adware & trojans

F

flick

New member
:oops: - my bad i posted in someone elses thread. sorry!!!!!
I am having huge problems with ...... TR/dldr.purityscan
additionally i my computer keeps crashing (i have disabled the reboot on serious error, it used to reboot)
below is my hijackThis log....i can automatically see problems. sorry if i haven't supplied enough information
thanx :red:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:07 p.m., on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\?racle\?pool32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\kmay\Desktop\hijackthis1\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Inpy] C:\WINDOWS\system32\?racle\?pool32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\hr4805hue.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi flick

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Send:

- a fresh HijackThis log
- combofix report
 
next log

Hi Shaba,

Thank you :) .....below my combofix log, and then new HijackThis log in next reply

kmay - 06-11-12 8:07:20.04 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{6FC92228-AE4E-49D4-88C9-D310A5B7FB59}]
@=""

[HKEY_CLASSES_ROOT\clsid\{6FC92228-AE4E-49D4-88C9-D310A5B7FB59}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{6FC92228-AE4E-49D4-88C9-D310A5B7FB59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{6FC92228-AE4E-49D4-88C9-D310A5B7FB59}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmtask.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{4D8167CA-0158-4629-A562-0006B8AA9F7C}]
@=""

[HKEY_CLASSES_ROOT\clsid\{4D8167CA-0158-4629-A562-0006B8AA9F7C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{4D8167CA-0158-4629-A562-0006B8AA9F7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{4D8167CA-0158-4629-A562-0006B8AA9F7C}\InprocServer32]
@="C:\\WINDOWS\\system32\\mivcrt.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{33235E92-9056-4F7C-A089-4AEE958A1E47}]
@=""

[HKEY_CLASSES_ROOT\clsid\{33235E92-9056-4F7C-A089-4AEE958A1E47}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{33235E92-9056-4F7C-A089-4AEE958A1E47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{33235E92-9056-4F7C-A089-4AEE958A1E47}\InprocServer32]
@="C:\\WINDOWS\\system32\\unrcntra.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{B9764D5F-0868-4790-834C-A077C85CEC29}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B9764D5F-0868-4790-834C-A077C85CEC29}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{B9764D5F-0868-4790-834C-A077C85CEC29}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B9764D5F-0868-4790-834C-A077C85CEC29}\InprocServer32]
@="C:\\WINDOWS\\system32\\wepns.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\{2469B7A9-0258-1033-0423-040402110040}
C:\Program Files\Common Files\{2469B7A9-05DC-1033-0423-040402110040}
C:\Program Files\Common Files\{2469B7A9-05DD-1033-0423-040402110040}
C:\Program Files\Common Files\{3469B7A9-0258-1033-0423-040402110040}
C:\Program Files\Common Files\{3469B7A9-05DC-1033-0423-040402110040}
C:\Program Files\Common Files\{3469B7A9-05DD-1033-0423-040402110040}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\MBOLS~1\??mbols
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1\?pool32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))


2006-10-26 19:24 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-26 19:24 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-26 19:24 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-26 18:34 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-10-26 18:34 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-10-25 16:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 10:26 0 --a------ C:\WINDOWS\system32\hr4805hue.dll
2006-10-23 00:01 1,259 --a------ C:\WINDOWS\system32\dya32315.sys
2006-10-22 09:57 21,668 --a------ C:\cvmsfitp.exe
2006-10-22 09:28 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-22 09:25 2 --a------ C:\WINDOWS\system32\wcpsu.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-12 08:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-12 08:07 -------- d-------- C:\Program Files\Common Files
2006-11-11 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-11-11 19:23 -------- d-------- C:\Program Files\Messenger
2006-11-11 19:23 -------- d-------- C:\Program Files\GX25 Infrared-Handset Manager
2006-11-11 19:23 -------- d-------- C:\Program Files\Adobe
2006-11-11 19:21 -------- d-------- C:\Documents and Settings\kmay\Application Data\Adobe
2006-11-03 12:41 -------- d-------- C:\Documents and Settings\kmay\Application Data\ZoomBrowser EX
2006-11-02 17:43 -------- d-------- C:\Program Files\Yahoo!
2006-11-02 17:29 -------- dr-h----- C:\Documents and Settings\kmay\Application Data\yahoo!
2006-10-31 22:35 -------- d-------- C:\Documents and Settings\kmay\Application Data\Apple Computer
2006-10-29 17:16 -------- d-------- C:\Documents and Settings\kmay\Application Data\Flickr
2006-10-29 17:05 -------- d-------- C:\Program Files\Morpheus
2006-10-27 13:51 -------- d-------- C:\Program Files\Zone Labs
2006-10-26 21:29 -------- d-------- C:\Program Files\a-squared HiJackFree
2006-10-26 19:24 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-10-25 16:47 -------- d-------- C:\Program Files\Windows Defender
2006-10-24 01:02 -------- d-------- C:\Program Files\Webroot
2006-10-22 23:04 1085 --a------ C:\Documents and Settings\kmay\Application Data\AdobeDLM.log
2006-10-11 13:00 -------- d-------- C:\Documents and Settings\kmay\Application Data\AdobeUM
2006-10-11 12:52 0 --a------ C:\Documents and Settings\kmay\Application Data\dm.ini
2006-10-08 17:48 -------- d-------- C:\Program Files\Common Files\Canon
2006-10-07 20:43 -------- d-------- C:\Documents and Settings\kmay\Application Data\DataLayer
2006-09-29 12:19 -------- d-------- C:\Program Files\iPod
2006-09-29 12:18 -------- d-------- C:\Program Files\iTunes
2006-09-29 12:15 -------- d-------- C:\Program Files\Apple Software Update
2006-09-27 10:16 -------- d-------- C:\Documents and Settings\kmay\Application Data\Canon
2006-09-13 18:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-17 00:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Inpy"="C:\\WINDOWS\\system32\\?racle\\?pool32.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ASUS Live Update"="\"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe\""
"Power_Gear"="\"C:\\Progra~1\\ASUS\\Power4 Gear\\BatteryLife.exe\" 1"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\vile.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows NT\\sajywy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DATALA~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e35"
"hkey"="HKLM"
"command"="c:\\\\dfndrff_e35.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hcontrol"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_e35"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_e35.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_e34"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_e34.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TRAYAP~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="9129837"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\9129837.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-12 8:09:53.05
C:\ComboFix.txt ... 06-11-12 08:09
 
hijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 8:14:42 a.m., on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kmay\Desktop\hijackthis1\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Inpy] C:\WINDOWS\system32\?racle\?pool32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]

Doubleclick fix.reg, press Yes and ok.

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [Inpy] C:\WINDOWS\system32\?racle\?pool32.exe

Close all windows including browser and press fix checked.

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\hr4805hue.dll
C:\WINDOWS\system32\dya32315.sys
C:\cvmsfitp.exe
C:\WINDOWS\system32\wcpsu.exe
C:\Program Files\MSN Gaming Zone\vile.html
C:\Program Files\Windows NT\sajywy.html

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Please download AVG Anti-Rootkit to your desktop.

  • Double-click the installation file
  • Just click Next, let it go with default settings.
  • Once the installation is ready, reboot.
  • Run AVG Anti-Rootkit Beta.exe.
  • Click Search for rootkits.
  • If something is found, let AVG Anti-Rootkit delete it
  • When finished, click Save result to file.
  • Post back with the results. (Not sure where they are located, either in C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta\ folder or on your desktop.)

Re-run combofix

Send:

- a fresh HijackThis log
- AVG Anti-Rootkit log
- combofix report
 
more logs

Thanx, please see below;

avg rootkit -
C:\WINDOWS\system32\lzx32.sys

kmay - 06-11-12 23:56:04.35 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\kmay\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\MBOLS~1\??mbols
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1\?pool32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))


2006-10-26 19:24 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-26 19:24 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-26 19:24 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-26 18:34 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-10-26 18:34 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-10-25 16:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-22 09:28 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-12 23:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-12 23:31 -------- d-------- C:\Program Files\Grisoft
2006-11-12 21:30 -------- d-------- C:\Program Files\Opera
2006-11-12 21:29 -------- d---s---- C:\Documents and Settings\kmay\Application Data\Microsoft
2006-11-12 21:29 -------- d-------- C:\Documents and Settings\kmay\Application Data\Opera
2006-11-12 16:56 -------- d-------- C:\Program Files\WildTangent
2006-11-12 16:54 -------- d-------- C:\Program Files\Movie Maker
2006-11-12 16:54 -------- d-------- C:\Program Files\Morpheus
2006-11-12 08:07 -------- d-------- C:\Program Files\Common Files
2006-11-11 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-11-11 19:23 -------- d-------- C:\Program Files\Messenger
2006-11-11 19:23 -------- d-------- C:\Program Files\GX25 Infrared-Handset Manager
2006-11-11 19:23 -------- d-------- C:\Program Files\Adobe
2006-11-11 19:21 -------- d-------- C:\Documents and Settings\kmay\Application Data\Adobe
2006-11-03 12:41 -------- d-------- C:\Documents and Settings\kmay\Application Data\ZoomBrowser EX
2006-11-02 17:43 -------- d-------- C:\Program Files\Yahoo!
2006-11-02 17:29 -------- dr-h----- C:\Documents and Settings\kmay\Application Data\yahoo!
2006-10-31 22:35 -------- d-------- C:\Documents and Settings\kmay\Application Data\Apple Computer
2006-10-29 17:16 -------- d-------- C:\Documents and Settings\kmay\Application Data\Flickr
2006-10-27 13:51 -------- d-------- C:\Program Files\Zone Labs
2006-10-26 21:29 -------- d-------- C:\Program Files\a-squared HiJackFree
2006-10-26 19:24 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-10-25 16:47 -------- d-------- C:\Program Files\Windows Defender
2006-10-22 23:04 1085 --a------ C:\Documents and Settings\kmay\Application Data\AdobeDLM.log
2006-10-11 13:00 -------- d-------- C:\Documents and Settings\kmay\Application Data\AdobeUM
2006-10-11 12:52 0 --a------ C:\Documents and Settings\kmay\Application Data\dm.ini
2006-10-08 17:48 -------- d-------- C:\Program Files\Common Files\Canon
2006-10-07 20:43 -------- d-------- C:\Documents and Settings\kmay\Application Data\DataLayer
2006-09-29 12:19 -------- d-------- C:\Program Files\iPod
2006-09-29 12:18 -------- d-------- C:\Program Files\iTunes
2006-09-29 12:15 -------- d-------- C:\Program Files\Apple Software Update
2006-09-27 10:16 -------- d-------- C:\Documents and Settings\kmay\Application Data\Canon
2006-09-13 18:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-17 00:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ASUS Live Update"="\"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe\""
"Power_Gear"="\"C:\\Progra~1\\ASUS\\Power4 Gear\\BatteryLife.exe\" 1"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DATALA~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hcontrol"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TRAYAP~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-12 23:57:09.71
C:\ComboFix.txt ... 06-11-12 23:57
C:\ComboFix2.txt ... 06-11-12 08:09
 
hijackThis log

ps - my computer is running very slowly now - esp on start-up

Logfile of HijackThis v1.99.1
Scan saved at 11:59:34 p.m., on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Beta\antiRootkit.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\kmay\Desktop\hijackthis1\HijackThis.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi

Now re-scan with AVG anti-rootkit and delete this file C:\WINDOWS\system32\lzx32.sys via AVG anti-rootkit (select all found items and click Remove selected items). Also click Save result to file.

Re-run combofix

Send:

- a fresh HijackThis log
- AVG Anti-Rootkit log
- combofix report
 
ok - new logs.......

Logfile of HijackThis v1.99.1
Scan saved at 6:08:25 a.m., on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kmay\Desktop\hijackthis1\HijackThis.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



kmay - 06-11-13 6:05:54.53 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\kmay\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\MBOLS~1\??mbols
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1\?pool32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


2006-10-26 19:24 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-26 19:24 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-26 19:24 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-26 18:34 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-10-26 18:34 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-10-25 16:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-22 09:28 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-13 06:03 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-12 23:31 -------- d-------- C:\Program Files\Grisoft
2006-11-12 21:30 -------- d-------- C:\Program Files\Opera
2006-11-12 21:29 -------- d---s---- C:\Documents and Settings\kmay\Application Data\Microsoft
2006-11-12 21:29 -------- d-------- C:\Documents and Settings\kmay\Application Data\Opera
2006-11-12 16:56 -------- d-------- C:\Program Files\WildTangent
2006-11-12 16:54 -------- d-------- C:\Program Files\Movie Maker
2006-11-12 16:54 -------- d-------- C:\Program Files\Morpheus
2006-11-12 08:07 -------- d-------- C:\Program Files\Common Files
2006-11-11 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-11-11 19:23 -------- d-------- C:\Program Files\Messenger
2006-11-11 19:23 -------- d-------- C:\Program Files\GX25 Infrared-Handset Manager
2006-11-11 19:23 -------- d-------- C:\Program Files\Adobe
2006-11-11 19:21 -------- d-------- C:\Documents and Settings\kmay\Application Data\Adobe
2006-11-03 12:41 -------- d-------- C:\Documents and Settings\kmay\Application Data\ZoomBrowser EX
2006-11-02 17:43 -------- d-------- C:\Program Files\Yahoo!
2006-11-02 17:29 -------- dr-h----- C:\Documents and Settings\kmay\Application Data\yahoo!
2006-10-31 22:35 -------- d-------- C:\Documents and Settings\kmay\Application Data\Apple Computer
2006-10-29 17:16 -------- d-------- C:\Documents and Settings\kmay\Application Data\Flickr
2006-10-27 13:51 -------- d-------- C:\Program Files\Zone Labs
2006-10-26 21:29 -------- d-------- C:\Program Files\a-squared HiJackFree
2006-10-26 19:24 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-10-25 16:47 -------- d-------- C:\Program Files\Windows Defender
2006-10-22 23:04 1085 --a------ C:\Documents and Settings\kmay\Application Data\AdobeDLM.log
2006-10-11 13:00 -------- d-------- C:\Documents and Settings\kmay\Application Data\AdobeUM
2006-10-11 12:52 0 --a------ C:\Documents and Settings\kmay\Application Data\dm.ini
2006-10-08 17:48 -------- d-------- C:\Program Files\Common Files\Canon
2006-10-07 20:43 -------- d-------- C:\Documents and Settings\kmay\Application Data\DataLayer
2006-09-29 12:19 -------- d-------- C:\Program Files\iPod
2006-09-29 12:18 -------- d-------- C:\Program Files\iTunes
2006-09-29 12:15 -------- d-------- C:\Program Files\Apple Software Update
2006-09-27 10:16 -------- d-------- C:\Documents and Settings\kmay\Application Data\Canon
2006-09-13 18:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-17 00:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ASUS Live Update"="\"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe\""
"Power_Gear"="\"C:\\Progra~1\\ASUS\\Power4 Gear\\BatteryLife.exe\" 1"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DATALA~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hcontrol"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TRAYAP~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-13 6:06:52.37
C:\ComboFix.txt ... 06-11-13 06:06
C:\ComboFix2.txt ... 06-11-12 23:57
C:\ComboFix3.txt ... 06-11-12 08:09



avg
C:\WINDOWS\system32\lzx32.sys
 
Hi

Now looks much better; rootkit isn't present any more :)

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Send:

- a fresh HijackThis log
- kaspersky report
 
uh oh

thanx.....here are my logs
kaspersky looks a bit scary - picked up a few virus' etc :mad:
thanx flick

KASPERSKY ONLINE SCANNER REPORT
06-11-13 11:20
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/11/2006
Kaspersky Anti-Virus database records: 240842

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52709
Number of viruses found: 17
Number of infected objects: 83 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:13:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-10252006-164718.log Object is locked skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0031026.pif.bac_a01948 Infected: Backdoor.Win32.MSNMaker.w skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032007.exe.bac_a01948 Infected: Trojan-Downloader.Win32.VB.afl skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948 NSIS: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032008.exe.bac_a01948 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032009.exe.bac_a01948 Infected: Trojan-Dropper.Win32.PurityScan.ah skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0032010.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.hd skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948 NSIS: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033007.exe.bac_a01948 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033008.exe.bac_a01948 Infected: Trojan-Dropper.Win32.PurityScan.ah skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033009.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.hd skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033012.exe.bac_a01948 Infected: Trojan-Downloader.Win32.VB.afl skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948 NSIS: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033013.exe.bac_a01948 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033015.exe.bac_a01948 Infected: Trojan-Dropper.Win32.PurityScan.ah skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033016.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.hd skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033023.sys.bac_a01948 Infected: Trojan-PSW.Win32.Small.bs skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\A0033028.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.ctf skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\ac3_0010.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\ac3_0010[2].exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\asappsrv.dll.bac_a01948 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\cmdinst.exe.bac_a01948/Stream/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\cmdinst.exe.bac_a01948/Stream/data0002 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\cmdinst.exe.bac_a01948/Stream Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\cmdinst.exe.bac_a01948 Inno: infected - 3 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\cmdinst.exe.bac_a01948 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Dc1452.pif.bac_a01948 Infected: Backdoor.Win32.MSNMaker.w skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\drsmartload.exe.bac_a01948 Infected: Trojan-Downloader.Win32.VB.afl skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\drsmartload44a[1].exe.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\drv.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.hd skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\dr[1].mp3.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.hd skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\DXC9.exe.bac_a01948 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\DXC9[1].exe.bac_a01948 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\ilchoy.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.ctf skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\installer.exe.bac_a01948 Infected: Trojan-Dropper.Win32.PurityScan.q skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Installer4.exe.bac_a01948 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Installer[1].exe.bac_a01948/Stream/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Installer[1].exe.bac_a01948/Stream/data0002 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Installer[1].exe.bac_a01948/Stream Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Installer[1].exe.bac_a01948 Inno: infected - 3 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\Installer[1].exe.bac_a01948 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948 NSIS: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].exe.bac_a01948 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\install[1].mp3.bac_a01948 Infected: Trojan-Dropper.Win32.PurityScan.ah skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\loader[1].exe.bac_a01948 Infected: Trojan-Downloader.Win32.VB.afl skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\mc44a34.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\msnmsgr.exe.bac_a01948 Infected: Backdoor.Win32.MSNMaker.w skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\mt-uninstaller.exe.bac_a01948/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\mt-uninstaller.exe.bac_a01948 NSIS: infected - 1 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\mt-uninstaller.exe.bac_a01948 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\MTE3NDI6ODoxNg.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\MTE3NDI6ODoxNgnew.exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\MTE3NDI6ODoxNg[1].exe.bac_a01948 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948 NSIS: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\one.exe.bac_a01948 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\two.exe.bac_a01948 Infected: Trojan-Dropper.Win32.PurityScan.ah skipped
C:\Documents and Settings\kmay\.housecall6.6\Quarantine\vqyxqnx[1].txt.bac_a01948 Infected: Trojan-Downloader.Win32.Small.ctf skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\cert8.db Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\history.dat Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\key3.db Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\parent.lock Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kmay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Messenger\lilmac@clear.net.nz\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Messenger\lilmac@clear.net.nz\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Messenger\lilmac@clear.net.nz\SharingMetadata\Working\database_AEA4_F3AF_A4F3_77E3\dfsr.db Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Messenger\lilmac@clear.net.nz\SharingMetadata\Working\database_AEA4_F3AF_A4F3_77E3\fsr.log Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Messenger\lilmac@clear.net.nz\SharingMetadata\Working\database_AEA4_F3AF_A4F3_77E3\tmp.edb Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{26D4D3F6-791D-4832-BE37-42680223D0DD} Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows Live Contacts\lilmac@clear.net.nz\real\members.stg Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows Live Contacts\lilmac@clear.net.nz\shadow\members.stg Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\History\History.IE5\MSHist012006111320061114\index.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Temp\~DFA993.tmp Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Temp\~DFAA4A.tmp Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Temp\~DFEE46.tmp Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Temp\~DFEEA8.tmp Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kmay\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\kmay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{289B41EA-569D-4B13-A1AB-05CA914BA535}\RP390\A0192263.exe Object is locked skipped
C:\System Volume Information\_restore{289B41EA-569D-4B13-A1AB-05CA914BA535}\RP411\A0206292.exe Object is locked skipped
C:\System Volume Information\_restore{289B41EA-569D-4B13-A1AB-05CA914BA535}\RP433\change.log Object is locked skipped

log cont in next post
 
cont

C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MINE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\lzx32.sy_ Infected: Trojan-Clicker.Win32.Costrat.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT050a8.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT050ab.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 11:31, on 06-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\kmay\Desktop\hijackthis1\HijackThis.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi

Empty this folder:

C:\Documents and Settings\kmay\.housecall6.6\Quarantine\

Delete these:

C:\WINDOWS\system32\i
C:\WINDOWS\system32\lzx32.sy_

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report
 
we like no infections :)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06-11-14 11:48
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/11/2006
Kaspersky Anti-Virus database records: 241103
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52902
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:47:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-10252006-164718.log Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\cert8.db Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\history.dat Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\key3.db Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\parent.lock Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kmay\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kmay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0B33F9C1-112D-4792-ADD6-5275A686E862} Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Application Data\Mozilla\Firefox\Profiles\r6ve2enb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\History\History.IE5\MSHist012006111420061115\index.dat Object is locked skipped
C:\Documents and Settings\kmay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kmay\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\kmay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{289B41EA-569D-4B13-A1AB-05CA914BA535}\RP390\A0192263.exe Object is locked skipped
C:\System Volume Information\_restore{289B41EA-569D-4B13-A1AB-05CA914BA535}\RP411\A0206292.exe Object is locked skipped
C:\System Volume Information\_restore{289B41EA-569D-4B13-A1AB-05CA914BA535}\RP436\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MINE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT023ee.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT023f1.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
latest HijackThis report

hopefully this is looking better
thanks again for your continuing help :bigthumb:

Logfile of HijackThis v1.99.1
Scan saved at 11:51, on 06-11-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kmay\Desktop\hijackthis1\HijackThis.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
seems pretty good thanks.......my antivir guard did a scan today and still picked up some trojans....so not sure if they are going to cause problems or not....if they are actually on my computer or not

:crowned:
thanks for your help, you rock
flick
:angel:
 
Glad to hear

You're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Go here and download and install JRE 5.0 Update 9. Click the link that says Download JRE 5.0 Update 9. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_09-windows-i586-p.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 5.0 Update 6.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for - Spybot S & D and Ad-aware

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
 
You must log in or register to reply here.
Back
Top