tried saving it in multiple locations, nothing happens. Any other option? The past couple of days I have tried to run this scan and everytime someone has gotten on this computer and somehow managed to get out of it. I was excited today to see that it was completed without someone exiting out of the browser, but then I see that it claims I have no infections (list is blank) and it refuses to save the .txt file.

Is there anytime else I can do or must I try to run this exact scan yet again?

Thread: Just wanting to make sure computer's clean

Thread Tools

Display

Just wanting to make sure computer's clean

Posting Permissions