Am at a Loss -Over 300 Infections. Please Help, i need assist.

S

Shadows_Light

New member
A brief recap of what's been transpiring: have been running AVG AntiVirus(FREE) for quite awhile. At one point awhile back AGV listed the following:

kernel32.dll change C:\WINDOWS\system32\kernel32.dll changed
user32.dll change C:\WINDOWS\system32\user32.dll changed
shell32.dll change C:\WINDOWS\system32\shell32.dll changed
ntoskml.exe change C:\WINDOWS\system32\ntoskml.exe changed

i'm disabled & have been quite ill, so i thought AVG did what was needed to keep me safe & went about my usual computer activities.

UNTIL: began receiving "Blue Stop Screens", keys on my kybd getting very hard to push, text entries having long delay prior to what i typed showing up, etc (odd things which had not occured prior). Next here's what AVG found & they didn't show up from all of AVG Scans until 9/28/07:

dsbr.jar- 13f7do18-58f5f3c3.zip C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\Cache\Javapi\V1.01 Jar\Java\Byte Verify

SendPhotos.exe C:\Program Files\SendPhotos Trojan horse Downloader.Generic4.ILX

A0018114.exe C:\Systen Volume Information\_restore {593f298f-B7D6-4A3D...

WinAV.exe C:\Program Files\WinAntiVirus Pro 2007\Trojanhorse Generic5.DWA

us0006[1].anr C:\Documents and Settings\Owner\Local Settings\Temporary Internet File Content.IE5\AMVWLA5A Trojan Horse Exploit.Downloader

I've read your "BEFORE YOU POST". I d/l HJT but have not installed yet. Also d/l Spybot program-it showed 315 Infections & asked for Registration#. Unfortunately, that requires a fee to register & i am Flat Broke (seriously!!). In fact, i've gathered many 'home items' to list on an auction site hoping to sell enough to keep electric/phone on. Yet am afraid to do much at all on the computer with all these problems.

Please step in & assist me. I can assure you I will not let your kindness go by the wayside & will make donations or pay you as soon as i am able to.

I am so upset with these computer issues, I cannot think straight as in what to do ... really in dire need of guidance/direction. If this PC blows completely due to these infections/viruses... I'm dead in water... its my only link to the outside world due to disablities which keep me home-bound.

Thank You so much in advance for being here for so many of us in need,

Keyanna
 
Hello.
Shadows_Light said:
Also d/l Spybot program-it showed 315 Infections & asked for Registration#. Unfortunately, that requires a fee to register & i am Flat Broke (seriously!!).
Click to expand...

That is not Spybot-S&D but a fake rogue program. Rogue/Suspect Anti-Spyware Products & Web Sites

Spybot-Search and Destroy is totally free for personal use.

This is our home page: http://www.safer-networking.org/en/home/index.html

If you can, please run the on-line anti virus scan and produce that log and also the HJT log in order for one of our helpers to assist you.

Best regards.
 
HJT File per your instructions (hope i'm doing all of this correctly)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:07 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\System Doctor\sysmain.exe
C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8530
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=enable+wireless+connection&srch=3&prov=&utf8
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System Doctor] C:\Program Files\System Doctor\sysmain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [HSN Skin Tools Alerts] "C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" Alerts
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154679137071
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 10659 bytes
 
Kaspersky Online Scan(i placed this is separate post due to space limits)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 04, 2007 7:07:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 4/10/2007
Kaspersky Anti-Virus database records: 427117
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 80606
Number of viruses found: 11
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:17:07
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\idb\Dancingle5\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\idb\Dancingle5\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\CACHE\dancingl01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\dancingle5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\dancingle5.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\dancingle5.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\EarthLink\Toolbar\toolbareg.xml Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WinAntiVirusPro2006FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\WinAntiVirusPro2006FreeInstall[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP312\A0025740.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ah skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0025804.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ah skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026151.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026153.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026154.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026155.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026156.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026157.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026159.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026160.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP315\A0026464.DLL Infected: not-a-virus:AdWare.Win32.MySearch.g skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP316\A0026546.dll Infected: not-a-virus:AdWare.Win32.MySearch.g skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP328\A0026814.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029433.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029477.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029482.exe/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029482.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029483.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP347\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0DFBEC2D-F66F-4B21-88C5-7407270DC483}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
 
Hi Shadows_Light


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete following files (if found):
C:\Documents and Settings\Owner\Local Settings\Temp\WinAntiVirusPro2006FreeInstall.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\WinAntiVirusPro2006FreeInstall[1].exe


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Then run Kaspersky scanner again and post its report & a fresh hjt log.
 
Blade, Pls. Read-Very Odd Things Happened While I Was Working On Your Intructions

Hi Blade81, 1st Thank You So Much For Coming To My Aid. I am not sure if you want me to perform anything add'l since the following happened.

I was able to change my file & folder preferences. Soon after, I did locate the first file you wanted deleted. I right clicked to make sure it was indeed correct. Suddenly, my AOL Dialer turned on, wouldn't stop connecting me to web & also "WinAntiVirus Pro 2007 Installer" began d/l and I could not stop either of these actions!!

Next, Sysyem Doctor pops up saying "spyware attack deleted" (i deleted system doctor w/ Spybot S&D before but it keeps returning). It read: Trojan.Adclicker High Risk! The WinAntiVirus Pro 2007 Installer made a full installation for i couldn't stop the action. So far, if all this isn't bad enough; Spybot S&D begins popping up with so many "Registry Change" mesages... so fast, couldn't catch all of them to write them down (printer is not working), I did get a few tidbits if you need them let me know. Last, AVG Free AntiVirus displayed a message as I was attempting to delete the WinAntiVirus Pro 2007 from Control Panels Add/Delete... to the effect of some type of trojan was found???

Sorry to trouble you but felt it best to alert you in case you need me to do anything more along with what you already requested. All that happened really frightened me :sick: As if something took fast & hard control of my PC and wouldn't let go WOW!!

Okay, i am now going to d/l ATF. Run the new "Kaspersky Scan & HJT. Will post them to you soon as they are complete.

Again, Thank You for Being Here :)
Shadow
 
Okay, I'll wait for the results. We won't give up as long as there's a bit of hope left :)
 
Kaspersky Scan 10-08-07

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 08, 2007 11:56:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 9/10/2007
Kaspersky Anti-Virus database records: 429653
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 83781
Number of viruses found: 12
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 01:17:57
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\idb\Dancingle5\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\idb\Dancingle5\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\CACHE\dancingl01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\dancingle5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\dancingle5.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\organize\dancingle5.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0a\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WinAntiVirusPro2006FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~freesetup.exe/file01 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~freesetup.exe/file02/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~freesetup.exe/file02 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~freesetup.exe/file18 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~freesetup.exe/file83 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~freesetup.exe Inno: infected - 5 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\WinAntiVirusPro2006FreeInstall[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Program Files\Common Files\WinAntiVirus Pro 2007\wa7pinst.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Program Files\WinAntiVirus Pro 2007\reform.exe/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Program Files\WinAntiVirus Pro 2007\reform.exe Inno: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP312\A0025713.exe Infected: not-a-virus:FraudTool.Win32.RegistrySmart.a skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP312\A0025740.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ah skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0025804.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ah skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026103.exe Infected: not-a-virus:FraudTool.Win32.RegistrySmart.a skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026151.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026153.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026154.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026155.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026156.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026157.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026159.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0026160.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ay skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP315\A0026464.DLL Infected: not-a-virus:AdWare.Win32.MySearch.g skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP316\A0026546.dll Infected: not-a-virus:AdWare.Win32.MySearch.g skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP328\A0026814.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0028352.rbf Infected: not-a-virus:FraudTool.Win32.RegistrySmart.a skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029433.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029477.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029482.exe/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029482.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029483.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP351\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{68ED2536-99EA-4E07-A695-139FA0E06801}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{79413053-723E-4E3C-BE34-573D1C7F6729}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
 
HJT Log 10-9-07

Hi Blade, i tried for 3+ hours to d/l ATF-Cleaner from local you gave & many others i found. Each attempt gave me a "time-out" error. That's reason it's not included. I really tried hard... any suggestionson that part of things? Thanx ~ Shadow

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:57 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\System Doctor\sysmain.exe
C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8530
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=enable+wireless+connection&srch=3&prov=&utf8
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2007\IEFWBHO.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System Doctor] C:\Program Files\System Doctor\sysmain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [HSN Skin Tools Alerts] "C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" Alerts
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154679137071
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F0FFBBF-E2DF-47EA-824D-511760D6896F}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 11282 bytes
 
1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply with a fresh hjt log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall
 
ComboFix Log Part 1 (sorry, too long to fit into 1 post)

ComboFix 07-10-09.3 - Owner 2007-10-09 2:53:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.597 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiVirus Pro 2007\Reinstall or Uninstall WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007 Manual.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\Owner\Application Data\DriveCleaner Freeware(2)
C:\Documents and Settings\Owner\Application Data\DriveCleaner Freeware(2)\Logs\update.log
C:\Documents and Settings\Owner\Application Data\DriveCleaner Freeware(2)\Logs\update.log
C:\Documents and Settings\Owner\Application Data\SystemDoctor Free
C:\Documents and Settings\Owner\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\Owner\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\Owner\Application Data\SystemDoctor
C:\Documents and Settings\Owner\Application Data\SystemDoctor\activator_info.txt
C:\Documents and Settings\Owner\Application Data\SystemDoctor\activator_info.txt
C:\Documents and Settings\Owner\Application Data\SystemDoctor\Logs\Activate.log
C:\Documents and Settings\Owner\Application Data\SystemDoctor\Logs\Activate.log
C:\Documents and Settings\Owner\Application Data\SystemDoctor\Logs\update.log
C:\Documents and Settings\Owner\Application Data\SystemDoctor\Logs\update.log
C:\Documents and Settings\Owner\err.log
C:\Documents and Settings\Owner\ResErrors.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\CompWiz.xml
C:\Program Files\Common Files\companion wizard\CompWiz.xml
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Program Files\Common Files\winantivirus pro 2007\mav_startupmon.exe
C:\Program Files\Common Files\winantivirus pro 2007\wa7pinst.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\wa7pinst.exe
C:\Program Files\Common Files\winantivirus pro 2007\WAPChk.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
C:\Program Files\winantivirus pro 2007
C:\Program Files\winantivirus pro 2007\Activate.dat
C:\Program Files\WinAntiVirus Pro 2007\Activate.dat
C:\Program Files\winantivirus pro 2007\Activate.dat
C:\Program Files\WinAntiVirus Pro 2007\asmngr.dll
C:\Program Files\winantivirus pro 2007\asmngr.dll
C:\Program Files\winantivirus pro 2007\asmngr.dll
C:\Program Files\winantivirus pro 2007\ASupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\ASupdater.dat
C:\Program Files\winantivirus pro 2007\ASupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\AVupd.exe
C:\Program Files\winantivirus pro 2007\AVupd.exe
C:\Program Files\winantivirus pro 2007\AVupd.exe
C:\Program Files\WinAntiVirus Pro 2007\AWBase\database\enemies.dat
C:\Program Files\winantivirus pro 2007\AWBase\database\enemies.dat
C:\Program Files\winantivirus pro 2007\AWBase\database\enemies.dat
C:\Program Files\winantivirus pro 2007\AWBase\vbpv.dat
C:\Program Files\WinAntiVirus Pro 2007\AWBase\vbpv.dat
C:\Program Files\winantivirus pro 2007\AWBase\vbpv.dat
C:\Program Files\winantivirus pro 2007\BkSites.dat
C:\Program Files\WinAntiVirus Pro 2007\BkSites.dat
C:\Program Files\winantivirus pro 2007\BkSites.dat
C:\Program Files\WinAntiVirus Pro 2007\bnlink.dat
C:\Program Files\winantivirus pro 2007\bnlink.dat
C:\Program Files\winantivirus pro 2007\bnlink.dat
C:\Program Files\winantivirus pro 2007\bpupdater.dat
C:\Program Files\winantivirus pro 2007\bpupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\bpupdater.dat
C:\Program Files\winantivirus pro 2007\CompWiz.exe
C:\Program Files\WinAntiVirus Pro 2007\CompWiz.exe
C:\Program Files\winantivirus pro 2007\CompWiz.exe
C:\Program Files\WinAntiVirus Pro 2007\CompWiz.xml
C:\Program Files\winantivirus pro 2007\CompWiz.xml
C:\Program Files\winantivirus pro 2007\CompWiz.xml
C:\Program Files\winantivirus pro 2007\fat.exe
C:\Program Files\winantivirus pro 2007\fat.exe
C:\Program Files\WinAntiVirus Pro 2007\fat.exe
C:\Program Files\WinAntiVirus Pro 2007\fopn.exe
C:\Program Files\winantivirus pro 2007\fopn.exe
C:\Program Files\winantivirus pro 2007\fopn.exe
C:\Program Files\winantivirus pro 2007\fopn.sys
C:\Program Files\winantivirus pro 2007\fopn.sys
C:\Program Files\WinAntiVirus Pro 2007\fopn.sys
C:\Program Files\winantivirus pro 2007\fopnl.dll
C:\Program Files\WinAntiVirus Pro 2007\fopnl.dll
C:\Program Files\winantivirus pro 2007\fopnl.dll
C:\Program Files\winantivirus pro 2007\forum.dat
C:\Program Files\WinAntiVirus Pro 2007\forum.dat
C:\Program Files\winantivirus pro 2007\forum.dat
C:\Program Files\WinAntiVirus Pro 2007\IEFWBHO.dll
C:\Program Files\winantivirus pro 2007\IEFWBHO.dll
C:\Program Files\winantivirus pro 2007\IEFWBHO.dll
C:\Program Files\winantivirus pro 2007\IH.exe
C:\Program Files\winantivirus pro 2007\IH.exe
C:\Program Files\WinAntiVirus Pro 2007\IH.exe
C:\Program Files\winantivirus pro 2007\integrity.dat
C:\Program Files\winantivirus pro 2007\integrity.dat
C:\Program Files\WinAntiVirus Pro 2007\integrity.dat
C:\Program Files\WinAntiVirus Pro 2007\kb.url
C:\Program Files\winantivirus pro 2007\kb.url
C:\Program Files\winantivirus pro 2007\kb.url
C:\Program Files\winantivirus pro 2007\lapv.dat
C:\Program Files\WinAntiVirus Pro 2007\lapv.dat
C:\Program Files\winantivirus pro 2007\lapv.dat
C:\Program Files\winantivirus pro 2007\License.rtf
C:\Program Files\WinAntiVirus Pro 2007\License.rtf
C:\Program Files\winantivirus pro 2007\License.rtf
C:\Program Files\WinAntiVirus Pro 2007\Online.url
C:\Program Files\winantivirus pro 2007\Online.url
C:\Program Files\winantivirus pro 2007\Online.url
C:\Program Files\winantivirus pro 2007\PGBase\vbpv.dat
C:\Program Files\winantivirus pro 2007\PGBase\vbpv.dat
C:\Program Files\WinAntiVirus Pro 2007\PGBase\vbpv.dat
C:\Program Files\WinAntiVirus Pro 2007\PGE.dat
C:\Program Files\winantivirus pro 2007\PGE.dat
C:\Program Files\winantivirus pro 2007\PGE.dat
C:\Program Files\WinAntiVirus Pro 2007\PGupdater.dat
C:\Program Files\winantivirus pro 2007\PGupdater.dat
C:\Program Files\winantivirus pro 2007\PGupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\plugins\BORLNDMM.DLL
C:\Program Files\winantivirus pro 2007\plugins\BORLNDMM.DLL
C:\Program Files\winantivirus pro 2007\plugins\BORLNDMM.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANADWR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANADWR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANADWR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANBCDR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANBCDR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANBCDR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANDLDR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANDLDR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANDLDR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANDOS1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANDOS1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANDOS1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANEMUL.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANEMUL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANEMUL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANFUNC.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANFUNC.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANFUNC.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANKRNL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANKRNL.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANKRNL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANMCR1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANMCR1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANMCR1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANOTHR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANOTHR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANOTHR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANSCR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANSCR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANSCR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANTOOL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANTOOL.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANTOOL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANTROJ.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANTROJ.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANTROJ.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANWIN1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANWIN1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANWIN1.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNACPU.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNACPU.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNACPU.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNADBX.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNADBX.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNADBX.DLL
C:\Program Files\winantivirus pro 2007\plugins\unamscan.dll
C:\Program Files\WinAntiVirus Pro 2007\plugins\unamscan.dll
C:\Program Files\winantivirus pro 2007\plugins\unamscan.dll
C:\Program Files\winantivirus pro 2007\plugins\UNMIME.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNMIME.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNMIME.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACKS.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPACKS.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACKS.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPACKS2.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACKS2.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACKS2.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPEPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPEPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPEPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27601.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27601.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27601.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27602.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27602.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27602.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27603.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27603.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27603.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27604.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27604.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27604.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UADAILY.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\plugins\vbpv.dat
C:\Program Files\winantivirus pro 2007\plugins\vbpv.dat
C:\Program Files\WinAntiVirus Pro 2007\plugins\vbpv.dat
C:\Program Files\winantivirus pro 2007\pv.dat
C:\Program Files\WinAntiVirus Pro 2007\pv.dat
C:\Program Files\winantivirus pro 2007\pv.dat
C:\Program Files\winantivirus pro 2007\pv.exe
C:\Program Files\winantivirus pro 2007\pv.exe
C:\Program Files\WinAntiVirus Pro 2007\pv.exe
C:\Program Files\WinAntiVirus Pro 2007\rbho.dat
C:\Program Files\winantivirus pro 2007\rbho.dat
C:\Program Files\winantivirus pro 2007\rbho.dat
C:\Program Files\WinAntiVirus Pro 2007\reform.exe
C:\Program Files\winantivirus pro 2007\reform.exe
C:\Program Files\winantivirus pro 2007\reform.exe
C:\Program Files\winantivirus pro 2007\res\cross.gif
C:\Program Files\WinAntiVirus Pro 2007\res\cross.gif
C:\Program Files\winantivirus pro 2007\res\cross.gif
C:\Program Files\winantivirus pro 2007\res\wa7p.gif
C:\Program Files\WinAntiVirus Pro 2007\res\wa7p.gif
C:\Program Files\winantivirus pro 2007\res\wa7p.gif
C:\Program Files\winantivirus pro 2007\Restart.exe
C:\Program Files\winantivirus pro 2007\Restart.exe
C:\Program Files\WinAntiVirus Pro 2007\Restart.exe
C:\Program Files\winantivirus pro 2007\rpt.dll
C:\Program Files\WinAntiVirus Pro 2007\rpt.dll
C:\Program Files\winantivirus pro 2007\rpt.dll
C:\Program Files\WinAntiVirus Pro 2007\scnkrnl.dll
C:\Program Files\winantivirus pro 2007\scnkrnl.dll
C:\Program Files\winantivirus pro 2007\scnkrnl.dll
C:\Program Files\winantivirus pro 2007\Settings.ini
C:\Program Files\WinAntiVirus Pro 2007\Settings.ini
C:\Program Files\winantivirus pro 2007\Settings.ini
C:\Program Files\WinAntiVirus Pro 2007\sqlite3.dll
C:\Program Files\winantivirus pro 2007\sqlite3.dll
C:\Program Files\winantivirus pro 2007\sqlite3.dll
C:\Program Files\WinAntiVirus Pro 2007\sr.log
C:\Program Files\winantivirus pro 2007\sr.log
C:\Program Files\winantivirus pro 2007\sr.log
C:\Program Files\WinAntiVirus Pro 2007\st.dat
C:\Program Files\winantivirus pro 2007\st.dat
C:\Program Files\winantivirus pro 2007\st.dat
C:\Program Files\winantivirus pro 2007\Support.url
C:\Program Files\WinAntiVirus Pro 2007\Support.url
C:\Program Files\winantivirus pro 2007\Support.url
C:\Program Files\WinAntiVirus Pro 2007\UBUpdater.dat
C:\Program Files\winantivirus pro 2007\UBUpdater.dat
C:\Program Files\winantivirus pro 2007\UBUpdater.dat
C:\Program Files\WinAntiVirus Pro 2007\unins000.dat
C:\Program Files\winantivirus pro 2007\unins000.dat
C:\Program Files\winantivirus pro 2007\unins000.dat
C:\Program Files\WinAntiVirus Pro 2007\unins000.exe
C:\Program Files\winantivirus pro 2007\unins000.exe
C:\Program Files\winantivirus pro 2007\unins000.exe
C:\Program Files\winantivirus pro 2007\uninstall.ico
C:\Program Files\WinAntiVirus Pro 2007\uninstall.ico
C:\Program Files\winantivirus pro 2007\uninstall.ico
C:\Program Files\WinAntiVirus Pro 2007\up.dat
C:\Program Files\winantivirus pro 2007\up.dat
C:\Program Files\winantivirus pro 2007\up.dat
C:\Program Files\winantivirus pro 2007\updater.dat
C:\Program Files\WinAntiVirus Pro 2007\updater.dat
C:\Program Files\winantivirus pro 2007\updater.dat
C:\Program Files\winantivirus pro 2007\WAV6COM.dll
C:\Program Files\winantivirus pro 2007\WAV6COM.dll
C:\Program Files\WinAntiVirus Pro 2007\WAV6COM.dll
C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
C:\Program Files\winantivirus pro 2007\WinAV.xml
C:\Program Files\winantivirus pro 2007\WinAV.xml
C:\Program Files\winantivirus pro 2007\winpgi.dll
C:\Program Files\WinAntiVirus Pro 2007\winpgi.dll
C:\Program Files\winantivirus pro 2007\winpgi.dll
C:\Program Files\WinAntiVirus Pro 2007\worldmap.swf
C:\Program Files\winantivirus pro 2007\worldmap.swf
C:\Program Files\winantivirus pro 2007\worldmap.swf
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\stera.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPN
-------\FOPN

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.
2007-10-09 02:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-04 03:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-04 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 07:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-28 04:50 <DIR> d-------- C:\Program Files\AOL 9.0a
2007-09-28 04:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-28 04:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AOL
2007-09-23 01:42 10,920 --a------ C:\aolconnfix.exe
2007-09-22 05:57 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-09-22 05:55 <DIR> d-------- C:\Program Files\AOL 9.0
2007-09-22 04:43 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-09-22 04:40 <DIR> d--h----- C:\TEMP
 
ComboFix Log Part 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 19:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-09-28 11:58 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-22 08:23 --------- d-----w C:\Program Files\System Doctor
2007-09-22 08:09 --------- d-----w C:\Program Files\RegistrySmart
2007-09-22 07:56 --------- d-----w C:\Program Files\Pure Networks
2007-09-11 08:51 --------- d-----w C:\Program Files\Paint Shop Pro 5
2007-09-05 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\System Doctor
2007-09-05 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\System Doctor Free
2007-09-05 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\System Doctor
2007-09-04 06:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\RegistrySmart
2007-08-22 10:42 --------- d-----w C:\Program Files\HSN
2007-08-22 06:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sammsoft
2007-08-22 05:41 --------- d-----w C:\Program Files\DriveCleaner Freeware
2007-08-11 01:11 --------- d-----w C:\Program Files\Uniblue
2007-04-08 06:56 472 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 04:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 21:29]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-01-31 19:52]
"System Doctor"="C:\Program Files\System Doctor\sysmain.exe" [2007-08-23 12:13]
"HostManager"="C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe" [2006-09-25 17:52]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-08-16 08:43]
"HSN Skin Tools Alerts"="C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"AOL Fast Start"="C:\Program Files\AOL 9.0a\AOL.exe" [2007-04-17 23:48]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
"C:\Program Files\eSnips\ClientGW.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1145965187\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 10:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.exe
"2007-09-30 01:11:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-11 01:11:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 03:06:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-09 3:08:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 03:08
.
--- E O F ---
 
HJT Log ((( Fresh Log 10-09-07 )))

You deserve a Big Hug for your patience with me;) I'm 'green' to all of this... reports, etc. Plus many odd things have occured during some of these Logs, esp ComboFix creating error reports to send - it restarted the PC and Spybot S&D keeps popping up w/ many windows (registry value changes). I only hope i'm clicking the correct response when this happens. What an Angel you are :heart:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:31 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\System Doctor\sysmain.exe
C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8530
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=enable+wireless+connection&srch=3&prov=&utf8
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System Doctor] C:\Program Files\System Doctor\sysmain.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [HSN Skin Tools Alerts] "C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" Alerts
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154679137071
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F0FFBBF-E2DF-47EA-824D-511760D6896F}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 10328 bytes
 
Hi


Disable Spybot's TeaTimer (you can re-enable it after we've cleaned the system)
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer



Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Don't run AVG yet. Will do it a bit later.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Don't run ATF yet. Will do it a bit later.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
C:\Documents and Settings\Owner\Application Data\System Doctor
C:\Documents and Settings\All Users\Application Data\System Doctor Free
C:\Documents and Settings\All Users\Application Data\System Doctor
C:\Program Files\DriveCleaner Freeware

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Doctor"=-


Save this as
CFScript


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Don't select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the
    Save Scan Report
    button before you did hit the
    Apply all Actions
    button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot.


Post
-AVG Anti-Spyware log
-a fresh HJT log.
 
ComboFix Log

Dear Blade81, dear goodness, i so hope i'm doing all of this right. have been working on the instructions since 4pm mst & must admit am feeling like a dumb blonde (but i'm not even blonde!) wanted to contact you to a couple times for clarification but not wanting to bother you. i'll keep on going at it & praying alot! :banghead:

ComboFix 07-10-09.3 - Owner 2007-10-09 23:54:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.585 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Program Files\Trend Micro\HijackThis\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\System Doctor Free
C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data\hours
C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\System Doctor
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\Abbr
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\cid
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\CustomerEmail
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\CustomerName
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\OID
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\PCID
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\System Doctor\Data\Suspicious
C:\Documents and Settings\Owner\Application Data\System Doctor
C:\Documents and Settings\Owner\Application Data\System Doctor\Logs\update.log
C:\Program Files\DriveCleaner Freeware
C:\Program Files\DriveCleaner Freeware\Activate.dat
C:\Program Files\DriveCleaner Freeware\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner Freeware\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner Freeware\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner Freeware\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner Freeware\Appbase\ASPack.dat
C:\Program Files\DriveCleaner Freeware\Appbase\Babylon.dat
C:\Program Files\DriveCleaner Freeware\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner Freeware\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner Freeware\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner Freeware\Appbase\CCGA.dat
C:\Program Files\DriveCleaner Freeware\Appbase\CManager.dat
C:\Program Files\DriveCleaner Freeware\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner Freeware\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner Freeware\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner Freeware\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner Freeware\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner Freeware\Appbase\Far.dat
C:\Program Files\DriveCleaner Freeware\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner Freeware\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner Freeware\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner Freeware\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner Freeware\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner Freeware\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner Freeware\Appbase\GetRight.dat
C:\Program Files\DriveCleaner Freeware\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner Freeware\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner Freeware\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner Freeware\Appbase\HomeSite.dat
C:\Program Files\DriveCleaner Freeware\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner Freeware\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner Freeware\Appbase\iMesh.dat
C:\Program Files\DriveCleaner Freeware\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner Freeware\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner Freeware\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner Freeware\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner Freeware\Appbase\LView.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MacDir.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MicAng.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MicDes.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner Freeware\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MPaint.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner Freeware\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner Freeware\Appbase\Nero.dat
C:\Program Files\DriveCleaner Freeware\Appbase\NetShow.dat
C:\Program Files\DriveCleaner Freeware\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner Freeware\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner Freeware\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner Freeware\Appbase\PHPCoder.dat
C:\Program Files\DriveCleaner Freeware\Appbase\PowerZIP.dat
C:\Program Files\DriveCleaner Freeware\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner Freeware\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner Freeware\Appbase\RealDown.dat
C:\Program Files\DriveCleaner Freeware\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner Freeware\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner Freeware\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner Freeware\Appbase\Sonique.dat
C:\Program Files\DriveCleaner Freeware\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner Freeware\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner Freeware\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner Freeware\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner Freeware\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner Freeware\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner Freeware\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner Freeware\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner Freeware\Appbase\VNC.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WebReap.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WinACE.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WinGate.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner Freeware\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner Freeware\Appbase\wordslst.xda
C:\Program Files\DriveCleaner Freeware\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner Freeware\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner Freeware\AV.dat
C:\Program Files\DriveCleaner Freeware\bnlink.dat
C:\Program Files\DriveCleaner Freeware\err.log
C:\Program Files\DriveCleaner Freeware\img\button.gif
C:\Program Files\DriveCleaner Freeware\img\button2.gif
C:\Program Files\DriveCleaner Freeware\img\header.gif
C:\Program Files\DriveCleaner Freeware\img\logo.gif
C:\Program Files\DriveCleaner Freeware\img\spacer.gif
C:\Program Files\DriveCleaner Freeware\img\top_line.gif
C:\Program Files\DriveCleaner Freeware\img\top1.jpg
C:\Program Files\DriveCleaner Freeware\img\top2.jpg
C:\Program Files\DriveCleaner Freeware\lapv.dat
C:\Program Files\DriveCleaner Freeware\license.rtf
C:\Program Files\DriveCleaner Freeware\manual.url
C:\Program Files\DriveCleaner Freeware\pv.dat
C:\Program Files\DriveCleaner Freeware\readme.rtf
C:\Program Files\DriveCleaner Freeware\remnag.dat
C:\Program Files\DriveCleaner Freeware\ScanReport.dat
C:\Program Files\DriveCleaner Freeware\Schedule.dat
C:\Program Files\DriveCleaner Freeware\sr.log
C:\Program Files\DriveCleaner Freeware\support.url
C:\Program Files\DriveCleaner Freeware\UDC.xml
C:\Program Files\DriveCleaner Freeware\UDC6.url
C:\Program Files\DriveCleaner Freeware\unins000.dat
C:\Program Files\DriveCleaner Freeware\UninstallPage.html
C:\Program Files\DriveCleaner Freeware\up.dat
C:\Program Files\DriveCleaner Freeware\updater.dat
C:\Program Files\DriveCleaner Freeware\vbpv.dat
.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.
2007-10-09 22:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-09 02:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-04 03:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-04 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 07:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-28 04:50 <DIR> d-------- C:\Program Files\AOL 9.0a
2007-09-28 04:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-28 04:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AOL
2007-09-23 01:42 10,920 --a------ C:\aolconnfix.exe
2007-09-22 05:57 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-09-22 05:55 <DIR> d-------- C:\Program Files\AOL 9.0
2007-09-22 04:43 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-09-22 04:40 <DIR> d--h----- C:\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 19:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-09-28 11:58 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-22 08:23 --------- d-----w C:\Program Files\System Doctor
2007-09-22 08:09 --------- d-----w C:\Program Files\RegistrySmart
2007-09-22 07:56 --------- d-----w C:\Program Files\Pure Networks
2007-09-11 08:51 --------- d-----w C:\Program Files\Paint Shop Pro 5
2007-09-04 06:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\RegistrySmart
2007-08-22 10:42 --------- d-----w C:\Program Files\HSN
2007-08-22 06:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sammsoft
2007-08-11 01:11 --------- d-----w C:\Program Files\Uniblue
2007-04-08 06:56 472 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 04:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 21:29]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-01-31 19:52]
"HostManager"="C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe" [2006-09-25 17:52]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-08-16 08:43]
"HSN Skin Tools Alerts"="C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"AOL Fast Start"="C:\Program Files\AOL 9.0a\AOL.exe" [2007-04-17 23:48]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
"C:\Program Files\eSnips\ClientGW.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1145965187\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 10:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.exe
"2007-10-10 01:11:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-11 01:11:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 23:55:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-09 23:56:36
C:\ComboFix-quarantined-files.txt ... 2007-10-09 23:56
C:\ComboFix2.txt ... 2007-10-09 23:35
C:\ComboFix3.txt ... 2007-10-09 03:08
.
--- E O F ---
 
Hi

Thus far you've done it ok. :bigthumb:

Delete following folder:
c:\program files\system doctor

Now just waiting for those AVG report & new hjt log. :)
 
Problem locating file to delete and.... more

Hiya Blade81, I cannot locate c:\program files\*system doctor* in order to delete it. I know that nasty thing is still in my pc but even doing searches is not exposing itself!

Also, in order to run my AGV AntiVirus Log, need to close all running programs, open windows, folders. I'm am clueless how or which ones to close while still allowing my system to run?

Any feedback is GREATLY appreciated.
Warmly, Shadow
 
Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
C:\Program Files\System Doctor


Save this as
CFScript (overwrite previous one)


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. That should delete the folder if it exists.


Also, in order to run my AGV AntiVirus Log, need to close all running programs, open windows, folders. I'm am clueless how or which ones to close while still allowing my system to run?
Click to expand...
I meant AVG Anti-spyware and not AVG Antivirus log :) You're ready to scan when you've closed browser windows. Don't stress yourself too much with that notification ;)
 
ComboFix Log ((( Fresh )))

I think System Doctor is finally gone but posted this for your review just in case i overlooked it. I'll have the AVG AntiSpyware & New HTG Logs in just a lil' while;)

ComboFix 07-10-09.3 - Owner 2007-10-10 2:04:22.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.531 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Program Files\Trend Micro\HijackThis\CFScript_used_2007-10-09@23.54.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.
2007-10-09 22:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-09 02:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-04 03:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-04 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 07:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-28 04:50 <DIR> d-------- C:\Program Files\AOL 9.0a
2007-09-28 04:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-28 04:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AOL
2007-09-23 01:42 10,920 --a------ C:\aolconnfix.exe
2007-09-22 05:57 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-09-22 05:55 <DIR> d-------- C:\Program Files\AOL 9.0
2007-09-22 04:43 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-09-22 04:40 <DIR> d--h----- C:\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 19:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-09-28 11:58 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-22 08:09 --------- d-----w C:\Program Files\RegistrySmart
2007-09-22 07:56 --------- d-----w C:\Program Files\Pure Networks
2007-09-11 08:51 --------- d-----w C:\Program Files\Paint Shop Pro 5
2007-09-04 06:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\RegistrySmart
2007-08-22 10:42 --------- d-----w C:\Program Files\HSN
2007-08-22 06:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sammsoft
2007-08-11 01:11 --------- d-----w C:\Program Files\Uniblue
2007-04-08 06:56 472 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2007-10-09_ 3.07.26.40 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 621,848 2007-10-08 22:53:12 C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
----a-w 621,848 2007-10-08 22:53:12 C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 04:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 21:29]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-01-31 19:52]
"HostManager"="C:\Program Files\Common Files\AOL\1190465712\ee\AOLSoftware.exe" [2006-09-25 17:52]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-08-16 08:43]
"HSN Skin Tools Alerts"="C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"AOL Fast Start"="C:\Program Files\AOL 9.0a\AOL.exe" [2007-04-17 23:48]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
"C:\Program Files\eSnips\ClientGW.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1145965187\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 10:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.exe
"2007-10-10 01:11:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-11 01:11:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 02:05:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-10 2:05:49
C:\ComboFix-quarantined-files.txt ... 2007-10-10 02:05
C:\ComboFix2.txt ... 2007-10-09 23:56
C:\ComboFix3.txt ... 2007-10-09 23:35
.
--- E O F ---
 
AVG Anti Spyware Log

:rolleyes: Dang It! Okay, I really think I made a Boo-Boo on this one. Under ' How To Act ' I did click Reco'd Action & Quarantine from pop-up menu. However after scan ran to completion; it showed Delete under Set All Elements.. i tried but couldn't get it to make the correction back to Quarantine. Hope this has not created a HUGE problem for you. I still don't know how this even happened. I'm sorry if i goofed... have been so cautious. Plus, my logs have been taking longer to post to you as i'm having to write all instructions out (printer not working). Please don't be too angry, i'm trying so hard :red:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:14:34 AM 10/10/2007
+ Scan result:

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029477.dll -> Adware.Companion : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP352\A0030506.dll -> Adware.Companion : Cleaned.
C:\qoobox\Quarantine\C\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll.vir -> Adware.Companion : Cleaned.
C:\qoobox\Quarantine\C\Program Files\DriveCleaner Freeware\up.dat.vir -> Adware.DriveCleaner : Cleaned.
C:\qoobox\Quarantine\C\Program Files\DriveCleaner Freeware\vbpv.dat.vir -> Adware.DriveCleaner : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0025808.dll -> Adware.ErrorSafe : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029479.exe -> Adware.SystemDoctor : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP352\A0030465.exe -> Adware.SystemDoctor : Cleaned.
C:\qoobox\Quarantine\C\Program Files\WinAntiVirus Pro 2007\IH.exe.vir -> Adware.SystemDoctor : Cleaned.
C:\qoobox\Quarantine\C\Program Files\WinAntiVirus Pro 2007\st.dat.vir -> Adware.WinAntiVirus : Cleaned.
C:\qoobox\Quarantine\C\Program Files\WinAntiVirus Pro 2007\up.dat.vir -> Adware.WinAntiVirus : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029483.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP352\A0030505.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\qoobox\Quarantine\C\Program Files\Common Files\WinAntiVirus Pro 2007\wa7pinst.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP328\A0026814.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP341\A0029433.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP352\A0030504.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned.
C:\qoobox\Quarantine\C\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP315\A0026464.DLL -> Trojan.HSN : Cleaned.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP316\A0026546.dll -> Trojan.HSN : Cleaned.

::Report end
 
You must log in or register to reply here.
Back
Top