Help Virus, Adware, Malware...please help

Darkdesign007 · Nov 9, 2007

I have encountered a bunch of virus warnings from my computer and my anti virus program Avast keeps saying there is adware found something like Win.32 Adware and others. I have thought about buying registry fix for $30, but want to see if the problem can be settled here, for I do not want to give my credit card number online, especially when I have a virus.

I HAVE THE FOLLWING PROGRAMS:

AVG Antivirus (scanner)
Avast Anti Virus Home Edition
SpyBot
Ad-Aware (Lavasoft) 2007

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:17 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSecureSystem\bm.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwlax.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {1BD6031F-BD9B-4DDF-A164-1D3A6701F374} - C:\WINDOWS\ipwypwpk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\PCSecureSystem\Tools\IEFWBHO.dll
O3 - Toolbar: The bonrep - {9BA420D2-40A3-431D-A863-531B0FBA0569} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSecureSystem] C:\Program Files\PCSecureSystem\pgs.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\PCSecureSystem\bm.exe" dm=http://pcsecuresystem.com; ad=http://pcsecuresystem.com
O4 - HKLM\..\RunOnce: [atf.exe] "C:\Program Files\PCSecureSystem\pgs.exe" /empty
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] "C:\Program Files\Evidence Eliminator\ee.exe" /m
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Kmiialza] C:\WINDOWS\system32\??crosoft.NET\w?crtupd.exe
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://antivirus.uwlax.edu/WebInst/WebInst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O21 - SSODL: kbdctrl - {5E3D67D7-C427-4D3B-B1DE-092858610F10} - C:\WINDOWS\kbdctrl.dll (file missing)
O21 - SSODL: neobus - {EDBB2012-2B1D-488C-85B8-97678A6B4B3D} - C:\WINDOWS\neobus.dll
O21 - SSODL: msmhost - {94062B9C-48D4-4FE6-8826-C40F6C223FBB} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {AE4BD19D-FD89-4B19-B2BA-503CB589D86B} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Alive Internet Eraser Service (AliveEraseAutoComplete) - Unknown owner - C:\Program Files\AliveComputing\Internet Eraser\InternetEraserService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

--
End of file - 10644 bytes

Darkdesign007 · Nov 9, 2007

Oh my gosh....I am getting a message that reads "The file or directory C: is corrupt and unreadble. Please run Chkdsk utility. Oh my God I think my computer may be gone! Still also getting crazy virus message mainly
Win.32 Agent and Adware. Any programs I should buy?

Here is my combo fix log

ComboFix 07-08-04.3 - "Yahkub Augustine" 2007-11-09 0:22:57.2 [GMT -6:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt

((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))

2007-11-08 23:42 46,592 --a------ C:\WINDOWS\system32\drivers\FMTR.sys
2007-11-08 23:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-08 23:42 189,984 --a------ C:\DOCUME~1\YAHKUB~1\APPLIC~1\install_en[1].exe
2007-11-08 23:42 <DIR> d-------- C:\Program Files\PCSecureSystem
2007-11-08 23:42 <DIR> d-------- C:\Program Files\Common Files\PCSecureSystem
2007-11-08 23:17 233,472 --a------ C:\WINDOWS\msmhost.dll
2007-11-08 21:04 282,624 --a------ C:\WINDOWS\ipwypwpk.dll
2007-11-08 21:04 249,856 --a------ C:\WINDOWS\neobus.dll
2007-11-08 21:04 167,936 --a------ C:\WINDOWS\bonrep.dll
2007-11-08 21:04 118,784 --a------ C:\WINDOWS\qdertu.exe
2007-11-08 21:03 <DIR> d-------- C:\Program Files\RichVideoCodec
2007-11-03 21:01 64 --a------ C:\WINDOWS\system32\BurnData.bin
2007-11-03 21:01 <DIR> d-------- C:\DOCUME~1\YAHKUB~1\APPLIC~1\Roxio
2007-11-03 20:55 <DIR> d-------- C:\Program Files\Napster
2007-11-03 20:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-11-03 11:29 <DIR> d-------- C:\DOCUME~1\YAHKUB~1\audiobooks
2007-11-02 18:03 <DIR> d-------- C:\DOCUME~1\YAHKUB~1\APPLIC~1\Apple Computer
2007-11-02 18:02 <DIR> d-------- C:\Program Files\iTunes
2007-11-02 18:02 <DIR> d-------- C:\Program Files\iPod
2007-11-02 18:01 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-02 18:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-02 18:01 <DIR> d-------- C:\Program Files\QuickTime
2007-11-02 18:01 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-02 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-11-02 18:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-02 18:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-10-31 22:39 <DIR> d-------- C:\DOCUME~1\YAHKUB~1\APPLIC~1\Download Manager
2007-10-31 21:04 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2007-10-31 21:04 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2007-10-31 21:04 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2007-10-31 21:04 71,680 --a------ C:\WINDOWS\system32\dllcache\fnfilter.dll
2007-10-31 21:04 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-10-31 21:04 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-11-03 21:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 21:31 --------- d-------- C:\Program Files\LimeWire
2007-09-06 04:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 04:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-22 06:55 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 06:55 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 06:55 617984 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 06:55 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 06:55 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 06:55 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 06:55 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 06:55 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 06:55 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 06:55 3064832 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 06:55 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 06:55 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 06:55 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 06:55 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 06:55 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 06:55 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 06:55 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 06:55 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 04:19 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 00:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:15 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-12 22:42 22016 --a------ C:\WINDOWS\system32\prospeed_bmp2jpg.dll
2007-01-18 13:51 87608 --a------ C:\DOCUME~1\YAHKUB~1\APPLIC~1\ezpinst.exe
2007-01-18 13:51 47360 --a------ C:\DOCUME~1\YAHKUB~1\APPLIC~1\pcouffin.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BD6031F-BD9B-4DDF-A164-1D3A6701F374}]
2007-11-08 08:27 282624 --a------ C:\WINDOWS\ipwypwpk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAAD2038-C371-473D-86F1-5B11D39C3775}]
2007-07-31 10:22 1100288 --a------ C:\Program Files\PCSecureSystem\Tools\IEFWBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-10 02:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 07:50]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 04:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"PCSecureSystem"="C:\Program Files\PCSecureSystem\pgs.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Evidence Eliminator"="C:\Program Files\Evidence Eliminator\ee.exe" [2006-04-10 15:53]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 09:29]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"Kmiialza"="C:\WINDOWS\system32\??crosoft.NET\w?crtupd.exe" []
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"atf.exe"="C:\Program Files\PCSecureSystem\pgs.exe" /empty

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-30 16:26:44]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 10:59:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {5E3D67D7-C427-4D3B-B1DE-092858610F10} - C:\WINDOWS\kbdctrl.dll [ ]
"neobus"= {EDBB2012-2B1D-488C-85B8-97678A6B4B3D} - C:\WINDOWS\neobus.dll [2007-11-08 08:27 249856]
"msmhost"= {8035ED40-174B-460C-9A29-30478CDF6BBE} - C:\WINDOWS\msmhost.dll [2007-09-06 12:19 233472]
"msmdev"= {9644DEB6-06CC-4652-BB87-5A7EEDCDC8DE} - C:\WINDOWS\msmdev.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3355955871-1918051030-1103130388-1009\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd

R0 iastor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iastor.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 E100B;Intel(R) PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S0 fmtr;fmtr;C:\WINDOWS\system32\Drivers\FMTR.sys
S3 AliveEraseAutoComplete;Alive Internet Eraser Service;C:\Program Files\AliveComputing\Internet Eraser\InternetEraserService.exe
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

Contents of the 'Scheduled Tasks' folder
2007-11-06 23:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2005-06-20 22:56:40 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2007-10-26 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (PAUGUSTINE-Patrick Augustine).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 00:28:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000000

scanning hidden files ...

**************************************************************************

Completion time: 2007-11-09 0:29:39
C:\ComboFix-quarantined-files.txt ... 2007-11-09 00:28
C:\ComboFix2.txt ... 2007-08-06 08:52

--- E O F ---

Previous topic: http://forums.spybot.info/showthread.php?p=112033

Darkdesign007 · Nov 9, 2007

Please someone help. I see 55 views but no one responded. I know its a busy site, but any help soon would be great. Thanks

tashi · Nov 21, 2007

Hello.

Because of the amount of posts in your thread, helpers probably thought you were already being assisted. We ask for two logs only, the HJT and results of the on-line anti virus scan.

Our stickied forum topics:

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc

The Waiting Room: Post here if waiting for help longer than four days

Views on topic means little. Search engines bring many to look at threads of interest.

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

This topic has been archived.

Help Virus, Adware, Malware...please help

Darkdesign007

New member

Darkdesign007

New member

Darkdesign007

New member

tashi

Member of Team Spybot

*Help Virus, Adware, Malware...please help*

Darkdesign007

New member

Darkdesign007

New member

Darkdesign007

New member

tashi

Member of Team Spybot

Help Virus, Adware, Malware...please help